Friday, February 10, 2017

Meraki Dashboard SSID Access Control Policies

You can configure policies on individual SSIDs by going to Wireless > Configure > SSIDs. Click Edit settings under the specific SSID.



Choose Meraki authentication under Network access > WPA2-Enterprise with and Click-through under Splash page. This will use the local Users created on the Meraki dashboard. The Authenticated Users will appear and you can click on the Users page hyperlink.


When you click on the Users hyperlink, it will redirect you to User Management portal. Click Add new user to create Meraki 802.1X user accounts. You can optionally choose Generate to auto-generate a password, email the login info to the user’s email address and set expiration time on the account.


Choose Enabled: assign group policies automatically by device type under Assign group policies by device type.


Click Add group policy for a device type. 


Choose a device type (iPhone in this example).


Choose a built in policies (blocked in this example) under Group policy.
 

Choose Block all access until sign-on is complete under Captive portal strength.


Choose Allow users to create accounts under Self-registration. Choose Limit users to one device at a time under Simultaneous logins.


Choose Block adult content under Content filtering.


Choose 5 GHz band only under Wireless options > Band selection.
 

Click Save Changes at the bottom of the screen. I've used my iPhone to test the SSID Meraki (local) authentication policy. I entered the username/password and accepted the Meraki CA certificate.



To verify go to Network-wide > Event log. Notice under Event type, the 802.1X EAP authentication was successful. 


You'll see this response page when your device category is blocked (such as a BYOD policy). You can customize the message error displayed such as Blocked by Meraki Cloud Policy. This can be configured under Network-wide > Configure > General > Default block message.



You'll see this error when adult content block policy is enforced.


I've used inSSIDer running on my PC to verify the SSID is only using the 5 GHz band. You'll notice the 2.4 GHz band is populated with wireless SSIDs (which is a common scenario) compared to the 5 GHz band.


No comments:

Post a Comment