Home > Wireless LAN > Group Policies and Blacklisting > Blocking and Whitelisting Clients

Blocking and Whitelisting Clients

In some cases it is necessary to whitelist or block a specific client on a Cisco Meraki Network. This configuration is completed on a client by client basis and will effect the client immediately. Whitelisting and Blocking can be done on both the Cisco Meraki MX Security Appliances and the MR Access Points. At this time it is not possible to white-list or block a client on a Cisco Meraki Switch. 

Client policies are configured on a device once it is listed in the network client list, it is possible to Pre-Configure the network policy for clients that aren't listed.   

Built-in Client Policies

There are two built-in policies that can be configured for a client; whitelist and blocked. Normal is the default setting for every client subjecting the client to all of the network wide settings. If configured, group policies can also be applied to the client in the same manor as detailed below. 

Whitelist

Applies the following settings to a client:

 

Note: The device is still subject to association requirements and per-SSID bandwidth limits on MR Access Points, as well as Uplink Configuration and Security Filtering on a MX Security Appliances. 

Note: If a device is whitelisted in a network that is bound to a template, that client will be whitelisted on all other networks bound to that template. Conversely, if the client is removed from the whitelist on one bound network, it will also be removed from the whitelist on all others.

Block

Applies the following settings to a client:

  • Firewall rule applied to block all communication with other devices on the Network (Only applies to traffic that traverses the Cisco Meraki Device that has the block is configured)
  • Blocked Splash Page will be displayed when user tries to load a web page

 

Note: The device will still receive an IP address and will be able to resolve DNS names.   

Blocking or Whitelisting a Client 

There are two ways to whitelist or block a client on the Cisco Meraki Dashboard.

Note: There is a limit of 3000 clients that can be whitelisted or blocked (combined). An error will appear when attempting to whitelist or block more than 3000 clients.

Using the Clients List

Navigate to  Network-Wide > Clients, then check the boxes of the clients that you want to whitelist or block. Click on the Policy drop down above the client list, and select blocked or whitelisted. To apply the whitelist or block on a per SSID basis or only on the MX Security Appliance, select Different policies by connection and SSID. To clear the setting, remove the blocked or whitelisted policy and select normal.

 

Note: The single configuration pane to block and whitelist users on the security appliance and the SSIDs is only available when on a combined network. These settings would have to be completed on each Dashboard Network for uncombined networks. 

 

After this is completed it is possible to filter clients to determine which ones have a policy configured on them.

 

If the client has never connected to the network, or is not in the client list, it can still have a policy applied. This is done using the Add client button on the Network-wide > Monitor > Clients page. Enter a friendly name for the device, its MAC address, and then which policy you would like applied. Then click Save changes.

Using the Client Details Page

The current policy will be shown and can be updated at the client details page. Like above, to apply the whitelist or block on a per SSID basis or only on the MX, select the Different policies by connection and SSID. The options listed will allow you to configure blocked or whitelisted per SSID and on the MX Security Appliance. To clear the setting, remove the blocked or whitelist policy and apply normal. Below is where the setting would be configured with a combined network:

 

If the Dashboard network is a wireless or a appliance network (Not Combined, the client details page looks a little different. The blocked and whitelisted setting is on a per Dashboard network basis and is configured on the Client Details Page in Edit Details:

4a8cacaf-9f9a-43e6-b122-eebae0653cf3

In the Client Details configuration, the client can be blocked or whitelisted.

c506daa7-eb58-4542-b370-5205f5776f20

You must to post a comment.
Last modified
17:12, 18 Feb 2016

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community