Home > Security Appliances > Deployment Guides > Content Filtering with Active Directory

Content Filtering with Active Directory

With the Active Directory (AD)-based content filtering feature, the MX series use the Microsoft Light Directory Access Protocol (LDAP) to connect to a Microsoft Domain Controller (DC) and discover the user groups and users in those groups. Administrators can use this feature to set different content filtering policies for different user groups.


A typical example of AD integrated content filtering involves providing a Children's Internet Protection Act (CIPA)-compliant Internet access at a K-12 education institution. Administrators can enforce stricter content filtering rules for students, while relaxing constraints for administrators, staff, and teachers.

In this example:

  • The DC is a Windows Server 2008 R2 machine.
  • The domain is called mx.meraki.com.
  • The server's name is dc.mx.meraki.com.
  • The server's static IP address is (on the MX LAN subnet).

Please refer to our documentation for detailed instructions on how set up your Microsoft domain controller

Configuring Dashboard settings

  1. Enable AD Authentication.
  2. Add the domain controller to the Dashboard by choosing Configure > Active Directory

  3. Once you successfully connect to your Active Directory server, click on the “Refresh LDAP Groups” button. You will now be able to apply content filters. Add the groups you would like to apply content filters to by clicking on the plus sign (+) and adding the categories as shown in the following example:


    In case a user is a member of two or more groups, the list is searched in order, from top down, until there is a match.


  4. Unauthenticated users: Decide how you want to handle users who are using devices such as IPads or Android phones that are not signed into the Active Directory. For those users, you can either force them to inherit the default content filtering settings (through Configure > Content filtering), or require them to authenticate to the AD domain through a splash page. The latter option is illustrated below


On splash pages, users can enter their credentials as DOMAIN\User or User@domain.


The Active Directory integration generates activity in the Event Log. User credentials are all under the auth filter. If the credentials are broken or the server is temporarily unreachable, you will see a "Failed to connect Active Directory" event in the MX event log.

You must to post a comment.
Last modified
16:51, 25 Aug 2015


This page has no custom tags.


This page has no classifications.

Article ID

ID: 4177

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case