With the Active Directory (AD)-based content filtering feature, the MX series use the Microsoft Light Directory Access Protocol (LDAP) to connect to a Microsoft Domain Controller (DC) and discover the user groups and users in those groups. Administrators can use this feature to set different content filtering policies for different user groups.
A typical example of AD integrated content filtering involves providing a Children's Internet Protection Act (CIPA)-compliant Internet access at a K-12 education institution. Administrators can enforce stricter content filtering rules for students, while relaxing constraints for administrators, staff, and teachers.
In this example:
- The DC is a Windows Server 2008 R2 machine.
- The domain is called mx.meraki.com.
- The server's name is dc.mx.meraki.com.
- The server's static IP address is 192.168.1.2 (on the MX LAN subnet).
Configuring Dashboard settings
- Enable AD Authentication.
- Add the domain controller to the Dashboard by choosing Configure > Active Directory.
Once you successfully connect to your Active Directory server, click on the “Refresh LDAP Groups” button. You will now be able to apply content filters. Add the groups you would like to apply content filters to by clicking on the plus sign (+) and adding the categories as shown in the following example:
- Unauthenticated users: Decide how you want to handle users who are using devices such as IPads or Android phones that are not signed into the Active Directory. For those users, you can either force them to inherit the default content filtering settings (through Configure > Content filtering), or require them to authenticate to the AD domain through a splash page. The latter option is illustrated below
On splash pages, users can enter their credentials as DOMAIN\User or User@domain.
The Active Directory integration generates activity in the Event Log. User credentials are all under the auth filter. If the credentials are broken or the server is temporarily unreachable, you will see a "Failed to connect Active Directory" event in the MX event log.