Skip to main content

 

Cisco Meraki Documentation

Managing Access for Organization 802.1X Users

  1. Last updated
  2. Save as PDF

You can manage network access for certain access types on the Organization > Monitor > Users page. Use the users list for bulk changes, and the Users detail page for individual access updates. This page also supports access management for other product

Access Manager 

To manage access based on user attributes and configured rule sets, integrate with Access Manager.

Access Types 

Organization Users can be authorized for access to network zones. Currently, administrators can manage the following types of access:

For 802.1X Users

  • Switch Access Policies

  • Enterprise Splash with Meraki Auth

  • Enterprise Meraki Auth

For Guest Users, see additional documentation.

  • Splash with MerakiAuth

  • Client VPN (Meraki-hosted users only)

Configuring 802.1X User Access

Currently, administrators can manage the following types of access for 802.1X user accounts:

Account Type

Zone

Configuration

Authentication Type

802.1X

Wireless SSID

Enterprise

Meraki Cloud Radius

802.1X

Switch Access Policy

Enterprise

Meraki Cloud Radius

To manage access for Guest accounts, see additional documentation.

Wireless 802.1X Access via Meraki Cloud Radius

Grant access (bulk) 

To authorize access for multiple users: 

1. Navigate to Organization > Monitor > Users, and select the target users. 

2. Click Edit Access on the action menu 

3. Select Wireless 802.1X 

clipboard_ed7f9d96ce55337c3014f11356fa37118.png

4. In the Edit Access drawer, select the target networks and SSIDs from the dropdowns of available access zones.  

5. Set a duration for the access 

  • “Does not expire” gives access with an indefinite end date 
  • “Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date) 
  • “Do not authorize” will remove existing access for the given network and SSID 

clipboard_e7cb6201ec44f1fb2f0bf43b81a53d8b0.png

This action will fail if the target users do not have an 802.1X account. You can create a 802.1x account using one of the following methods:

  • From the user list page, click the Add User button from the action bar and select 802.1X from the dropdown menu
    clipboard_e8fe73a5c0b39662615702616573c0c3d.png
     
  • Click the Add user for 802.1X access button on the user's details page for an individual target user
    clipboard_ed6e9eaff57b18d35a7d79a2444545b12.png
Grant access (single user) 

To authorize access for a single user: 

1. Navigate to Organization > Monitor > Users, and click the target user. 

2. On the user details page, navigate to the Access section. 

3. Click the Add dropdown and select Wireless 802.1X access
 clipboard_e2c7adf00797caaa37f25de1a50775eeb.png

4. In the Add Access drawer, select the networks and SSIDs where Wireless 802.1X access should be granted. 

5. Set a duration for the access 

  • “Does not expire” gives access with an indefinite end date 
  • “Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date) 
  • “Do not authorize” will remove existing access for the given network and SSID 

clipboard_e55b25352266fea4ed304a8e786771cfe.png

Edit access time period (single user) 

To edit the expiration criteria for Splash access for a single user: 

1. Navigate to Organization > Monitor > Users, and click the target user. 

2. On the user details page, navigate to the Access section.  

3. Select the currently assigned Wireless 802.1x access types from the list 

4. Click the Edit dropdown and select Change access time period 

5. Set a duration for the access 

  • “Does not expire” gives access with an indefinite end date 
  • “Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date) 
  • “Do not authorize” will remove existing access for the given network and SSID 

clipboard_edd37fb4035d33301e18d3177d3c417ab.png

Revoke access (single user) 

To revoke 802.1x access for a single user: 

1. Navigate to the Organization > Monitor > Users page and click the target user. 

2. On the user details page, navigate to the Manage Access section 

3. Select the target authorizations in the list to remove by enabling the checkmark next to each option. 

3. Click Revoke Access. 

clipboard_e22407d74bd36c2105b6aef9928b9eef6.png

Users with Switch Access Policies 

This configuration supports access for Client VPN over L2TP.  

Grant access (bulk) 

To authorize access for a multiple users: 

1. Navigate to Organization > Monitor > Users and select the target users. 

2. Click Edit Access on the action menu 

3. Select Switch Access 

4. In the Edit Access drawer, select the target networks from the available access zones.  

5. Set a duration for the access 

  • “Does not expire” gives access with an indefinite end date 
  • “Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date) 
  • “Do not authorize” will remove existing access for the given network
Grant access (single user) 

To authorize access for a single user: 

1. Navigate to Organization > Monitor > Users and click the target user. 

2. On the user details page, navigate to the Access section. 

3. Click Add and select Switch Access. 

4. In the Switch Authorization drawer, select the target zones where the user should be authorized.  

5. Set a duration for the access 

  • “Does not expire” gives access with an indefinite end date 
  • “Limited” grants access for a defined number of days (Duration) or until an exact calendar date (Expiration Date) 
  • “Do not authorize” will remove existing access for the given network
Edit access (bulk) 

To edit the network scope or the access period for Client VPN access for multiple users: 

1. Navigate to the Organization > Monitor > Users page. 

2. Select the target users from the list by checking the box next to each user with access you want to edit. 

3. Click Edit Access and select 802.1X to make changes. 

4. In the Edit Switch Access drawer, change the networks or access period, and click Save

Edit access time (single user) 

To edit the expiration criteria for 802.1X access for a single user: 

1. Navigate to the Organization > Monitor > Users page and click the target user. 

2. Select the desired authorizations from the list by checking the box next to each option you want to edit. 

3. Click Edit to make changes and select Change access time period

4. In the Change access time period popup, change the authorization access period, and click Save

Revoke access (single user)

To revoke Switch access for a single user: 

1. Navigate to Organization > Monitor > Users and click the target user. 

2. On the user details page, navigate to the Access section, and select the target authorizations in the list to remove by enabling the checkmark next to each option. 

3. Select the target authorizations in the list to remove by enabling the checkmark next to each option. 

4. Click Revoke Access. 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.