While each of the security features mentioned previously can be configured on a network-wide basis, there are times when certain clients should have more specific policies applied than the network-wide defaults. While it certainly is possible to use static or dedicated IPs to create unique rules to bypass or enforce additional Layer 3 firewall rules, this creates additional overhead and doesn’t bypass features such as content filtering, Layer 7 firewall rules, and Cisco AMP.

For situations like this, where specific clients or users require a different set of rules or policies than the network-wide configuration, you configure group policies and assign them to either enhance or override network-wide configurations for specific clients, users, or even entire subnets. Figure 5-5 shows several group policies, each configured to allow special network access for group members, while Figure 5-6 shows the detailed configuration for an example group policy.

Figure 5-5 Example Group Policies List in the Dashboard

Figure 5-6 Example Configuration for a Specific Group Policy

To create group policies, navigate to the Network-wide > Group Policy page on the Dashboard. If you want to assign group polices manually to a specific client device, go to the Network-wide > Clients page, select the client, and use the Policy drop-down list to apply a new policy to the client. You also can choose to automatically assign group policies to specific users through the use of either Active Directory or RADIUS integration by passing specific attributes, such as Filter-ID in the case of RADIUS, matching an associated group policy configured on the Dashboard during the logon process.

Using an integration like Active Directory or RADIUS allows administrative users, for example, to automatically be provided with increased network access based on their needs without having to manually reassign device policies or create manual exceptions. This can greatly reduce the overhead required for troubleshooting and daily administration, as users will automatically be assigned an appropriate access policy based on the information passed during user logon, regardless of the device currently in use.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

What Is the Dashboard API and How Is It Used? – Automating the Dashboard – Cisco Meraki

The Dashboard API is likely the most powerful form of automation available for the Meraki platform due to its availability of options and ease of integration with external solutions. As

Template Best Practice Considerations – Automating the Dashboard – Cisco Meraki

When working with templates, there are some general best practices to keep in mind. One of the most important general best practices is to remember that templates are designed to

OSPF – MX and MG Best Practices – Cisco Meraki

When working with an existing environment that utilizes OSPF for routing, it’s important to be aware that Meraki’s MX security appliances, at the time of writing, only support a limited