Meraki Access Control Policy

• To create a new rule, click the blue plus button .

• To edit an existing rule, select the rule and click the edit button in the Actions pane. (Simple edits may also be performed inline without entering edit mode.)

• To delete a rule you no longer need, select the rule and click the remove button in the Actions pane.

• To move a rule within the policy, select the rule in the access control table and click the up or down arrow at the end of the rule row to move the rule.

Rules are applied on a first-match basis, so you must ensure that rules with highly specific traffic matching criteria appear above policies that have more general criteria that would otherwise apply to the matching traffic.

The default is to add the rule to the end of the list. If you want to change a rule's location later, edit this option.

Note: The Name of the access control rule is used as the name of the rule in CDO while the Remark field is treated as the name of the rule in the Meraki dashboard. The two fields are not dependent on each other.

• Block-Drop the traffic unconditionally. The traffic is not inspected.

• Allow-Allow the traffic subject to the intrusion and other inspection settings in the policy.

Note	You can only set or modify the rule action. You cannot change the default policy action from CDO.

• Source-Click the Source tab and add or remove networks (which includes networks and continents) or ports from which the network traffic originated. The default value is "Any."

• Destination-Click the Destination tab and add or remove networks (which includes networks and continents), or ports on which the traffic arrives. The default value is "Any."

Note	The source and destination networks must be within one of the configured VLAN subnets or, if a VLAN subnet is not manually configured, the default VPN subnet. Deploying a rule that includes an invalid source or destination network will fail.