From the Z1 dashboard is there some way to Isolate a client from connecting to any LAN side device

SOLVED
bxdobs
Here to help

From the Z1 dashboard is there some way to Isolate a client from connecting to any LAN side device

Z1 set with 192.168.210.0/24 for the LAN and 192.168.209.0/24 for the VPN

 

All Permanent clients have been assigned Static IPs to allow remote port forwarding and remote support.

 

Trying to isolate one PC on the INTRANET (LAN CLIENT) from seeing or interacting with any of the other Devices inside the 192.168.209-210 INTRANET 

 

Currently using an AC1200 WiFi Router (Model R6120) with a static IP on the WAN (192.168.210.65) ... the PC plugged into the Netgear LAN basically has its own domain of 192.168.1.0-254 ... BUT ... it can still connect to any of the upstream IP's in the 209-210 network ... is there some way to restrict this IP access to the 209-210 network?

 

I tried to put the AC1200 in front of the Z1 and use the AC1200's DMZ feature but the Z1 features specifically the VPN failed to work in this configuration ... AC1200 by default, has VPN pass-thru enabled ... the Z1 VPN failed with DMZ on AND off.

 

1 ACCEPTED SOLUTION
bxdobs
Here to help

Thanks I will reboot all network devices when I go to site next week and see if that resolves the issue

 

View solution in original post

4 REPLIES 4
ww
Kind of a big deal
Kind of a big deal
bxdobs
Here to help

ok so I have applied a group policy with Layer 3 of deny 192.0.0.0/8 and Layer 7 deny p2p ... YET ... I can still ping any of the 192.168.210.0 or 192.168.209.0 devices ... am I doing something wrong or am I misunderstanding the guest example given by: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

ww
Kind of a big deal
Kind of a big deal

Could be that you have to reconnect the client to the network before it works.

bxdobs
Here to help

Thanks I will reboot all network devices when I go to site next week and see if that resolves the issue

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.