Meraki

Community

Supplier remote access

Solved
JohanPlukon
Getting noticed
‎Jun 22 2023 11:53 AM
‎Jun 22 2023 11:53 AM

Supplier remote access

As a production company we have may external suppliers who deliver machines or software to support our product processes.

Many of these suppliers will always try to bring their own router to be able to support the machine or software.
Often these machines or software also need to exchange data with internal machines or software. 

I need your opnion here. How do you handle situations like this? What kind of policy you have here. And what is the best solution in these situations? Place them behind a separate mx for each supplier? 

0 Kudos
1 Accepted Solution
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jun 22 2023 12:44 PM
‎Jun 22 2023 12:44 PM

Place them behind a single MX with each on their own VLAN would be my suggestion although how many suppliers at any one time would you have onsite? 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 22 2023 12:43 PM
‎Jun 22 2023 12:43 PM

I wouldn't allow third-party network equipment to be connected to your internal network.

 

I often put them on their own VLAN, for a VLAN separate from the internal network, and provide them with VPN access to their devices.

BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jun 22 2023 12:44 PM
‎Jun 22 2023 12:44 PM

Place them behind a single MX with each on their own VLAN would be my suggestion although how many suppliers at any one time would you have onsite? 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to BlakeRichardson
JohanPlukon
Getting noticed
‎Jun 23 2023 12:07 AM
‎Jun 23 2023 12:07 AM

It can vary, from one to ten or fifteen per location. 

Depends on the level of automation within a location. 

0 Kudos
alemabrahao
Kind of a big deal
‎Jun 22 2023 1:08 PM
‎Jun 22 2023 1:08 PM

First time I hear about a supplier installing equipment inside the infrastructure.
 
A network for consultants is usually used and policies are created on what should and should not be accessed.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
JohanPlukon
Getting noticed
‎Jun 23 2023 12:05 AM
‎Jun 23 2023 12:05 AM

Then you have the same thought as me. But it is something that has been accepted for years, but in my opnion cant be any more. 

0 Kudos
In response to JohanPlukon
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 23 2023 4:00 PM
‎Jun 23 2023 4:00 PM

I agree.  The threat landscape has evolved, and security systems and practices must evolve as a result.

0 Kudos
van604
Building a reputation
‎Jun 22 2023 1:39 PM
‎Jun 22 2023 1:39 PM

agree with everyone, set up a separate VLAN just for them and if not required, just hand out a static IP.

JohanPlukon
Getting noticed
‎Jun 23 2023 12:06 AM
‎Jun 23 2023 12:06 AM

Thank you all for your answers. This helps me. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.