What is the best practice for assigning group policies?

JMG
Just browsing

What is the best practice for assigning group policies?

Hi,

 

I am setting up a staff, guest and executive wi-fi network all on different VLAN's.

I'm interested to know if group policies are best assigned at SSID level (wi-fi bandwidth limit), the addressing and VLAN's section within security appliance, or in network-wide?

 

Many thanks in advance,

 

Jake

3 Replies 3
MRCUR
Kind of a big deal

This KB article provides a good overview of the limitations of group policies based on product and how you can apply them: https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Po...

 

Generally it comes down to what you want to do with the policies. If you're only assigning a VLAN through the policy that matters for WiFi users, you could apply them via MR SSID's and leave wired users going through the MX unaffected. 

MRCUR | CMNO #12
Adam
Kind of a big deal

If you just want to limit per client or per SSID bandwidth you can do that on the SSID without a policy.  Policies would be for more customized things like different content filters etc...  Or possibly bandwidth restrictions for a specific client. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
PhilipDAth
Kind of a big deal
Kind of a big deal

I'm with @Adam.  If you just want to limit WiFi client speed then don't bother using group policies - do it on the SSID.

 

When I do use group policies I tend to apply them on the VLAN on the MX.  This is because the MX can apply many more types of restrictions.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.