Meraki

Community

Guest Network over VPN

Solved
double_virgule
Getting noticed
‎Sep 20 2024 7:47 AM
‎Sep 20 2024 7:47 AM

Guest Network over VPN

We are currently sending our guest wifi traffic over Cisco Umbrella. This accounts for a huge swath of our overall traffic, as our locations are in shopping malls and other retail centers, so people will connect and use the guest wifi when nearby. We are implementing a splash page and lowering the DHCP lease time for the guest wifi, but I still foresee this being a problem. 

 

Has anyone had any issues with sending only specific VLANs over Cisco Umbrella and dumping the rest directly to the internet? I understand we'd lose the additional security and visibility of Umbrella for this network, but it's already a bunch of noise we can't do much about. We're looking at blacklisting any malware or otherwise compromised devices from our guest wifi, but that's going to take time to develop.

0 Kudos
1 Accepted Solution
ChristopherR
Conversationalist
‎Sep 20 2024 2:47 PM
‎Sep 20 2024 2:47 PM

I'm curious, how are you currently sending the traffic to Umbrella? I assume this is just DNS traffic? With this (https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_...) integration, you can selectively send traffic from specific SSIDs and have different policies (security, content, logging) for each SSID while still retaining visibility into the SSID/internal IP of each request.

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 20 2024 2:11 PM
‎Sep 20 2024 2:11 PM

Have you considered only using Umbrella DNS filtering so all traffic is sent out locally (a compromise)?

In response to PhilipDAth
double_virgule
Getting noticed
‎Sep 23 2024 7:59 AM
‎Sep 23 2024 7:59 AM

We did, but for our use case some of the traffic needs to be local and some of it needs to be full Umbrella VPN.
0 Kudos
ChristopherR
Conversationalist
‎Sep 20 2024 2:47 PM
‎Sep 20 2024 2:47 PM

I'm curious, how are you currently sending the traffic to Umbrella? I assume this is just DNS traffic? With this (https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_...) integration, you can selectively send traffic from specific SSIDs and have different policies (security, content, logging) for each SSID while still retaining visibility into the SSID/internal IP of each request.

In response to ChristopherR
double_virgule
Getting noticed
‎Sep 23 2024 8:00 AM
‎Sep 23 2024 8:00 AM

Yeah, we discussed with our Cisco contact and they said it's fine to only send some and not all. So we'll probably ship out only the pertinent stuff and leave the rest with local rules. Thanks!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.