Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Guest Network over VPN

Solved
double_virgule
Here to help
a week ago
a week ago

Guest Network over VPN

We are currently sending our guest wifi traffic over Cisco Umbrella. This accounts for a huge swath of our overall traffic, as our locations are in shopping malls and other retail centers, so people will connect and use the guest wifi when nearby. We are implementing a splash page and lowering the DHCP lease time for the guest wifi, but I still foresee this being a problem. 

 

Has anyone had any issues with sending only specific VLANs over Cisco Umbrella and dumping the rest directly to the internet? I understand we'd lose the additional security and visibility of Umbrella for this network, but it's already a bunch of noise we can't do much about. We're looking at blacklisting any malware or otherwise compromised devices from our guest wifi, but that's going to take time to develop.

0 Kudos
Subscribe
1 Accepted Solution
ChristopherR
Conversationalist
a week ago
a week ago

I'm curious, how are you currently sending the traffic to Umbrella? I assume this is just DNS traffic? With this (https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_...) integration, you can selectively send traffic from specific SSIDs and have different policies (security, content, logging) for each SSID while still retaining visibility into the SSID/internal IP of each request.

View solution in original post

Subscribe
4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Have you considered only using Umbrella DNS filtering so all traffic is sent out locally (a compromise)?

Subscribe
In response to PhilipDAth
double_virgule
Here to help
Monday
Monday

We did, but for our use case some of the traffic needs to be local and some of it needs to be full Umbrella VPN.
0 Kudos
Subscribe
ChristopherR
Conversationalist
a week ago
a week ago

I'm curious, how are you currently sending the traffic to Umbrella? I assume this is just DNS traffic? With this (https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_...) integration, you can selectively send traffic from specific SSIDs and have different policies (security, content, logging) for each SSID while still retaining visibility into the SSID/internal IP of each request.

Subscribe
In response to ChristopherR
double_virgule
Here to help
Monday
Monday

Yeah, we discussed with our Cisco contact and they said it's fine to only send some and not all. So we'll probably ship out only the pertinent stuff and leave the rest with local rules. Thanks!

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.