Block Wi-fi Guest through MPLS

Cyber_Owl
Here to help

Block Wi-fi Guest through MPLS

Hello, my friends!


I hope you are all well!

I've got a question from one of my customers and could not find it on Meraki MX.
We have a topology of Hub(MX-250) and Spoke(MX-64) with a few branch offices that have 2 links:

Adsl - Link 1
Mpls - Link 2

Also, the customer offers Wi-Fi connectivity to guests, the thing is, they only want to offer internet access to guests when the Adsl is Up.
When the Adsl link is down they want to deny access to the internet through the Mpls link, because it will impact the Internet Access of their data center.
I could not find an option to block this access, also, I try to create a Layer 3 Firewall rule but it is only possible to block IP Addresses, I am not able to block traffic through physical ports.
For example:

Action    Protocol     Src IP/VLAN/FQN    Port   Dest IP/VLAN/FQN Port  Interface Flow
deny      any             VLAN-Guest            any    any                          any   Link-2     Out

I was wondering if there is a workaround for this scenario or any other ideas?

Thanks in advance!

Regards,

2 Replies 2
Kamome
Building a reputation

I cannot find such feature in Dashboard too.
But, how about using API and crontab to check ADSL link periodically and shut off guest SSID when ADSL is down?

I'm using Lambda to check status and perform failover/failback between two vMXs. Why not using similar approach for WiFi?
cmr
Kind of a big deal
Kind of a big deal

@Cyber_Owl you can get support to make the MX treat WAN2 like a cellular connection.  You will then be able to set some rules to allow only certain traffic over cellular (actually WAN2).  Depending on what you use the ADSL for, this may or may not work, if only for the customer internet) then you should be in luck. 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels