Client Isolation for wired endpoint

MarshMadness
Here to help

Client Isolation for wired endpoint

Can client isolation be accomplished for a single wired client similar to what what is done for an SSID on our MRs?  Internet is all this system needs... It will be plugged directly into our MX84.  I don't have much access to this endpoint to do a lot of testing of theory so i am looking to the community...

 

My thoughts are:

1) Set up a dedicated /30 VLAN for this client

or

2) Set it as a fixed IP assignment on my guest VLAN (has only been for wireless until now)

then

Could i simply use a "Deny - Client fixed IP assignment - Any - 192.168.0.0/24 - Any" rule in the MX firewall?

It would need to be located near the top of the ruleset to avoid any potential "allow" conflicts.

 

The way the MR accomplishes Client Isolation is with a "Local LAN" definition, but the MX firewall rule wont allow that.

 

Thanks in advance for your consideration!

1 Reply 1
ww
Kind of a big deal
Kind of a big deal

Yes you can create  the same.

 

What  the local  lan rule does is block all trafic from/to this ranges https://www.arin.net/reference/research/statistics/address_filters/

 

 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels