Configure "Group policies" with IP blocks on MX

SOLVED
Ahmad_Qattan
Here to help

Configure "Group policies" with IP blocks on MX

Hi, i wonder if there is anyway that i can apply a group policy on MX unit (Network-wide-->Group policies) to an IP Range, or a whole subnet -if i have a layer 3 network. because what i am doing is to create a new group policy and wait for the desired clients to be shown on the (Network-wide-->Clients), then i reclassify the clients on the desired group policy. is this the only way to apply group policies, or i am missing a simpler way to do this task. thanks
1 ACCEPTED SOLUTION
WadeAlsup
A model citizen

Hi @Ahmad_Qattan

 

You can apply group policies to entire vLans under Security Appliance > Addressing & VLANs. Then use individual client policy overrides if you wanted. Or if it's an entire vLan that you're wanting to apply the policy to, just do it from there. 


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

View solution in original post

3 REPLIES 3
WadeAlsup
A model citizen

Hi @Ahmad_Qattan

 

You can apply group policies to entire vLans under Security Appliance > Addressing & VLANs. Then use individual client policy overrides if you wanted. Or if it's an entire vLan that you're wanting to apply the policy to, just do it from there. 


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

Hi, What if you have an L3 switch behind the firewall? SVI/gateway is in the L3? We couldn't figure out how to apply the GP automatically per VLAN in the MX when SVI is on the L3 switch.

Hi, as much as i understood from this article earlier, and my working on MX since i had an answer. it will not work. To have a L3 Switch with Vlan interfaces configured on, and to have the MX unit after this switch. this setting will lead you to the problem of having to configure the clients manually to the desired group you need these clients to be a member of. if you have the same scenario that i had earlier. that i had a guests vlan, and wanted to make sure that the any one connected to the Guests vlan to automatically been assigned to the Guests group. then i removed the VLAN interface from the L3 switch and passed the Guests VLAN to the MX -after i created the same VLAN on the MX Unit- and configured the VLAN interface on the MX unit. also applied DHCP from MX to this VLAN. then it was solved. so the Staff VLANs were kept on the L3 switch, and the Guests VLAN interface was moved to the MX unit rather that the L3 Switch. Kind Regards
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels