Well meraki will still have an internet access but, your client who is connected to a certain port of your meraki switch will have no internet access but can connect to your internal system. 

You will be using group policies (via vlan) to do that. Any idea how to configure this on a meraki firewall? 

Set up firewall rules to only allow your internal systems and block everything else.

Of course this depends on your internal IP address management, but e.g. allowing RFC1918 addresses would be the easiest option. Stripping it down to only these systems that particular endpoint should be able to reach would of course be even more favourable. 😉