cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Group Policy applied to Template - Allow one IP from subnet

Highlighted
Conversationalist

Group Policy applied to Template - Allow one IP from subnet

Hey all!

I was hoping to get some help to see if something i want to do is possible. I have a template that applies specific settings to 46 of my locations. I want to create a new group policy that says "Block all internal traffic EXCEPT one specific IP in each site". Do the group policy rules allow any variable when placed into templates? For example, one of my sites uses 172.21.99.0/24. Is it possible to have the group policy on the template level say "Allow access to 172.21.X.20" where X is the site subnet (99 in the example above)?

 

Thanks!

2 REPLIES 2
Highlighted
Getting noticed

Re: Group Policy applied to Template - Allow one IP from subnet

If you are in a greenfield scenario (networks and MX's  haven't actually been deployed yet) you could accomplish this using the "Unique Subnetting" option in the template which will then generate unique address ranges for each network based on the parameters you provide.   

 

The other possible option would be to use the Dashboard API interface for Networks and Group Policy which I would not recommend you do if this is your first attempt at using Dashboard APIs unless its a greenfield as well.

Highlighted
Conversationalist

Re: Group Policy applied to Template - Allow one IP from subnet

Sadly it is only the security appliances on site and they have already been deployed...Any other thoughts on how this may be possible? I would even be willing to say ANY IP of 172.21.*.20 if that makes it easier but it didn't seem like the template would take anything but a CIDR

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.