Hi,
For client VPN, my customer would like his suppliers to connect to his network, get locally authenticated and get access to a specific VLAN based only? How to do that in Meraki.
You can use Active directory based authentication and use group policy to restrict the access.
https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview
these are external suppliers that wont be part of AD.
Then use the Meraki based authentication.
then i can apply group policy on these Meraki Cloud Accounts?
Yep
Unfortunately this won't work - if you're trying to manually apply policies to the clients in question, it only lasts until they disconnect.
I would recommend that OP use AnyConnect instead, and deploy it with a profile that restricts what these contractors have access to by only telling it to route traffic destined to the VLAN in question over the tunnel, and nothing else.
Group Policies
It is possible to manually apply group policies to clients connected via client VPN. A group policy applied to a client VPN user is associated with the username and not the device. Different devices that connect to client VPN with the same username will receive the same group policy. For more help on assigning or removing group policies applied to a client, refer to the Creating and Applying Group Policies document.
It is not possible to assign group policies automatically once a user connects to client VPN.
Hi,
For L2TP I had a chat with Meraki SE and he mentioned the group policy will be tied to the VPN client virtual MAC address and not the username and virtual MAC address can change and if it changes then group policy wont get applied?