cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Segregate VLAN/SSID and open for just specific IPs/Ports

SOLVED
Highlighted
Here to help

Segregate VLAN/SSID and open for just specific IPs/Ports

Hi all,

 

we created a SSID for Voice WLAN handhelds which is tagged as VLAN 20. VLAN 20 has a /24 192.168.20.0 IP range which is created on a MX100. The MX100 serves this VLAN with DHCP as well.

APs are MR42 with MS225 Switches in between. SSID has PSK WPA2.

 

No we need to close this VLAN/WLAN down completely and just allow specific IPs/Ports to connect to the cloud based telephone system of the provider. We got a sheet from the provider what to open and allow on the firewall. 

 

Where to configure these rules and how? I find Firewall Config on the MX/Security Tab as well as on the WLAN/SSID Firewall Tab. 

What would be the best approach to close a SSID/VLAN down and just open for specific ports?

 

Best regards and thanks in advance!

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Segregate VLAN/SSID and open for just specific IPs/Ports

Best to do it on the MX where you have the VLAN created on. You can also create group policies with VLANs assigned to them with your specific IP/Ports within this as well if you want.

View solution in original post

3 REPLIES 3
Kind of a big deal

Re: Segregate VLAN/SSID and open for just specific IPs/Ports

Best to do it on the MX where you have the VLAN created on. You can also create group policies with VLANs assigned to them with your specific IP/Ports within this as well if you want.

View solution in original post

Here to help

Re: Segregate VLAN/SSID and open for just specific IPs/Ports

Thanks for the quick response!

 

So if I understand right:

Implement allowed Rules on MX Firewall for VLAN.

Source: Provider IPs and Ports. Destination Voice VLAN?

 

Set Deny Any to Destination Voice VLAN at the end to block the rest.denyalltovoice.JPG

 

Correct like this???

Kind of a big deal

Re: Segregate VLAN/SSID and open for just specific IPs/Ports

Yes, but make sure to allow the IP's/VLANS that need to access this. Make a test group policy see if it works.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.