- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Setting up a secure VLAN
I have multiple Manufacturing facilities that I have created Vlans in. One Vlan has all the OEM's gateways on it so they can come into our network and help with programming and troubleshooting. I would like to set up either on my MS220 or on the mx68 a way to block the Vlan from the ability to reach the internet.
What I envision is 2 ports
Port 1 is to the VLAN and port 2 is to the Internet. Have a cable between these two ports that would allow the gateways connection to the cloud/internet and when we do not want the OEM's in the plant to disconnect the cable.
Is this possible, and how do I configure it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You'd setup a group policy with the appropriate firewall rules to apply to it and apply it to that VLAN on the MX. Whether you want to connect the cable directly to the MX or trunk it to your switch and put an access port there is more a physical design consideration. It only being on the MX does provide a slight bit more security as you can prevent the VLAN from existing on the switches. No matter what the vlan does have to have it's gateway be on the MX for this to work properly. It can't be a static route to a L3 switch for example.
Group Policy info: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...
