Meraki

Community

Setting up a secure VLAN

InspectorGadget
New here
‎Jan 23 2025 2:45 PM
‎Jan 23 2025 2:45 PM

Setting up a secure VLAN

I have multiple Manufacturing facilities that I have created Vlans in. One Vlan has all the OEM's gateways on it so they can come into our network and help with programming and troubleshooting. I would like to set up either on my MS220 or on the mx68 a way to block the Vlan from the ability to reach the internet.

 

What I envision is 2 ports

Port 1 is to the VLAN and port 2 is to the Internet. Have a cable between these two ports that would allow the gateways connection to the cloud/internet and when we do not want the OEM's in the plant to disconnect the cable.

 

Is this possible, and how do I configure it?

0 Kudos
1 Reply 1
Mloraditch
Kind of a big deal
‎Jan 23 2025 3:21 PM
‎Jan 23 2025 3:21 PM

You'd setup a group policy with the appropriate firewall rules to apply to it and apply it to that VLAN on the MX. Whether you want to connect the cable directly to the MX or trunk it to your switch and put an access port there is more a physical design consideration. It only being on the MX does provide a slight bit more security as you can prevent the VLAN from existing on the switches. No matter what the vlan does have to have it's gateway be on the MX for this to work properly. It can't be a static route to a L3 switch for example.

 

Group Policy info: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.