VLAN Setup

SOLVED
Shadius
Building a reputation

VLAN Setup

Hi Merakians,

 

Newbie here!

 

Not sure if I'm in the right section, if not, my apologies.

 

I am seeking help in setting up VLANs on my network.

 

I have three wireless air conditioners that I'd like to put on a VLAN. I'm not really sure where to start. I've gone into the Addressing and VLANs subsection of the Security & SD-WAN section and created a VLAN. I'm confused as to how I add those three devices to this VLAN now?

 

My network consists of an MX64 and an MR33.

 

Any help is appreciated! 

1 ACCEPTED SOLUTION
cmr
Kind of a big deal
Kind of a big deal

@ShadiusFirst create the new VLAN interface on the MX and make sure it has a DHCP server assigned to it.  To do this go to Security & SD-WAN and pick the Addressing and VLANs menu, then click on the button to change from single VLAN to VLANs, next click on add VLAN and create a second VLAN, give it a name (AC) a subnet and interface IP similar to what is shown below:

 

cmr_0-1596149464372.png

Next go to the DHCP config menu and make sure both VLANs are set to Run a DHCP server like the second one shown below:

cmr_1-1596149759379.png

 

On the Wireless / SSIDs configuration page, create a second SSID and set the security (probably WPA2-PSK for an AC unit) and in the Addressing and traffic section make sure you change it to Use VLAN tagging as below

cmr_2-1596149936798.png

It is a good idea to change the existing SSID to also use VLAN tagging but just pick the original VLAN (usually 1 unless you have changed this.  SSIDs must be in bridge mode or layer 3 roaming mode (you don't want that) to use VLAN tagging.

 

If you connect the AC units to the new SSID they will now be in a separate VLAN and separate associated subnet and you can create access rules to only allow certain traffic between the VLANs (subnets).

View solution in original post

7 REPLIES 7
ww
Kind of a big deal
Kind of a big deal

Make a trunk port to the MR.

On the mr  you create a ssid, set it to bridge mode. And tag the ssid with the airco  vlan number

Shadius
Building a reputation

@ww 

 

The SSID is set to Bridge mode.

 

Have a look at the screenshot below. 

 

Shadius_0-1596143443171.png

 

These are all listed as Native: VLAN 1 Trunk ports by default. Can I leave that how it is?

 

How do I tag the SSID with the VLAN number? If I tag the SSID with the VLAN number, won't everything that connects wirelessly go into that VLAN? I only want the three devices on the the VLAN I've created.

ww
Kind of a big deal
Kind of a big deal

Yes. So you can create  a second ssid.

Or you can create a group policy and assign that to the specific clients

cmr
Kind of a big deal
Kind of a big deal

@ShadiusFirst create the new VLAN interface on the MX and make sure it has a DHCP server assigned to it.  To do this go to Security & SD-WAN and pick the Addressing and VLANs menu, then click on the button to change from single VLAN to VLANs, next click on add VLAN and create a second VLAN, give it a name (AC) a subnet and interface IP similar to what is shown below:

 

cmr_0-1596149464372.png

Next go to the DHCP config menu and make sure both VLANs are set to Run a DHCP server like the second one shown below:

cmr_1-1596149759379.png

 

On the Wireless / SSIDs configuration page, create a second SSID and set the security (probably WPA2-PSK for an AC unit) and in the Addressing and traffic section make sure you change it to Use VLAN tagging as below

cmr_2-1596149936798.png

It is a good idea to change the existing SSID to also use VLAN tagging but just pick the original VLAN (usually 1 unless you have changed this.  SSIDs must be in bridge mode or layer 3 roaming mode (you don't want that) to use VLAN tagging.

 

If you connect the AC units to the new SSID they will now be in a separate VLAN and separate associated subnet and you can create access rules to only allow certain traffic between the VLANs (subnets).

Shadius
Building a reputation

Thank you for the detailed explanation @cmr 

 

Just to make sure I understand clearly, since I'll be creating a new SSID to include the ACs, does this mean I'll have to connect to the new SSID in order to control the ACs, instead of using the existing SSID? I use an app on my Android phone to control the ACs.

cmr
Kind of a big deal
Kind of a big deal

@Shadius As long as the app can talk to the units via IP on a different subnet then there is no need for the controller to be on the same SSID as the AC units.  Obviously when you later create firewall rules between the subnets then you must allow the controller traffic through.

Shadius
Building a reputation

Thanks @cmr 

 

I was able to follow this and instead of creating a separate SSID, I applied a group policy to the VLAN and it worked!

 

Thank you all for the assistance!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels