Walled Garden / contained network

Zip_Disquette
New here

Walled Garden / contained network

Hi,

 

We have cisco Meraki MS350 switches with MR33 access points. I'd like a design in which guests can access a guest wifi which will restrict communication with other devices contained within the guest network along with a few streaming devices such as apple TV, chromecast etc. I'd also like our coporate network to communicate with these streaming devices only and no other clients on the guest network without the need for our staff to switch over to the guest wifi.

 

Not familair with garden wall but is it possible to setup so until guests authenticate against our radius server they would just have access to these streaming devices and other machines within this temporary network.

 

If there's a better solution I'd like to hear your input, any assistance would be much appreciated

1 REPLY 1
Sirhchall
Comes here often

Hi,

 

So we have a separate SSID for our casting devices which are accessible from the corp network, but the same principal could work for you.

 

This SSID is set to Bridge mode with Layer 2 isolation disabled and set to allow all traffic for wireless clients accessing LAN. Our Corp SSID is also in bridge mode.

 

You could possibly give each streaming device a static IP and set a Layer 3 firewall rule on the guest network to allow communication to the destinations you require (IPs of each streaming device) and block all communication with anything else on your network. and a rule on the corp network to also allow communication with the IPs of the devices on the guest network but block everything else - Not sure how this would look.

Im not sure of the limitations of the walled garden but you could try allowing the IPs of the streaming devices? or have them in their own VLAN and allow connection to that IP range. not sure how well it would work as Ive never tried it.

 

Cheers

Chris

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels