home lab ideas using a z1 and a z3

Here to help

home lab ideas using a z1 and a z3

This is more of a fun post. I'm just looking for ideas of instructive/useful things to do with a z1 and z3 at home. I want to learn the hardware capabilities better. I'm already using the z3 so far as my main wifi router coming off my cable modem bridge. I have a Verizon USB stick for failover Internet and that works. I've got a lot of wifi smart plugs, doorbell cameras, TV sticks etc, wired computers.


I turned on the default traffic shaping.


Can the z1 act as wifi booster?  One part of my house is kind of a wifi dead zone. I do have cat 6 running there.  The SSID I set up seems to cover both 2.4/5 GHz but I can't control which the device connects to.  2.4 would be better in the dead zone, but the tablet is connected to 5. I do have a Linksys WRT AC1200 on hand.


I'd like to run a separate subnet as part of my and just define static routes between them.  Maybe I'll put my smart devices on a separate subnet?


Open a 1 to 1 NAT for RDP to Windows 10 perhaps, or is that asking for trouble?  Maybe run a virtual machine webserver on that same Windows computer.


Like I said, I'm just looking for ideas to learn z1 / z3 hardware better.  Thanks!

Kind of a big deal
Kind of a big deal

I'm in a similar scenario. I have a Z1 hanging around with little to do with it.

A couple of comments (not exactly Z1 and Z3 related).
 - Definitely look at segmenting your IOT devices from the rest of your network if you haven't already. It's best security practice.You could also look at implementing Homekit/HomeAssistant to do more local communication with the IOT devices.

 - Definitely don't expose Windows RDP directly to the internet. It's a very poor security practice. If you're looking to do some home labbing with 1:1 NAT, you can setup a reverse proxy or VPN.

 - You could look at adjusting the transmit/receive power on the Z3 to try to cover the dead spot, although I think the device is more limited than a standard AP

Thanks for the comments!  


Segmenting IoT because who knows what they are doing under the hood (many devices manufactured under adversarial governments)?  Does this mean a specific subnet just for IoT?  And that means defining a VLAN in the Meraki (subnet=VLAN)?  Please excuse my network rustiness.  These are all wifi devices, so can I have more than one subnet/VLAN on wifi?  I see how I can create up to 4 SSIDs, but I read to avoid having more than 3 as a Meraki best practice.


RDP,  I am unfamiliar with reverse proxy, VPN.  I'll have to research.


I see the power is set to Auto.  I'll mess around with that, or relocate rooms.


Seems only a problem when my devices connect to 5GHz.  I can't seem to control which band they connect to.  Can I disable 5GHz?  I cannot seem to have a unique SSID for 2.4 and another for 5.  



Kind of a big deal
Kind of a big deal

The general idea for IOT is to give it just enough access for what it needs to do.

For me, that's access only to the internet and to my homeassistant instance. For some I'd prefer even no internet access but these days it's difficult for any off the shelf iot device to work without it.


There's different ways to actually implement it. Eg. You could spin up a separate SSID with a different vlan and firewall rules. Or you could connect them to the same SSID you're using now, but apply group policy to those specific clients with the applicable firewall rules. This is what I do as it's easier for me to manage


In regard of number of SSID's, no more than 3 is best practice as you will begin encountering more airtime contention but realistically for a home environment you probably won't see a difference.


You can definitely control which AP's and which SSID's broadcast 2.4 and 5ghz by editing the radio profile. However I don't think this is possible for a z1 or z3.


Edit: Looks like you can disable 2.4 or 5ghz on Z3 devices but it requires a support case. https://community.meraki.com/t5/Security-SD-WAN/Z3-WiFi-Configuration/m-p/51919

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.