Forcing VLANs

Andy-Lee
Here to help

Forcing VLANs

Hi

 

We're moving to a full Meraki LAN and have designed our IP schema. Pretty easy with /21 subnets for workstations/printers/VoIP/servers/out of band/etc.

 

Question is, how do we stop a workstation functioning when plugged into a sever/printer/VoIP switchport for example?

 

Any tips greatly appreciated,

 

Cheers

 

Andy

2 REPLIES 2
BrechtSchamp
Kind of a big deal

That's what 802.1X was designed for. Each time a device connects to a .1X enabled port the switch will check whether that device is allowed to connect to that port. You can even have a phone plugged in to a switch and a computer plugged in to the phone. Data vlan and voice vlan can be configured separately.

 

More info here:

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

 

You could also do it with MAC whitelisting but that's going to be a hell to configure and maintain:

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Switch_Ports

Nice, thanks. Will have a read into 802.1x. MAC whitelisting/sticky MACs/anything like this is definitely a none starter given the number of devices we have

 

Thanks

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels