How block some users that connected to MS-120 for intenet via ACL

SOLVED
Kave
Getting noticed

How block some users that connected to MS-120 for intenet via ACL

Hi Everyone.

How to block some Machine that connected to MS-120 for internet via ACL or via MX

I have some Machines in VLAN and some of them need internet but another machine no need access to internet, actually the machine is an industrial switch and i don't want those machine IP  received internet.

kav noroozi
1 ACCEPTED SOLUTION
NolanHerring
Kind of a big deal

Allow your internal network (RFC1918) and then basically at the bottom of the group policy ACL, then at the bottom simply put deny ANY ANY
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

4 REPLIES 4
NolanHerring
Kind of a big deal

Assign a Group-Policy that blocks internet access, only to the client you want to deny access to.

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Creating_and_Applyin...
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Thank you for your quick responce.

 

that switch need to be alive for file sharing, so I can not block them, I just wanna stop receive internet by to those switches because they are connected to PLC devices so no good they connected to the internet, what policy i can apply for it?

kav noroozi
NolanHerring
Kind of a big deal

Allow your internal network (RFC1918) and then basically at the bottom of the group policy ACL, then at the bottom simply put deny ANY ANY
Nolan Herring | nolanwifi.com
TwitterLinkedIn
PhilipDAth
Kind of a big deal
Kind of a big deal

You should block access to the Internet at the point where your network connects to the Internet.  In a Meraki world, this would normally be done on an MX.

 

Being a PLC network, can you just leave it as a L2 network with no layer 3 configurations?  Then it can't talk to anything else which is not on the PLC network.

If you need remote access to the PLC network then using a jump host is more secure.  It has one NIC attached to the PLC VLAN, and one NIC connecting to the rest of the network.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels