cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How block some users that connected to MS-120 for intenet via ACL

SOLVED
Highlighted
Getting noticed

How block some users that connected to MS-120 for intenet via ACL

Hi Everyone.

How to block some Machine that connected to MS-120 for internet via ACL or via MX

I have some Machines in VLAN and some of them need internet but another machine no need access to internet, actually the machine is an industrial switch and i don't want those machine IP  received internet.

kav noroozi
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: How block some users that connected to MS-120 for intenet via ACL

Allow your internal network (RFC1918) and then basically at the bottom of the group policy ACL, then at the bottom simply put deny ANY ANY
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

4 REPLIES 4
Highlighted
Kind of a big deal

Re: How block some users that connected to MS-120 for intenet via ACL

Assign a Group-Policy that blocks internet access, only to the client you want to deny access to.

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Creating_and_Applyin...
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Getting noticed

Re: How block some users that connected to MS-120 for intenet via ACL

Thank you for your quick responce.

 

that switch need to be alive for file sharing, so I can not block them, I just wanna stop receive internet by to those switches because they are connected to PLC devices so no good they connected to the internet, what policy i can apply for it?

kav noroozi
Highlighted
Kind of a big deal

Re: How block some users that connected to MS-120 for intenet via ACL

Allow your internal network (RFC1918) and then basically at the bottom of the group policy ACL, then at the bottom simply put deny ANY ANY
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

Highlighted
Kind of a big deal

Re: How block some users that connected to MS-120 for intenet via ACL

You should block access to the Internet at the point where your network connects to the Internet.  In a Meraki world, this would normally be done on an MX.

 

Being a PLC network, can you just leave it as a L2 network with no layer 3 configurations?  Then it can't talk to anything else which is not on the PLC network.

If you need remote access to the PLC network then using a jump host is more secure.  It has one NIC attached to the PLC VLAN, and one NIC connecting to the rest of the network.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.