Meraki

Community

How block some users that connected to MS-120 for intenet via ACL

Solved
Kave
Getting noticed
‎May 13 2020 3:34 PM
‎May 13 2020 3:34 PM

How block some users that connected to MS-120 for intenet via ACL

Hi Everyone.

How to block some Machine that connected to MS-120 for internet via ACL or via MX

I have some Machines in VLAN and some of them need internet but another machine no need access to internet, actually the machine is an industrial switch and i don't want those machine IP  received internet.

kav noroozi
0 Kudos
1 Accepted Solution
In response to Kave
NolanHerring
Kind of a big deal
‎May 13 2020 4:44 PM
‎May 13 2020 4:44 PM

Allow your internal network (RFC1918) and then basically at the bottom of the group policy ACL, then at the bottom simply put deny ANY ANY
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

4 Replies 4
NolanHerring
Kind of a big deal
‎May 13 2020 3:39 PM
‎May 13 2020 3:39 PM

Assign a Group-Policy that blocks internet access, only to the client you want to deny access to.

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Creating_and_Applyin...
Nolan Herring | nolanwifi.com
TwitterLinkedIn
In response to NolanHerring
Kave
Getting noticed
‎May 13 2020 4:41 PM
‎May 13 2020 4:41 PM

Thank you for your quick responce.

 

that switch need to be alive for file sharing, so I can not block them, I just wanna stop receive internet by to those switches because they are connected to PLC devices so no good they connected to the internet, what policy i can apply for it?

kav noroozi
0 Kudos
In response to Kave
NolanHerring
Kind of a big deal
‎May 13 2020 4:44 PM
‎May 13 2020 4:44 PM

Allow your internal network (RFC1918) and then basically at the bottom of the group policy ACL, then at the bottom simply put deny ANY ANY
Nolan Herring | nolanwifi.com
TwitterLinkedIn
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 14 2020 1:47 AM
‎May 14 2020 1:47 AM

You should block access to the Internet at the point where your network connects to the Internet.  In a Meraki world, this would normally be done on an MX.

 

Being a PLC network, can you just leave it as a L2 network with no layer 3 configurations?  Then it can't talk to anything else which is not on the PLC network.

If you need remote access to the PLC network then using a jump host is more secure.  It has one NIC attached to the PLC VLAN, and one NIC connecting to the rest of the network.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.