Meraki Community

nst1 · ‎Aug 26 2022

Hi,

I have a question about best pratices,

Currently in my network there are switch MS 225 and MR 44, i´m interesting to apply best practice in the ports where are connected only my access point.

Are there a best practices for this porpouse ???

RaphaelL · ‎Aug 26 2022

I'm not aware of any best pratices but I usually go 2 ways :

Single SSID ?

Put the port on Acces with the desired vlan. BPDU guard , STP enabled , if possible Access Policy.

Multiple SSIDs ?

Put the port on Trunk with only the desired vlans. BPDU guard , STP enabled.

PhilipDAth · ‎Aug 28 2022

I haven't tried it myself yet, but you could try "Secure Connect", where you have the switch authenticate the access point and automatically apply a configuration.

https://documentation.meraki.com/MS/Access_Control/SecureConnect

RaphaelL · ‎Aug 28 2022

We had issue with SecureConnect not being enabled on templates , but I'm 99% sure that this issue is gone. SecureConnect is a good + ! Upvoted

GIdenJoe · ‎Aug 28 2022

Classic setup:
Switchports connecting AP's: Trunk, native VLAN (AP mgmt VLAN), and allow only necessary VLAN's. BPDU guard can be enabled if you use this on all your endpoint ports which also is best practice.
Always put AP's on their own mgmt VLAN. You can choose to put your AP's on DHCP or fixed IP. If you use fixed IP then still have a small DHCP pool on the VLAN for AP's that had been factory defaulted or new added AP's.

Meraki Community

Best practices MS & MR

Best practices MS & MR