cancel
Showing results for 
Search instead for 
Did you mean: 

Create Separate Tunnel

SOLVED
Here to help

Create Separate Tunnel

Hi ALl,

 

new to networking and switching side of things.

Currently we are trialling MR42 and MS250-24p device.

 

at this point of time i have only configured the Access Point(AP) and created multiple SSID(guest, corporate etcc).

when i am on guest network i get the ip assigned by meraki so no issues there but when i hit any illegal sites our firewall comes into play. i say this because web page block comes up on the browser.

is this because its currently connected to our switch rather than meraki? what additional functionality does the Meraki switch provides?

 

is there any way to create a completely separate network/tunnel when the guest can access anything and only thing managing it is the meraki firewall rules? is VLAN my only option?

 

Thanks ANdy

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Create Separate Tunnel

Create a new VLAN and connect an Internet router with its own Internet circuit.  Bridge the guest SSID to this VLAN.

6 REPLIES 6
Kind of a big deal

Re: Create Separate Tunnel

You would want to use an MR and an MX.

 

Yes, you can create a VLAN for each SSID and bridge that SSID to the VLAN.  Then on the MX you can create a group policy for each VLAN and give each one separate firewall and content filtering rules.

 

If you have only a couple of access points you can get away with using an MX65 and don't need an extra switch.  If you have lots of access points then you will need a switch.  An MS250 might be a bit over the top.  You could use a much cheaper MS120.

Here to help

Re: Create Separate Tunnel

thanks for the quick reply but i am not sure what you mean by MR or MX.

by creating this would it bypass our network completely? even our firewall and proxy?

i did read article about that but as i am new to this that kinda went over my head.

 

if this testing goes well we will be replacing our current AP(8) with meraki.

Kind of a big deal

Re: Create Separate Tunnel

An MX is a Meraki firewall.

 

If you want to use an existing firewall, then you'll need to enable VLANs on that (if it supports it) and apply policy per VLAN.

 

So you create a VLAN on the switch.  Present that to the firewall and the access point.  Configure your access point to bridge the SSID to that VLAN.  Configure the firewall to provide DHCP and create rules to allow access to the Internet.

Here to help

Re: Create Separate Tunnel

i wish that except for our corp network the guest network to completely bypass our firewall and connect straight to internet.

how do i go abouts that.

 

Apologies if you have already answered this and i am not getting it

Highlighted
Kind of a big deal

Re: Create Separate Tunnel

Create a new VLAN and connect an Internet router with its own Internet circuit.  Bridge the guest SSID to this VLAN.

Here to help

Re: Create Separate Tunnel

Thanks Philip.

 

All good now Smiley Happy

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.