How can I get devices linked to particular VLANs using a common SSID?

Ricardo_Bagnoli
Comes here often

How can I get devices linked to particular VLANs using a common SSID?

Hi There,

 

Since Meraki documentation recommend to have up to 3 SSIDs by AP, I would like to know how I can get devices linked to particular VLANs using a common SSID?

 

For example, SSID Sample1 links devices with VLAN10, VLAN20 and VLAN30 as shown below: 

  • Device10 linked to VLAN10 via SSID Sample1 and
  • Device20 linked to VLAN20 via SSID Sample1 and
  • Device30 linked to VLAN30 via SSID Sample1?

I hope that make sense.

 

Cheers!!!

6 REPLIES 6
MijanurRahman
Getting noticed

Hi, the design should be different.
One SSID can be tagged with a single vlan (ideally). MR gives you an option to tag AP to attach with different vlans. Example:

SSID Sample1, AP#1, VLAN10
SSID Sample1, AP#2, VLAN20
SSID Sample1, AP#3, VLAN30

On ideal case:
SSID Sample1, VLAN10

Hope that clears!

Hi @MijanurRahman,

 

Thank you very much for your answer.

 

Unfortunately I should not have more than 3 SSIDs on an AP. If I tag each SSID with a single VLAN I will end up having approximately 14 SSIDs.

 

The option of tagging AP with different vlans as shown in your example will force me to buy more APs since I have devices running everywhere in the building and will not be able to use current APs for multi-propose. 

 

Let me give you a bit more information.

 

I have segmented the network into several vlans with devices placed everywhere in the building. Some of these vlans require to be accessed wireless via AP. For sure, more than 3 vlans.

 

Another thing is that there are plenty of devices that are not managed in AD so I cannot use RADIUS for tagging vlans with devices. Therefore, devices managed in AD are only those used by internal staff such as PCs, laptops, etc. These devices will not be a problem since I could have a SSID tagging the Internal Staff vlan and there is no need of using RADIUS as vlans are not segmented by users but devices.

 

VLAN list:  

 

  1. Internal staff
  2. Voice / Telephony
  3. Video / Internal staff - TV video streaming and Video Conferencing
  4. Printers
  5. IoT 1 - specific devices for the businesses (many devices)
  6. Servers
  7. IoT 2 - specific devices for the businesses (many devices)
  8. Video / customers - TV video streaming
  9. Customers - General poporse
  10. Mobility - Dedicated to internal staff wireless devices (Work-Related)
  11. IoT 3 - specific devices for the businesses (many devices)
  12. IoT 4 - Building Systems - specific devices for the businesses (many devices)
  13. Security cameras

I hope this make sense and you can help me finding a way for better designing my WLAN.

 

 

Cheers!!!

ww
Kind of a big deal
Kind of a big deal

When using 1 SSID look into this: "Per-User VLAN Tagging"

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging

 

PhilipDAth
Kind of a big deal
Kind of a big deal

I agree with @ww that using RADIUS based VLAN tagging is the most common.  I have never done it myself, but you can also attach a group policy to individual machines to override the VLAN they drop into - which you might want to consider if you are not using a RADIUS server.

 

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Poli...

Hi @ww,

 

Thanks for your answer.

 

It looks like the solution for sharing a common SSIDs will be using Group Policy / Per-Device Type VLAN Tagging as explained in the link you passed.

 

The disadvantage to that will be that I will have to link manually each device to the GP.

 

Cheers!!!

@Ricardo_Bagnoli The easy way around manually setting group policies is to let a RADIUS server do it for you based on group membership (Active Directory usually). This way the Meraki group policies are auto assigned which then allows you to do the VLAN grouping as you desire along with any other restrictions you want placed on the devices. 

MRCUR | CMNO #12
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels