How to block access to my.meraki.com in a specific vlan ?

RobertW
Just browsing

How to block access to my.meraki.com in a specific vlan ?

Hi,

 

I would like to block access to my.meraki.com from selected local networks (vlan). How can I do this? I only see the option of locking in all local networks (Local device status page disabled).

 

Best Regards,

Robert

5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

It can either be on or off, but not selected by vlan.

 

I can't imagine why you would want it off by vlan.  I find it a usefull user feature, asking a user to go to that URL, and then tell me how they connect to the network.

If you do an nslookup on my.meraki.com, what IP address is returned?

Maybe you could define a L3 Firewall rule, which denies all traffic on port 80/443 to your AP management VLAN.
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

It returns the magic IP address of 10.128.128.126.

 

I'm not confident you can firewall out Meraki traffic. It is "special".

An ACL on the Switch maybe?

 

I haven't tested it.

 

acl.PNG

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

1. I use Meraki MR33, in bridge mode ("Make clients part of the LAN");
2. Firewall on pfsense, rules for blocking local address 192.168.3.4 (local ip Cisco Meraki MR33) and 10.128.128.126 are not working.


Why want to block - on this page of device it is possible to change basic configuration (of course I changed password), but for security, why not?
 
Best Regards,
Robert

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels