LAN isolation

SOLVED
VladNik
Here to help

LAN isolation

Hi all,

I am new with Meraki and I have some doubts how to configure two SSIDs in the office. I have one SSID CORP in Bridge mode using DHCP server and I have Guest SSID in NAT mode. 

I want Guest to not be able to reach Corp network but because NAT mode doesnt support VLAN tagging I am not sure how to do the isolation.

AP is trunked to the LAN switch.

Any suggestions are welcome? 

 

BR
V

1 ACCEPTED SOLUTION
BrechtSchamp
Kind of a big deal

You can block their access to the wired network via the Wireless > Firewall & Traffic Shaping:

 

2019-08-28 15_18_08-Clipboard.png

View solution in original post

2 REPLIES 2
BrechtSchamp
Kind of a big deal

You can block their access to the wired network via the Wireless > Firewall & Traffic Shaping:

 

2019-08-28 15_18_08-Clipboard.png

MarcP
Kind of a big deal

NAT mode: Use Meraki DHCP

Clients receive IP addresses in an isolated 10.0.0.0/8 network. Clients cannot communicate with each other, but they may communicate with devices on the wired LAN if the SSID firewall settings permit.
 
 
Choose the SSID in the Firewall settings and do the following:

Block IPs and ports

Layer 2 LAN isolation          Disabled          Enabled          (bridge mode only)
 
Layer 3 firewall rules 
# Policy Protocol Destination Port Comment Actions
 DenyAnyLocal LANAnyWireless clients accessing LAN 

 

 

Argh, Brecht was faster, haha

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels