Meraki MR | DYNAMIC VLAN

Ritchie
Getting noticed

Meraki MR | DYNAMIC VLAN

Guys, did you already try to config meraki mr to have one ssid with multiple vlan assignment? 

9 REPLIES 9
GuilhermeMacedo
Getting noticed

Hi @Ritchie, we try and its awesome,

 

To setup follow next

Click on "Add VLAN". Enter the AP tag that identifies the AP (or APs) you want to set for a specific VLAN tagging. Repeat this step for each AP tag group in which want to apply a specific VLAN tagging on their clients for this specific SSID. Here, AP tags are used to further customize your per-SSID VLAN configuration. Click on "Save".

 

For more information, take a look at this kb:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points

 

hope useful.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

>Guys, did you already try to config meraki mr to have one ssid with multiple vlan assignment? 

 

Why?

 

You can use layer 3 roaming for this - but it is seldom the right solution.

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

jdsilva
Kind of a big deal

Yup. We're doing this for a specific use case and utilizing the RADIUS attribute method to get it done. I have also tested it via Group Policies in the lab and that works just fine as well if your needs allow you to do it that way. 

Actually there is an instance that specific users need to associate with different vlan.

Once he/she login to there computer using there active directory account it will retrieve an IP address specifically what VLAN they were assigned of.

So i think that would be the integration between active directory, cisco ISE and meraki mr.

 

 

CHN
Conversationalist

Hi,

I have the same setup like, WiFi Users--->MR--->ISE--->Windows Radius server

We want all wifi users to connect single SSID, based on the role configured in windows radius server wifi connected users should get role based Vlan IPs. Suppose if users comes from HR team they should get vlan 10, if usets from Sales team they should get Vlan 20. Users other than defined group will get guet Vlan 5 (having limited access).

Please help me with config from Meraki MR said, what should i need to do to achieve this task.

Thanks!
peto
Getting noticed

Hi,

I have the ISE integrated with MR and it works - VLAN change as well. I use only local users created on ISE (no AD). You can assign group-policy using ISE to wifi user as well, but if you do so then any configured Content filtering rules in group-policy won't take affect when group-policy is assign via radius to the client.

How did you do it Sir? Our current setup is using 1 SSID and have different vlans. depends on the AD configuration on NPS.

 

and here goes the ISE that we just purchased and my boss asked me to utilize the ISE and integrate meraki with ISE.

same as your example. how can i configure ISE to do this kind of setting?

my group policies in Meraki of course is already done.

 

thank you in advance

MMoss
Building a reputation

It's been awhile, but I set it up with rules under NPS and used RADIUS authentication to place it into the correct VLAN. If you'd like a more detailed description I'll have to look at my notes when I get into the office tomorrow. I had several different diagrams I had mapped out with a walled garden even. I cant recall which one I went with in the end though.

Ritchie
Getting noticed

have you tried this to cisco ISE?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels