I have a customer who is currently using an Aironet wireless solution. Each WAP carries two SSIDs, a public and a private. We push the public over a vlan that's tied to an DMZ interface on their firewall to separate it from the private/Internal network.
I'm suggesting they switch to Meraki for their wireless and want to make sure I understand how I will segregate those public and private SSIDs. Can the Merakis do the same thing where the WAP connects to the switch infrastructure via a trunk link that carries separate vlans for public and private?
Or, with Meraki wireless is there a better way of doing this?
If you make 2 SSID's you can make one: Bridge mode: Make clients part of the LAN. You can use a trunk port for carrying your VLANs and then you can make the "Public" part use Meraki DHCP where no clients can communicate.
This is very much possible with Meraki.
However you may also consider the approach suggested by @kYutobi.
This link should help you with setup.
I particularly like the solution of using Meraki DHCP as that is what I do here. Its easy and offers plentiful addresses and easy way of throttling the clients if necessary.
There are two ways you can do with Meraki
1. 2 SSID with 2 Vlan (1 Vlan for Public, 1 Vlan for Private).
2. Meraki also have Nat mode for SSID, If you use Nat mode the client traffic only go to the gateway and can't connect back to local.