cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSID with network isolation

New here

SSID with network isolation

I would like to create a 3 SSID networks using my MR52 device
The 1st as a guest network going out on one gateway IP via my Juniper firewall. Using the built in NAT from Meraki.
The 2nd will be a developer network going out on the default gateway IP via my Juniper firewall. Using the built in NAT from Meraki.
The 3rd will be our corporate LAN (direct access) in bridge mode.
Is this possible to create using just my Access Points?

2 REPLIES 2
Kind of a big deal

Re: SSID with network isolation

Yes, you should be fine to do that. Make sure you configure the wireless firewall between your NATted (Meraki DHCP) SSIDs to deny access to LAN. Meraki DHCP by default will NAT all traffic to the IP address of the Meraki AP, so your Juniper will see all that traffic as coming from the AP.

 

I'm not sure I'd configure your guest and dev with Meraki DHCP for the reason above. Also, if you ever add another Meraki AP, it impacts client experience during roaming between APs. Clients will have a full disassociation/association process as they move around. So if they're on a phone/video call, it may drop.

 

I would create separate DHCP pools for guest and dev with attendant vlans, tag the vlan on the SSID, and utilize wireless client isolation instead. It's more work up front, but leads to better client experience long term.

Highlighted
Kind of a big deal

Re: SSID with network isolation

I would create separate DHCP pools for guest and dev with attendant vlans, tag the vlan on the SSID, and utilize wireless client isolation instead. It's more work up front, but leads to better client experience long term.

 

@Nash Agreed. 👍

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.