Single SSID, multiple VLAN's with Group Policy

SOLVED
JohnT
Getting noticed

Single SSID, multiple VLAN's with Group Policy

Hi everyone, I'm trying to figure out the best way (if possible) to have a single SSID and multiple VLAN's for our point of sale systems.  We already have 3 other SSID's so I'm trying to keep the SSID count low.  We have two iPad based point of sale systems, one for Retail and one for our Restaurant.  I tried setting up a group policy that would assign a VLAN to a device with bridge mode, but it doesn't seem to be working as expected.  I'm either doing something that isn't possible, or I am misunderstanding how this should actually work.  Does anyone have any experience getting something like this to work?  Thanks all.

1 ACCEPTED SOLUTION
nscheffer
Getting noticed

Hi John,

 

Finally this is exactly the setup we have now and it works perfectly !

 

Here is what we do :

- Group policy with Guest, Group 1, Group n, etc...

- Different Vlan with DHCP server on the MX (Guest, Group 1, Group n, etc...)

- Default Vlan on Guest for the SSID and Ethernet port on the MX and MS

 

When you need to move from Guest Vlan/Group just apply another Group Policy and it switch automatically !

 

Enjoy.

 

Nicolas

 

View solution in original post

7 REPLIES 7
Network-dad
A model citizen

You can not have multiple VLAN's on a single SSID.... you could have several SSID with one VLAN each then a route statement on the firewall.....

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out The Bearded I.T. Dad onThe Bearded I.T. DadThe Bearded I.T. Dad
Network-dad
A model citizen

@JohnT  Never mind I was wrong.... here is a article from Meraki on how to do it... 

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points

 

Each MR can only transmit one VLAN per SSID but using tagging you can tag the MR's and decide what VLAN they are using .. so your Cooperate SSID can broadcast the VLAN for your POS in the dining area and your normal VLAN everywhere … (Note this is not PCI compliant and I would recommend a separate SSID for your POS system for many reasons.)

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out The Bearded I.T. Dad onThe Bearded I.T. DadThe Bearded I.T. Dad

Ahh, I think I missed the part where you can add multiple VLAN's with tags to an SSID.  That might do the trick. I'll be onsite next week to test.

@JohnT  Let me know how it works for you... I'm curious how its turns out.

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out The Bearded I.T. Dad onThe Bearded I.T. DadThe Bearded I.T. Dad

Just as described: applying group policies even including several VLANs within one SSID works as a charm. Just follow the instructions, you can even have dynamically attached Group Policies per user / endpoint if you're using RADIUS.

nscheffer
Getting noticed

Hi John,

 

Finally this is exactly the setup we have now and it works perfectly !

 

Here is what we do :

- Group policy with Guest, Group 1, Group n, etc...

- Different Vlan with DHCP server on the MX (Guest, Group 1, Group n, etc...)

- Default Vlan on Guest for the SSID and Ethernet port on the MX and MS

 

When you need to move from Guest Vlan/Group just apply another Group Policy and it switch automatically !

 

Enjoy.

 

Nicolas

 

This solution worked, thanks everyone!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels