cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Wifi Guest

Building a reputation

Wifi Guest

 

 

My network is composed of LAN and Wifi network.

I have a Wifi network for guest and I want my WiFi Guest network can not see my LAN.

 

the wifi guest is configured with:

 

Client IP assignment  NAT mode: Use Meraki DHCP

 

also with 

 

Layer 3 firewall rules from Wireless > Configure > Firewall & traffic shaping > Block IPs and port

 

# Policy  Protocol  Destination        Port  Comment      Actions

1  Deny   Any           Any                     Any   Block LAN

2  Deny   Any           10.52.222.0/23   Any   Network LAN 

 

also with 

 

Layer 7 firewall rules from Wireless > Configure > Firewall & traffic shaping > Block applications and content categories

 

# Policy     Application 

1 Deny       Remote IP range  10.52.222.0/23

 

Note: The segment 10.52.222.0/23 is mi netwok LAN.

 

Can you help  !!!!!

 

 

 

 

 

 

 

5 REPLIES 5
Highlighted
Kind of a big deal ww
Kind of a big deal

Re: Wifi Guest

so guests can still access your lan clients?

A model citizen

Re: Wifi Guest

Do you actually have clients on your guest SSID able to reach clients on your LAN right now? From the wireless firewall settings you've described I don't think guest clients should be able to see you LAN.

Kind of a big deal

Re: Wifi Guest

By you having NAT and meraki DHCP enabled the guest aren't seeing your internal LAN. Guests can't even communicate with each other by the way.
Building a reputation

Re: Wifi Guest

correct the guests should not see the LAN

But you can see it and I do not want that to happen.

I do not know if I need to configure something else ???
What can I do or change?
Ben
A model citizen

Re: Wifi Guest

Policy - Deny

Protocol - Any

Destination - Local LAN

Port - Any

Comment - Wireless Clients accessing LAN

 

With the Firewall & traffic shaping rule (which is predefined above) and Meraki DHCP enabled on your WiFi wireless guests should not be able to ping or reach the LAN network.

 

All your other rules are not necessary. 

Just to avoid confusion, wireless clients on your Guest are seen on the Network-Wide -> Clients page! But this does not mean they can see the LAN network.

 

Just put your computer on the guest and try to ping your local lan.

 

Kind Regards,

Ben

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.