guest wifi non-meraki network

gavin
Comes here often

guest wifi non-meraki network

Hello,

 

we have all cisco gear across our campus and want to look at Meraki wireless deployment. how will guess-ssid work in our case since meraki "Local LAN" network won't have subnets that are configured on our cisco gears? will we have to define all of our subnets we use across our enterprise to deny traffic to those subnets for guest ssid? is there an easier way to deal with it?

2 REPLIES 2
MerakiDave
Meraki Employee
Meraki Employee

Yes, this is fairly simple with Meraki, you would configure your Guest SSID to provide access after clicking through a splash page, then be firewalled off from the local LAN so they would only be able to egress via the Internet path and have no access to local LAN resources, and also run in NAT mode so that every guest client will get a seemingly random 10.x.x.x IP address and will also be firewalled/isolated from other guest devices (called client isolation).  Also be sure on the Firewall & Traffic Shaping page to set a per-client bandwidth limit like maybe 5Mbps per client so no single device can hog too much bandwidth.  You could also set a per-SSID bandwidth limit for the entire guest SSID, so for example if you only have 100Mbps of Internet, you could set the SSID limit at 20Mbps, so all guests combined could not take away more than 20% of your overall Internet bandwidth.  And if you'd also like to do some basic adult site content filtering, that is also supported when the Guest SSID is running in NAT mode.  This Support doc should help get you going and you can always open a support ticket if something doesn't seem to be working as expected. https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Configuring_Simple_Guest_and_Inte... and there's also a blog post that walks through the basics here https://meraki.cisco.com/blog/2013/09/secure-guest-access-in-3-steps/

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

When you configure the option to deny access to the local lan it blocks access to all RFC1918 address space.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels