Meraki

Community

Bridging wlan to lan

Sassafras
New here
‎Jul 24 2025 11:04 PM
‎Jul 24 2025 11:04 PM

Bridging wlan to lan

I've got a network with MS120, MX68 and MR36. I have VLAN1 configured and wired computers conenct and get an IP Address and all is ok.
I created a Wireless SSID, set it to "External DHCP Server, Bridged" and added it to vLAN1

The wirelss clients get the correct IP address and can access the internet.

My problem is that the wlan clients cannot talk to the printer on the same vlan. Wired clients can see the printer.

Do I need to enable "layer 3 roaming" on the birdge mode? Or do I need to change the rule which exists under "firewall" for wireless which denies "wireless traffic to lan" ? (or is it both)

6 Replies 6
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 24 2025 11:16 PM
‎Jul 24 2025 11:16 PM

Hi @Sassafras 

 

it’s this one - “Or do I need to change the rule which exists under "firewall" for wireless which denies "wireless traffic to lan" ?”

 

change that to allow

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
In response to DarrenOC
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 24 2025 11:17 PM
‎Jul 24 2025 11:17 PM

And well done for researching this one first.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jul 24 2025 11:33 PM
‎Jul 24 2025 11:33 PM

The funniest thing about dashboard is that when you create an SSID that has the word Guest in it the default AP firewall policy says allow local lan.  And if you create an enterprise SSID it usually says deny local lan by default 😜

Bottom line is.  When configuring wlans, always have a check on the wireless firewall page 😉

0 Kudos
In response to GIdenJoe
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Jul 25 2025 2:13 AM
‎Jul 25 2025 2:13 AM

And if you notice, it's always only on the first SSID. 😉

All other SSIDs have Local LAN set to Allow. Only SSID 1 is set to Deny. 😉 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jul 25 2025 2:20 AM
‎Jul 25 2025 2:20 AM

That makes perfect sense.  I usually start out with the internal WLAN and have the guest as second.

0 Kudos
In response to rhbirkelund
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Jul 25 2025 5:51 AM
‎Jul 25 2025 5:51 AM

That's a default security measure so when folks bring up a Meraki AP for the first time they don't accidentally have an open SSID that is bridging to their internal network.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.