Meraki

Community

Confine discovery to 1 AP?

RumorConsumer
Head in the Cloud
‎Apr 23 2021 1:35 PM
‎Apr 23 2021 1:35 PM

Confine discovery to 1 AP?

On my primary user VLAN, I have something like 30 APs and a bunch of wired devices. I have devices that only function locally like speakers and an Apple HomePod that should only be activated by devices in the room and, by definition, connected to the same AP as the speaker. Besides setting up a separate VLAN/SSID combo to segregate the traffic, is there an easy way to bar anybody not on that AP from discovering the Airplay services etc? Also a way to do this that I also do not yet know how to implement would be taking advantage of the fact that only certain devices use those speakers. So I could theoretically only allow certain MAC addresses or IPs to send them data, thus locking all other devices out of being able to send data. Any ideas? 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
0 Kudos
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 23 2021 2:57 PM
‎Apr 23 2021 2:57 PM

I would use a seperate VLAN, however, you can use a single SSID and group policy (assigned to specific devices) to override the VLAN the device is dropped into.

 

PhilipDAth_0-1619215016617.png

 

0 Kudos
In response to PhilipDAth
RumorConsumer
Head in the Cloud
‎Apr 23 2021 3:31 PM
‎Apr 23 2021 3:31 PM

Philip you ubiquitous card you. Thanks for the reply. I understand a new VLAN, I dont understand the rest of what you said at all. Can you say more? 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
0 Kudos
In response to RumorConsumer
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 24 2021 3:01 PM
‎Apr 24 2021 3:01 PM

The AP the switch plugged into could have 5 VLANs (often going back to an MX).  You can create one SSID.

 

You create a group policy for each VLAN you want to use, except for the default VLAN that the SSID is configured to use.

 

So if you create a group policy called VLAN5, and that is configured to drop the user into VLAN5, and then apply that to a WiFi device it will use VLAN5.  It will get an IP address from VLAN5, and only talk to other things in VLAN5.

0 Kudos
In response to PhilipDAth
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 24 2021 3:05 PM
‎Apr 24 2021 3:05 PM

VLAN tagging, per device.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying... 

 

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging#Per-Device_Type_VLAN... 

0 Kudos
In response to PhilipDAth
RumorConsumer
Head in the Cloud
‎Apr 24 2021 3:22 PM
‎Apr 24 2021 3:22 PM

OK I will try to figure this out thank you so much. And just to confirm, what I want is for these devices to have access to everything else on the VLAN like printers in other locations and such things as file servers and what not but have there be a couple devices that can only broadcast into their own access point. Does this do that?

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
0 Kudos
In response to RumorConsumer
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 24 2021 3:24 PM
‎Apr 24 2021 3:24 PM

You could need to configure the new VLAN to have that access.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.