Create Separate Tunnel

Solved
Andy_NAG
Here to help

Create Separate Tunnel

Hi ALl,

 

new to networking and switching side of things.

Currently we are trialling MR42 and MS250-24p device.

 

at this point of time i have only configured the Access Point(AP) and created multiple SSID(guest, corporate etcc).

when i am on guest network i get the ip assigned by meraki so no issues there but when i hit any illegal sites our firewall comes into play. i say this because web page block comes up on the browser.

is this because its currently connected to our switch rather than meraki? what additional functionality does the Meraki switch provides?

 

is there any way to create a completely separate network/tunnel when the guest can access anything and only thing managing it is the meraki firewall rules? is VLAN my only option?

 

Thanks ANdy

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Create a new VLAN and connect an Internet router with its own Internet circuit.  Bridge the guest SSID to this VLAN.

View solution in original post

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal

You would want to use an MR and an MX.

 

Yes, you can create a VLAN for each SSID and bridge that SSID to the VLAN.  Then on the MX you can create a group policy for each VLAN and give each one separate firewall and content filtering rules.

 

If you have only a couple of access points you can get away with using an MX65 and don't need an extra switch.  If you have lots of access points then you will need a switch.  An MS250 might be a bit over the top.  You could use a much cheaper MS120.

Andy_NAG
Here to help

thanks for the quick reply but i am not sure what you mean by MR or MX.

by creating this would it bypass our network completely? even our firewall and proxy?

i did read article about that but as i am new to this that kinda went over my head.

 

if this testing goes well we will be replacing our current AP(8) with meraki.

PhilipDAth
Kind of a big deal
Kind of a big deal

An MX is a Meraki firewall.

 

If you want to use an existing firewall, then you'll need to enable VLANs on that (if it supports it) and apply policy per VLAN.

 

So you create a VLAN on the switch.  Present that to the firewall and the access point.  Configure your access point to bridge the SSID to that VLAN.  Configure the firewall to provide DHCP and create rules to allow access to the Internet.

Andy_NAG
Here to help

i wish that except for our corp network the guest network to completely bypass our firewall and connect straight to internet.

how do i go abouts that.

 

Apologies if you have already answered this and i am not getting it

PhilipDAth
Kind of a big deal
Kind of a big deal

Create a new VLAN and connect an Internet router with its own Internet circuit.  Bridge the guest SSID to this VLAN.

Andy_NAG
Here to help

Thanks Philip.

 

All good now 🙂

Get notified when there are additional replies to this discussion.