Meraki

Community

Guest WiFi deployment considerations

JanStucki
Comes here often
Friday
Friday

Guest WiFi deployment considerations

Hello,

 

We wonder how to deploy Guest WiFi for particular location.

We are undergoing some changes and we need to provide Guest WiFi.

We have Meraki Access points connected to C2960X catalyst switches (L2) and distribution switch (L3) directly connected via transit VLAN to the ISP router (over L2 switch).

What will be the best approach to deploy Guest WiFi and how to secure it, any recommendations? Do we need to buy additional hardware (e.g. MX) and install it between ISP (public IP given) and C3850?

Thank you!

0 Kudos
2 Replies 2
KarstenI
Kind of a big deal
Kind of a big deal
Friday
Friday

You have no Firewall in this setup? This would be more a home office setup where security is handled by the ISP router. I would add a firewall like an MX and terminate the Guest VLAN directly on that firewall.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
cmr
Kind of a big deal
Kind of a big deal
Friday
Friday

Adding to what @KarstenI said, create at least two VLANs on the MX, one for guests and one for employees and set the firewall rules so the guest VLAN can only talk out to the internet.

 

Alternatively set the guest SSID to use NAT mode on the APs and disable access to LAN IP addresses.  This will however mean that each AP is its own network as far as the guest is concerned so the clients don't roam as quickly.  

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.