Meraki

Community

How do I set Addressing and traffic to isolate endpoints and allow wireless printers/speakers?

Solved
AlainODeaSB
Conversationalist
‎May 20 2019 7:13 AM
‎May 20 2019 7:13 AM

How do I set Addressing and traffic to isolate endpoints and allow wireless printers/speakers?

I have laptops, wireless printers, and wireless speakers on my network.

 

I want to isolate the laptops from each other, but I want them to be able to print and set the music on the speakers.

 

This works with Addressing and traffic on all SSIDs set to Bridge mode: Make clients part of the LAN.

 

The printers and speakers are on SSID MyCompany-DevicesAddressing and traffic on this SSID is set to Bridge mode: Make clients part of the LAN.

 

The laptops are on SSID MyCompany-CorpAddressing and traffic on this SSID is set to Bridge mode: Make clients part of the LAN.

 

If I set Addressing and traffic on SSID MyCompany-Corp to NAT mode: Use Meraki DHCP, will the laptops still be able to access the printers and speakers on MyCompany-Devices?

 

How do I set Addressing and traffic to isolate endpoints and allow wireless printers/speakers?

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 20 2019 9:57 AM
‎May 20 2019 9:57 AM

I think I would use two SSIDs, one for client isolation and for for devices that are shared.  I would stick to using bridge mode.

 

You can read about client isolation here:

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Wireless_Client_Isolation

 

View solution in original post

6 Replies 6
kYutobi
Kind of a big deal
‎May 20 2019 7:31 AM
‎May 20 2019 7:31 AM

You can go to Wireless/ "Firewall and Traffic shaping" to allow the printers/speakers to communicate with network. Here is an example.

 

Capture.PNG

Enthusiast
0 Kudos
In response to kYutobi
AlainODeaSB
Conversationalist
‎May 20 2019 10:12 AM
‎May 20 2019 10:12 AM

@kYutobi thank you for the suggestion.

 

I tried a Layer 3 firewall rule with Allow Any Any Any. It didn't work. Based on conversations with support, comms from NAT clients will only work with wired devices as described here:

 

"but they may communicate with devices on the wired LAN if the SSID firewall settings permit." (emphasis mine)

0 Kudos
In response to AlainODeaSB
RubenG
Getting noticed
‎May 20 2019 10:35 AM
‎May 20 2019 10:35 AM

@AlainODeaSB

Did you edit the firewall rules on the SSID? Wireless-> Firewall & Traffic Shaping
You need to make sure they are edited on the "MyCompany-Corp" SSID.

 

Do your printers and speakers need to be on the same subnet as the clients? Such as a Chromecast Audio.

 

If you do not want your Clients talking with each other on the "MyCompany-Corp" consider the following:
https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Wireless_Client_Isolation
You would enable the SSID as Bridge Mode and enable the Layer 2 isolation.

Per the DOcument:

"Any traffic bound for an address on the same VLAN as a device in client isolation will be denied. Traffic bound for other VLANs will be forwarded and routed normally."

 

In response to RubenG
AlainODeaSB
Conversationalist
‎May 20 2019 12:46 PM
‎May 20 2019 12:46 PM

The printer and speakers do not need to be on the same subnet, they just need to be reachable directly by their private IPs.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 20 2019 9:57 AM
‎May 20 2019 9:57 AM

I think I would use two SSIDs, one for client isolation and for for devices that are shared.  I would stick to using bridge mode.

 

You can read about client isolation here:

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Wireless_Client_Isolation

 

In response to PhilipDAth
kimhenriksen
New here
‎Sep 23 2019 3:43 AM
‎Sep 23 2019 3:43 AM

Should you be using the same vlan on those SSIDs? 

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.