I have an issue with my Meraki access points. I have two SSIDs, one for RnD and one for Marketing. I assigned a different vlan for each SSID. I also have wired devices on the RnD vlan. How do I prevent the users on the marketing SSID from accessing the RnD devices?
The setup I have is the MX75 connected to the ISP and to an MS120 switch. The two access points are connected to the MS120. All wired clients are connected to the switch.
Thanks.
Have you tried this?
Yes, but I do want the marketing SSID to have access to wired printers and meeting rooms smart TVs which are also wired and on the same vlan.
So allow it instead of deny. And create firewall.
https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules
I did. Below is a screenshot of the rules I have for the marketing SSID (on vlan 20 192.168.20.0/24), blocking access to vlan 30 192.168.30.0/24.
But it does not work... when a user connects to the marketing SSID, they can still ping devices on the RND vlan.
ICMP is not a 100% reliable test, have you tested access to other resources within the network?
Check it out.
Thanks.
I'll update once back in the office.
Assuming that this works, is there a way to also block ICMP?
The ICMP will be accepted even if you have specific rule blocking it.