Traffic isolation

Solved
VladNik
Here to help

Traffic isolation

Hi all,

I am scratching my head how to isolate the traffic for management and data plane.

Scenario is following: 

- I have local management system which I need to use. It is on the local lan

- I have two SSIDs, Corp and Guest

 

Question is for do I change the gateways so that my mgmt traffic goes other way then the rest of the traffic. If I change the default gateway on AP it will send all traffic that way. 

I want different gateways for management and different for WiFi users.

 

Any advice ?

 

BR
V

1 Accepted Solution
jdsilva
Kind of a big deal
9 Replies 9
NolanHerring
Kind of a big deal

Unless my coffee isn't kicking in yet, you want to use VLANs.

Do you have them already set up on the LAN side? If so, on the SSID Access-Control page you want to configure the option to drop the traffic off onto the VLAN you want. Make sure the AP is connected to a trunk port.

Are you using Meraki switches as well?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
VladNik
Here to help

Sorry I didnt explain that fully.

Yes I do have AP connected to the L2 switch and yes it will be a trunk. I want to have mgmt vlan and LAN vlan.

Mgmt vlan needs different gateway then LAN vlan.

Switch will be Meraki and Cisco depending from the size of the branch.

ww
Kind of a big deal
Kind of a big deal

your ip and gateway of the AP is for the ap management. but also for your ssid in nat mode. 

 

if you configure your ssids for bridge mode you can set the vlan you want the ssid traffic in. 

make sure your switches allow these vlans on the trunks to your layer3  device that is the gateway for these vlans

NolanHerring
Kind of a big deal

If you want the AP to grab an IP on the management VLAN, on the trunk port, set the native VLAN to that management VLAN ID. On the SSID, don't tag it and it will drop clients onto that native VLAN. The other SSID you'll want to set to bridge-mode and tag.

Or if you have the AP on a 3rd separate vlan, use that as the native and set the corp SSID to the VLAN you want.

Let me know if that works
Nolan Herring | nolanwifi.com
TwitterLinkedIn
jdsilva
Kind of a big deal

VladNik
Here to help

This is exactly what would solve my problem. Separating the data from mgmt traffic. I will give it a try.

 

AMI - traffic flow.png

NolanHerring
Kind of a big deal


@jdsilva wrote:

Perhaps this new feature will help you with your ask?

 

https://documentation.meraki.com/MR/Other_Topics/Alternate_Management_Interface_on_MR_Devices

 

 


Good catch !

 

I always forget about that feature

Nolan Herring | nolanwifi.com
TwitterLinkedIn
jdsilva
Kind of a big deal


@NolanHerring wrote:


Good catch !

 

I always forget about that feature


Yeh I haven't actually tried this out myself yet so it's not really on my radar, but for whatever reason I thought of it when I saw this question. Definitely interested to hear how you make out with this @VladNik .

VladNik
Here to help

This feature works only on APs unfortunately :(. On MSs is still work in progress.  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels