Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

gtk per vlan for same ssid

Solved
QuestionMan
New here
‎May 11 2023 3:57 AM
‎May 11 2023 3:57 AM

gtk per vlan for same ssid

I want to know if you support setting up at GTK pr VLAN for users that are on the same SSID but gets assigned to different VLANS.

 

The goal is for broadcast and multicast to be limited per vlan instead of pr ssid. Aruba Instant On does not have this feature, maybe Meraki is better?

 

Cambium Networks has it:

 
 
 
 
 
 

image.png

 

 

Does Meraki have a similar feature? I was unable to find it by searching online.

 

Regards,
Maybe future Meraki user

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to QuestionMan
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 11 2023 6:33 AM
‎May 11 2023 6:33 AM

Yes, It's support, but there is no any feature or configuration about GTK.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
Subscribe
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 11 2023 4:30 AM
‎May 11 2023 4:30 AM

Mreaki does not support GTK.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
QuestionMan
New here
‎May 11 2023 6:31 AM
‎May 11 2023 6:31 AM

I find that hard to believe. So Meraki wireless devices do not support sending any kind of broadcast or multicast messages?

0 Kudos
Subscribe
In response to QuestionMan
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 11 2023 6:33 AM
‎May 11 2023 6:33 AM

Yes, It's support, but there is no any feature or configuration about GTK.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to QuestionMan
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 11 2023 6:38 AM
‎May 11 2023 6:38 AM

 

https://documentation.meraki.com/General_Administration/Other_Topics/Multicast_support

 

https://documentation.meraki.com/MR/Other_Topics/Multicast-Unicast_Conversion

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
GreenMan
Meraki Employee
Meraki Employee
‎May 11 2023 7:30 AM
‎May 11 2023 7:30 AM

I think it would be useful to understand the use case here, but maybe check this out - this maybe addresses the need...?   https://documentation.meraki.com/MR/Encryption_and_Authentication/Wi-Fi_Personal_Network_(WPN)   It's definitely not the same technically - but might address the need?  Anyway - would be good to understand what the customer is trying to achieve / avoid..?

0 Kudos
Subscribe
In response to GreenMan
QuestionMan2
New here
‎Jun 26 2023 8:10 AM
‎Jun 26 2023 8:10 AM

Forgot my password for my account/the password I saved no longer works. I don't have access to the e-mail I used to sign up since you must agree to unsolicited marketing (which I'm not too fond of) to post questions on this form (which is a very odd requirements), but that aside here is the scenario:

 

It is a dorm.

We have multiple kitchens shared between several students. Every student has their own network in their room on their own VLAN for legal reasons. Every student has a RADIUS login where devices get assigned to their VLAN id. The individual logins are created/deleted as they move in/out. Every kitchen has its own VLAN.

We have a common wifi that lets students connect to their own network via their RADIUS login. The idea was to another WPA2-Enterpise SSID for the kitchens. Once a student login there, the RADIUS server will assign the user to the VLAN of their kitchen instead of their personal VLAN id. Why? So they can access a cable-connected Chromecast on the kitchen VLAN to stream Netflix or similar.

One could have an Nvidia shield or another streamer, but they work best with permanent logins. Chromecast is perfect for shared kitchens as you "log on" to the service when you cast the video.

Chromecast requires multicast to be discovered. Ideally, we would also like to support other IoT devices that use broadcast. With a shared broadcast domain (via the shared GTK, that does not care about the VLAN ID), multicast and broadcast packages meant for one kitchen can be seen by other kitchens on the Kitchen WPA2-Enterpise SSID. This is unwanted.

The students can set up their own wifi router in the kitchens, but the idea was to avoid this to have less RF noise and maybe a better overall experience by doing it centrally. Also, since we already have wifi APs in the kitchens, we wondered if switching to Cisco or Meraki would give us some new options.

Using iPSK might be a solution, but it would be yet another password for the students to remember. It would be nicer to avoid the need for yet another shared password. The idea of the individual password is that the logins stop working once they move out automatically. Resetting the iPSK password every time a student move in/out would be overkill/not user-friendly. Having different passwords for each student would properly be chaotic/hard to explain to the students.

 

Therefore, while it looks like WPN could work, it is not what I asked about in the first place. We would also like to keep using RADIUS for user management rather than having to create users manually.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.