@hidden0 wrote: I understand where you are coming from now, @AnGr. Let me see if I can provide a better answer given that information.   The Guest Mode toggle on any wifi network automatically creates layer 3 firewall rules that deny traffic to or from any private network address ranges such as 192.168.128.0/24, or 192.168.129.0/24. I would expect any devices connected to the guest network to be unable to communicate with each other (so long as Guest Mode is enabled).   The ability to define layer 3 firewall rules on the GX, now that VLANs can be managed on the hardware, is one of our upcoming feature releases. The approach will redefine our network creation flow, and allow you to Secure or Restrict a VLANs ability to communicate with other networks that are reachable via the GX. Do you see yourself needing to control what VLANs need access to which, or would a blanket "block all LAN access" policy (like Guest mode) do the trick? @hidden0  Creating a Wifi "home" at the default VLAN 1 and toggle a Guest mode on that Wifi will give me a result that is doing what I need for wifi. I can use the guest mode as "work" wifi. Then noone on the home "wifi" should be able to reach the "work" wifi, but that still leaves me with the issue of VLAN segmenting on ethernet. On the second part, a "block all LAN access" policy on port level will do the trick for my on my case, but for a small business aspect, not beeing able to have the ability to set exception rules, in a example, sending logs from one zone to a logserver in another zone while blocking all other traffic would not be good. Is there a estimated time on possible feature release? If I get a GS-110-8P will I then be able to isloate the VLANs and have an ability for exception rules? ... View more

@AnGr  I got 3 wifi net. Guest wifi, Home wifi, Work wifi The Guest wifi is default config Home wifi is default VLAN 1 Work wifi is VLAN 300   VLAN 1 has the default IP range 192.168.128.0/24 VLAN 300 has the ip range 192.168.129.0/24 I also have ethernet devices (not wifi) that need to be seperated aswell. Devices on a VLAN should not be able to reach devices on another VLAN unless there si a firewall opening for it. I am fully enabled to access all devices on both VLAN across. That is the issue. ... View more

@hidden0  @hidden0 wrote: Hello @ErikWie,   The default GX port config is to trunk all VLANs with native VLAN set to 1. If you would like to confirm (or change) the GX LAN port configuration/s, you can do so from the local status page on the device: https://documentation.meraki.com/Go/Meraki_Go_-_Local_Status_Page Please elaborate what you mean by this. I quote the GX20 Vlan config documentation " The GX LAN ports default to  Trunk Mode   with  Allowed VLANs   set to  all ." And that is what I expirience, the ethernet port on GX20 that has the GR10 connected presentes both VLAN 1 and VLAN 300 to the GR10 Access Point https://documentation.meraki.com/Go/Meraki_Go_-_VLAN_Configuration On the Local Status Page I'm not able to find any where that I can do any vlan changes to the ethernet ports, I can enable/disable and I can set Link Negotiation. @hidden0 wrote:   The only setting that jumps to mind that would prevent this outside of port configuration would be "Guest Mode" on the wireless network.   You can check for this setting in the Meraki Go app under Networks > [Network Name]. Be sure to set Guest Mode to off to allow traffic to pass between VLANs.    If you still face problems after both of these steps, just let us know here or by opening a support case for our team to take a look. The Guest network way will give me what I search regarding the wifi, but that I could do without buying any Meraki gear. I want to make this work with the Meraki equipment, wifi and ethernet. Even Small businesses that is the target market for Meraki GO have needs for segmentation on the network, if the GX20 can't give that I think they have failed at their primary market. If I need to buy a GS I will do so, but I just wanted to verify that you actually have to buy a GS to get vlan segmenting to work. OR if there was a way to do ut without spening even more money on another piece of hardware to be able to segment the network. ... View more