Recently, we've upgraded to Meraki MR46 Access points. With it, one of our SSIDs was configured for staff to user their username/password combinations to connect to the network via a RADIUS server. However, we also want to limit what these users can see/access for servers on the network. They only need to see our print server and our internal website. So we enabled Layer 3 firewall rules to allow access to these two server and then set the rest of the local LAN to be blocked. Despite the allows, staff cannot access the pages via FQDN, only by IP address. We added the DHCP and DNS servers to the allow list, but continue to get hit with DNS not working while the layer 3 firewall rules are in effect. I can see that DHCP is assigning DNS servers along with the IP address, but DNS is still failing to allow access to internal content. (for example: the internal website is located at 192.168.1.42/24. It can be pinged by IP address, but when users visit http://universe.everything.local, they get a name not resolved error). The firewall rules don't have an option for FQDNs, only IPs. I have tried changing layer 2 isolation off and back on without any change in behavior. The only thing that seems to work while on DHCP is to allow all local LAN access, which we are trying to avoid. If we us static assignment, it seems to work.
... View more