Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11891
Views
5
Helpful
2
Replies

LAN isolation

Go to solution
Vl@d@Ni
Frequent Visitor
Frequent Visitor

‎08-28-2019 06:03 AM

Hi all,

I am new with Meraki and I have some doubts how to configure two SSIDs in the office. I have one SSID CORP in Bridge mode using DHCP server and I have Guest SSID in NAT mode.

I want Guest to not be able to reach Corp network but because NAT mode doesnt support VLAN tagging I am not sure how to do the isolation.

AP is trunked to the LAN switch.

Any suggestions are welcome?

BR
V

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
BrechtSchamp
Level 11
Level 11

‎08-28-2019 06:21 AM

You can block their access to the wired network via the Wireless > Firewall & Traffic Shaping:

image.png

View solution in original post

2 Replies 2

Go to solution
BrechtSchamp
Level 11
Level 11

‎08-28-2019 06:21 AM

You can block their access to the wired network via the Wireless > Firewall & Traffic Shaping:

image.png

Go to solution
MarcP829
Level 9
Level 9

‎08-28-2019 06:22 AM

NAT mode: Use Meraki DHCP

Clients receive IP addresses in an isolated 10.0.0.0/8 network. Clients cannot communicate with each other, but they may communicate with devices on the wired LAN if the SSID firewall settings permit.
Choose the SSID in the Firewall settings and do the following:

Block IPs and ports

Layer 2 LAN isolation Disabled Enabled (bridge mode only)
Layer 3 firewall rules
# Policy Protocol Destination Port Comment Actions
DenyAnyLocal LANAnyWireless clients accessing LAN

Argh, Brecht was faster, haha

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card