Home > Meraki Go > Meraki Go - VLAN Configuration

Meraki Go - VLAN Configuration

GX VLAN Configuration

The Meraki Go products feature VLAN support across all devices as of application version 2.21.0. A VLAN (virtual local area network) is an effective tool to separate traffic on your network based on any number of factors. Most commonly, a guest network is created and managed separate from business networks and point-of-sale devices. Leveraging VLANs, a more robust and PCI compliant network can be constructed. A more in depth article about VLANs and how they work can be found here.

 

Note: Changing VLAN settings will disrupt your network. Avoid making changes during business hours. The DHCP server is enabled by default, and will be configurable in an upcoming release.

 

The GX is unique regarding VLAN configuration, as it is usually the starting point (but does not have to be). While you can specify a configuration for a VLAN on the switch and access point, that new VLAN cannot reach the internet until it is configured first on the GX security gateway.

Terms and Definitions

Each VLAN has the following items:

  • Name: A description for quick identification of the VLAN and its intended use.

    • Example: Guest, Point of Sale, Employees

  • Subnet Mask: The size of the subnet.

    • A larger subnet mask creates a smaller subnet. The same goes in reverse, a smaller subnet mask creates a larger subnet with more IP addresses.

    • The default is /24 and is the recommended value.

  • GX IP Address: The GX is the router for each VLAN it has defined, and will need to have an IP address in this VLAN. This is what becomes the default gateway IP address to client devices and even your switch or access point connected to the GX.

  • ID: A unique number between 1 and 4096 that identifies the VLAN for this new subnet on the GX.

Steps to configure GX VLANs

 

  1. Open the app, login, and go to the Hardware tab.

  2. Click on your firewall in the hardware list.

  3. Scroll down until VLANs is visible and tap it to enter the configuration screen

    create_fixed.jpg
     

  4. Enter the information for your new VLAN interface on the GX, and press Save.

 

The GX LAN ports default to Trunk Mode with Allowed VLANs set to all. Once you have created this VLAN above, it will become available on the LAN ports for downstream devices to use (like your GR guest network).

 

The above example uses VLAN ID 10 for the Guest network. To configure this guest wifi network using the new VLAN, the switches and access points will also have to be configured to support this new VLAN.

 

Steps to configure GS VLANs

By default, all GS ports are configured as Trunk with native VLAN as 1. This matches the GX default configuration. When a new VLAN is added on the GX, or any upstream router, it is immediately accessible on the switch by default.

Under the port list view for your switch, the Advanced Settings section reveals the following configuration. More details about switch port configuration can be found in this article.

 

Screenshot_20200821-094029_Meraki Go.jpg

Note: When modifying the uplink port you risk taking devices offline. Consider carefully the configuration of this port compared to what the GS is connected to upstream.

Steps to configure GR VLANs

Each wireless network on the networks tab has the option, while in bridge mode, to have a VLAN ID.

  1. Log in to the app and navigate to Networks.
  2. On the specific network you wish to join a VLAN, go to Settings.
  3. Under the settings page, you can find Advanced Settings at the bottom, where VLAN tagging configuration exists.
  4. Tap to enable VLAN support for this network. This allows you to enter the VLAN ID that end users connect to
    Screenshot_20200821-094112_Meraki Go.jpg

Configuration Example

This guide will explain how to create a basic VLAN setup with a guest and business network. The use case is to segment guest network traffic away from critical business traffic which may include sensitive information.

Goals

At the end of this example the following will be achieved:

 

  • Two VLANs will exist on the network:
    • Point of Sale and Business.
  • Each VLAN will behavior differently:
    • Business:
      • Will be password protected.
      • No throughput limitations.
      • Used for employees.
    • Point of Sale:
      • Has sensitive information about sales.
      • Will also be password protected.
      • Should be segmented away from the business network.
      • Used strictly for point of sale hardware in the business.

Steps

This step-by-step guide assumes all Meraki Go hardware is in use (security gateway, switch, and access point).

 

  1. Begin by defining the Business and Point of Sale VLANs on the GX:
    • Rename the existing VLAN to Business:
      1. Navigate to Hardware > [Select GX] > VLANs > Tap existing VLAN
      2. Change the name to Business when the edit screen appears and tap save.
    • Create the new VLAN Point of Sale:
      1. Navigate to Hardware > [Select GX] > VLANs > Tap "Subnets and VLANS +"
      2. Define a new Point of Sale VLAN:
        • Name: Point of Sale
        • GX IP address: 192.168.129.1
        • Subnet Mask: 24
        • ID: 2
  2. Configure switchports on the GS:
    • The uplink port should always be Trunk mode to allow all VLANs to reach the GX.
    • Any devices using an Ethernet cable to connect to the switch can be configured for a particular VLAN:
      1. Navigate to Hardware > [Select GS] > See All Ports > [Choose a non-uplink port] > Tap on Settings
      2. Open Advanced Settings for this port
      3. Tap on VLAN Configuration
        1. For an employee workstation, configure the port as access VLAN 1 - the Business VLAN.
        2. For an access point serving wireless, trunk mode allowing all VLANs is preferred.
        3. For a point-of-sale device, configure the port as access VLAN 2 - the Point of Sale VLAN configured in step 1.
  3. Configure wireless networks on the GR:
    • Create the Business Wireless Network:
      1. Navigate to the Network tab in the app and press the sign in the top right to create a new network:
      2. Name the network "Business" or your preference for the employee network.
      3. Define a password to use with this wireless network.
      4. Tap Save 
        • Note: This network does not require a VLAN tag, as the default VLAN is Business on the GX.
    • Create the Point of Sale Wireless Network:
      1. Navigate to the Network tab in the app and press the sign in the top right to create a new network:
      2. Name the network "Point of Sale" or your preference for the point of sale devices network.
      3. Define a password to use with this wireless network.
      4. Tap Save 
      5. Enable VLAN tagging by navigating to Networks > [Select the point of sale network] > Settings > Advanced Settings > Tap VLAN Tagging
      6. Set Use VLAN tagging to on, and specify VLAN 2 - the Point of Sale VLAN configured in step 1.
Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 10025

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community