Understanding and Configuring Management VLANs on Cisco Meraki Devices
The purpose of this article is to explain the configuration and use of Management VLANs on Cisco Meraki MR access points.
MR access points must be connected to the network, both for client traffic and for their own management traffic. Specifically, the traffic that any Cisco Meraki device will send upstream to the cloud controller. When you have a network with multiple VLANs, it is important to ensure that the MR's traffic will be put on the appropriate VLAN, typically a dedicated management VLAN for cloud-bound traffic.
For more information on VLANs in general, please read the following article:
Tagging a Management VLAN on a Cisco Meraki Device
On a gateway access point, a VLAN tag can be assigned to the device for its own management traffic. This can either be done in Dashboard under Wireless > Monitor > Access Points > (AP's name) > click the Edit icon or on the Local Status Page of the device.
This tells the device to tag that specific VLAN for management and cloud traffic in order for it to be correctly passed on the LAN.
Note: Tagging egress per SSID on an Access Point requires that the AP be plugged into a trunk port. To see an article describing more about IEEE 802.1Q and VLAN tagging, please refer to our documentation on Meraki Gateway Access Points, IEEE 802.1Q, and VLAN Tagging
Untagged Traffic on a Cisco Meraki Device's Management VLAN
When an MR access point is connected to an access switchport and not a trunk switchport, then you do not need to specify a VLAN when assigning a static IP address. The AP must use an IP address within the subnet of that VLAN, and the VLAN field needs to be left blank.
Specifying the VLAN ID would tell the access point to tag its management traffic with that ID, which would likely cause it to be dropped by the access switchport.
Note: If SSIDs are not tagging specific VLANs, then the Management VLAN will also be used for client's traffic.