This article will guide you to configure SSIDs and Access Control on Meraki wifi devices according to the example below.
Cisco Meraki Access Points support up to fifteen simultaneous SSIDs, each with separate access controls and firewall rules.
In the example below we will configure 3 SSIDs (Faculty, Students, Guests) with different access levels using a firewall and traffic shaping rule.
1.Name the wireless network:
– Login Dashboard.
– Go Wireless > Configure > SSIDs.
– Section Nameselect rename link at unused SSIDs.
– Set SSID name. According to the example, Faculty, Students, Guests
– Select Save changes to save.
2.Configure Access Control, Firewall and Traffic Shaping for Faculty, Students, Guests SSID:
2.1.Configuring Faculty SSID:
+ Configure Access Control for Faculty SSID
– Go Wireless > Configure > Access control.
– Select Faculty from the SSID drop down menu.
* Network access
– Give Association requirementsselect Pre-shared key with WPA2.
– Import WPA2 key.
* Splash page
– In Splash pageselect Sign-on with Meraki Authentication.
– Give options Self-Registrationselect “Allow users to create accounts”.
– Give options Simultaneous logins, select “Limit users to one device at a time”.
* Addressing and traffic
– Give Client IP assignment, select Bridge mode: Make clients part of the LAN.
– Select Save changes to save.
+ Configure Firewall and traffic shaping for Faculty SSID
– Move to Wireless > Configure > Firewall & traffic shaping.
– Select Faculty from the SSID drop down menu.
– Give Layer 3 firewall rules, select “Allow” for Wireless clients accessing LAN.
– Give Layer 7 firewall rulesselect Add a layer 7 firewall rule link and optional applications.
– Select Save changes to save.
2.2.Configuring Student SSID:
+ Configure Access Control for Student SSID
– Go Wireless > Configure > Access control.
– Select Student from the SSID drop down menu.
* Network access
– Give Association requirements, select Pre-shared key with WPA2.
– Import WPA2 key.
* Splash page
– Give Splash pageselect Click-through.
– Give options Captive portal strength, select “Block all access until sign-on is complete”.
* Addressing and traffic
– Give Client IP assignment, select Bridge mode: Make clients part of the LAN.
– Select Save changes to save.
+ Configure Firewall and traffic shaping for Student SSID
– Move to Wireless > Configure > Firewall & traffic shaping.
– Select Student from the SSID drop down menu.
– Give Layer 3 firewall rules, select “Allow” give Wireless clients accessing LAN.
– Give Layer 7 firewall rules, select Add a layer 7 firewall rule link and optional applications.
– Find items Traffic shaping rules.
– Establish Per-client bandwidth limit and Enable speedburst
– Select Save changes to save.
2.3.Configuring Guest SSID:
+ Configure Access Control for Guest SSID
– Go Wireless > Configure > Access control.
– Select Guest from the SSID drop down menu.
* Network access
– In Association requirements, select Open (no encryption).
* Splash page
– Give splash page, select None (direct access)
* Addressing and traffic
– In Client IP assignment, select NAT mode: Use Meraki DHCP.
– Select Save changes to save.
+ Configure Firewall and traffic shaping for Guest SSID
– Move to Wireless > Configure > Firewall & traffic shaping.
– Select Guest from the SSID drop down menu.
– Give Layer 3 firewall rulesselect “Deny” give Wireless clients accessing LAN.
– Give Layer 7 firewall rules, select Add a layer 7 firewall rule link and optional applications.
– Find items Traffic shaping rules.
– Establish Per-client bandwidth limit and Enable speedburst.
– Establish Per-SSID bandwidth limit.
– Select Save changes to save.
Once configured, APs in your network will broadcast three SSIDs, each SSID will have its own access controls, firewall and traffic shaping rules.
!!! Thank you for following the article!!!
Xem tiếp...