Meraki WiFi Best Practices – deploying Guest and Internal SSID networks.

cisco meraki wif services in nj
The purpose of this article is to show you how to create the most basic SSID deployments in business configurations. Meraki offers a multitude of options and settings to customize WiFi network access to your needs including different levels of authentication, security, routing, etc. that can be integrated with other services to improve overall network performance.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Meraki WiFi Best Practices for simple and secure SSID deployments.

Cisco Meraki WiFi services in NJ.
Cisco Meraki WiFi services.

One of the most common types of WiFi access deployments is to create at least two Wireless networks, in other words, an internal WiFi network for the company’s employees and another one for Guest Access. Although the process to create the networks is the same, there are some Meraki WiFi best practices you can implement to take advantage of Meraki’s wireless features.

All SSIDs are configured the same way, and there’s nothing special when it comes to configuring a Guest SSID. What makes the difference is the configuration settings that you apply to it.

You can watch the youtube tutorial here.

Let’s cover the basics.

Internal WiFi network. They are designed to provide access to internal resources such as servers, printers, shared drivers, etc; in other words, it’s simply an “extension” of the LAN. As you can imagine, you wouldn’t want unauthorized users accessing your internal network for all the administrative, security, and compliance reasons.

Guest WiFi network. You can create a Guest WiFi network to provide your visitors with internet access without allowing them to access the internal company resources.  It’s part of Meraki WiFi best practices to segregate network access, and administrators can use different types of technical and administrative controls to ensure Guest Wifi users don’t have access to the corporate network and vice versa.

Are you a Cisco Meraki Shop? This article “5 Cisco Meraki to improve WiFi performance” may be useful to you.

Meraki WiFi Best Practices – Creating a Guest and Internal network.

Meraki makes it simple to create and deploy WiFi networks (SSIDs) from the dashboard management console. The process to create the SSIDs is the same regardless of their use. – Another good point to add to Meraki WiFi best practices – deploy no more than 3 SSIDs per Access Point.

  1. In Dashboard, navigate to Wireless > Configure > SSIDs.

2. For the Name section of each SSID, click the rename link.

3. Enable and rename the Guest and Internal SSIDs appropriately. This is the name of the wireless network that clients will see in their list of available network connections.

4. Click the Save Changes button.

meraki wifi best practice - ssid configuration page.
Meraki SSID allows up to 15 SSIDs to be configured and managed per Network.

Configure the Guest SSID settings – It’s the same process as any other SSID -.

  1. Navigate to Wireless > Configure > Access control.

2. Select your guest network from the SSID drop-down menu.

3. For Association requirements, choose Open (no encryption).

Meraki WiFi best practices for guest wifi configurations.
Meraki WiFi network Access options. You can configure your Guest WiFi with Open authentication.

4. For the Splash page, choose Click-through (Users must view and acknowledge the splash page).

meraki wifi experts in nj configure splash pages in meraki.

5. Select the captive portal strength settings (You can restrict all non-http traffic or not until splash page acknowledgment)

nj wifi experts Captive portal connectivity setting.
Captive portal connectivity setting.

6. Scroll down to the Addressing and traffic section of the page.

7. Ensure that “NAT mode: Use Meraki DHCP” is selected. In NAT mode, Clients receive IP addresses in an isolated 10.0.0.0/8 network. Clients cannot communicate with each other. See this article for more information on NAT mode.

NJ meraki experts allows ssid to be configured on it's own network.
Meraki Allows configuring the SSID on its isolated network.

8. Click Save Changes at the bottom of the page.

9. Navigate to the Configure > Firewall & traffic shaping page.

10. Ensure that the Guest network is selected on the SSID drop-down menu at the top of the page.

11. In the Layer 3 firewall rules section, select Deny from the drop-down menu for the rule labeled Wireless clients accessing LAN.

L3 Guest Wifi meraki configuration
L3 Firewall Rule to prevent Guests from gaining network access.

12. Scroll down to the Traffic shaping rules section and select a Per-client and/or Per-SSID bandwidth limit.

Meraki Guest wifi bandwidth limits
Guest SSID bandwidth throttling

13. Click Save Changes.

For more advanced Cisco Meraki WiFi best practices configuration settings check this article about configuring SSID VLAN with group policies.

Configure SSID for Internal Network. – Cisco Meraki WiFi services.

  1. Navigate to Configure > Access control.

2. Select your guest network from the SSID drop-down menu.

3 For Association requirements, choose the Pre-shared key with WPA2 and enter a key that Clients will use to connect to the network.

MerakiSSID Pre-Shared key (PSK) settings for wifi services in NJ
MerakiSSID Pre-Shared key (PSK) settings.

4. Scroll down to the Addressing and traffic section of the page.

5. Select “Bridge mode: Make clients part of the LAN”. In Bridge mode, Meraki devices operate transparently (no NAT or DHCP). Clients receive DHCP leases from the LAN or use static IPs. See this article for more information on NAT mode versus Bridge mode.

NJ wifi experts Meraki corporate SSID access.
Meraki corporate SSID access.

6. Click Save Changes at the bottom of the page.

7. Navigate to the Configure > Firewall & traffic shaping page.

8. Ensure that the Internal network is selected on the SSID drop-down menu at the top of the page.

9. In the Layer 3 firewall rules section, make sure Allow is selected for the rule labeled Wireless clients accessing LAN.

meraki SSID L3 FW settings for wifi services in nj
SSID L3 FW settings.

10. Click Save Changes

After these steps are complete, the AP’s in your network will broadcast two different SSIDs. One network will allow Guest access to the Internet only, the other will allow Internal users to access the network through a secure extension of your wired LAN.

Bonus: We always recommend deploying SSIDs only where required. This WiFi best practice has many benefits that directly impact the wireless network performance and may help you with your network security plan.

Multiple WiFi in the area? Another of the articles we’ve written about Meraki WiFi best practices is to plan WiFi channels allocation.

Conclusion.

The purpose of this article is to show you how to create the most basic SSID deployments in business configurations. Meraki offers a multitude of options and settings to customize WiFi network access to your needs including different levels of authentication, security, routing, etc. that can be integrated with other services to improve overall network performance.

WiFi network deployments require proper planning, We are WiFi experts in NJ providing highly efficient, resilient, and cost-effective Wireless network solutions to businesses and organizations. Our strategic technical vision coupled with our WiFi, Network, and Cyber-Security experience allows us to deliver the right WiFi solution to your environment.

Contact us at info@jdtechsolutions.net, www.jdtechsolutions.net, or 888-580-4450 to learn more about our WiFi Solutions and Services.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Meraki packet capture
Blog

Performing Simple Meraki Packet Capture.

Meraki packet capture is an essential part of troubleshooting a network running Meraki. Whether it is Access Points, firewalls, switches, cameras, or any other Meraki device, learning how to capture data and read it in a protocol analyzer is an essential part of Meraki network administration.