Download pdf - 2017 Meraki Network Template - Archdiocese of Seattle Meraki Template.pdf · 2017 Meraki Network Template VLAN Design Templates: MX84/65,MS225,MR42 Examples of common network configurations

2017 Meraki Network TemplateVLAN Design Templates: MX84/65,MS225,MR42

Examples of common network configurationsUpdated per the April 25th All Archdiocesan conference call

Tom O’Callahan

OCS Technology Planning and Strategy

[email protected]

Note: Use the Meraki documentation for more configuration and usage details. This is a best practice guide for schools. Please contact me with revisions or updates.

Network Template Examples

The examples include use of VLANs to separate/isolate user communities (teachers and students). VLANs requires VLAN/network routing capable routers/security appliances. VLANs is typically the least complex and most reliable way to provide granular per user community access policies.

• Section A– Access Points

• Section B– Switches (VLANs)

• Section C– Security Appliance (VLANs and network routing)

• Section D– Network-wide

6/5/2017 2017 Meraki Template

Section A

• Access Points• Summary:

– Enable automatic power reduction– Optimize performance with 5G preference SSIDs– Enable band steering let Meraki make the client decisions– Use DFS channels to provide the max radio capacity– Provide a higher preference for high bit rate school Wi-Fi

computers (min: 11, 24 is better)– Consider using Air Marshall to contain non-school access

points “leakage”– More that 5 SSID may degrade performance by 20%– Clients roaming: Apple default is 802.11v mode


MR42 Access Point Summary


Access Points with multiple networksMR42 SSID VLAN Tagged

2017 Meraki Template6/5/2017

Wireless Radio SettingsPower, 5GHz 40 v. 80 MHz and DFS


Wireless Access ControlDual Band and Bitrate


Access point ToolARP Table to Confirm Layer 2 Clients


AP to Meraki Performance TestRough estimate of connection speed


Dynamic AP Mesh Neighbors



Wireless Per AP SSIDSSID availability policy

Section B

• Switches


Two Switch Network


Two Switch Network Topology:15 Total Meraki Components

1 MX65, 2 MS220 switches, 12 access points


MS220 24 port w/fiber on port 24


Root Switch


PoE Uplink

Assigning the STP root switch and Management VLAN


Switch to Switch Uplink PortType Trunk and Native VLAN 499


Switch Port List withUplink on Port 48, Voice VLAN 20


All VLANs Trunked


Switch Forwarding Tablesort by VLAN # option


DHCP Server DetectionAllow/Block


Section C

• Security Appliance

• Summary:

– Contact Meraki or a reseller for hardware sizing.

– Contact Meraki tech support when performance issues are suspected.

– Capable of exporting policies for reuse/sharing



MX Summary Page

MX84 Security Appliance


MX Firewall Policy Part 1


MX Firewall Policy Part 2


WAN Address AssignmentRequires console port connection remote

changes are not allowed


Routing, VLAN and Network Assignment and VLAN policy


DHCP Networks and Mgmt VLAN


DHCP Networks w Mgmt VLAN 499


MX Route and VLANs Part 1


LAN Port Assignment MX VLAN Part 2


MX URL Blockinghttp and https


Content Filter Log: 2 examples


MX Intrusion detection


MX Route Table w/Client VPN


MX Client VPN


• https://n149.meraki.com/PJP2HS/n/OvzF0dvc/manage/nodes/routes


Meraki MX84 Route Table

https://n149.meraki.com/PJP2HS/n/OvzF0dvc/manage/nodes/routes

Section D

• Network-wide


General Custom Pie Chart


Interesting Traffic MonitoringCustom Pie Chart - NWEA


Summary Report


Group Policies


Detailed Group Policy: VLAN Tag


VLAN Tag use for group policy
