Setting Up VLANs with Meraki and Unifi for Network Segmentation

By
William Rossbach
-
0
15
Asked By TechWizard42 On

I'm fairly new to being a sysadmin, and I've got a question about setting up VLANs. I manage the IT services for a healthcare company in an office building we used to own. We have our own DNS server and connect with other locations via site-to-site tunneling. Recently, I upgraded my setup from a Meraki MX100 to a MX105, aiming for better control over DHCP and security. I've faced some challenges while trying to isolate our network from other tenants using Unifi APs and switches.

Currently, my topology is ISP > MX105 > Split into MS130-24P (my network) and USW Pro-48 (other tenants). I created a VLAN for our network, but I'm having DHCP issues, especially with the Unifi APs. Some clients get DHCP while others don't, and I'm unsure about whether I need to adjust VLAN IDs on all relevant ports and if the uplink ports need to be configured in a specific way. I reverted my changes due to issues with a landlord's camera system and really want to figure out the best way to segment our network without interfering with theirs. Any advice would be greatly appreciated!

3 Answers

Answered By NetworkNinja88 On

It sounds like you're doing a lot of trial and error, which is common when starting out! For VLANs, you need to ensure that the DHCP server is correctly configured for the new VLAN. Go into your settings and assign the proper subnet to your new VLAN. Don't forget to set up DHCP relay if needed, so it knows where to direct that traffic. Also, make sure you set the switch ports to the correct VLAN. To prevent any conflicts, consider blocking VLAN traffic from other networks using your switch's settings.

Answered By CautionaryTale101 On

Merging Unifi devices in a shared medical environment could bring up some legal concerns due to HIPAA regulations. It’s crucial to maintain strict separation of networks. Instead of just VLANs, consider air-gapping your networks entirely to enhance security.

Answered By QuestionsAndAnswers123 On

It’s essential to clarify where your DHCP is configured. If your DHCP lives on the MX105, ensure it's set for the new VLAN. If some devices can obtain an IP while others can't, check if the affected devices share the same AP. It's also crucial that all wired ports on the Unifi switch are configured consistently regarding VLAN settings. Identifying whether the configuration varies between ports can help pinpoint the issue.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.