Per-SSID VLANs on Meraki Access Points

At the company I work for, we’re starting to see more and more Meraki wireless deployments, and the documentation on Meraki’s KB is lacking in this area. So, I threw this post together on how to configure Per-SSID VLANs as a reminder for myself, and hopefully it saves someone a little time down the road.

This assumes you have access to your Meraki Dashboard already and have the APs added to your inventory. The ports connected to the APs need to be trunks.

In this instance, we’ll add a guest wireless vlan which is segmented from the rest of the network.

1. Create the vlan as you would normally on the switch. Nothing special here…
2. Log into the Meraki dashboard and go to “Wireless –> Access Points” and select the APs for which you want the VLAN/SSID to be active (assumed to be all of them in this case) and click “Tag”

3. Type a new tag name or select an existing tag. In this case, I already have a tag “GUEST-ENABLED”. Click Add.

You can now see that all the APs have the GUEST-ENABLED tag applied

4. Click “Wireless –> SSIDs –> Access Control”
5. Choose the SSID you want to modify from the drop down box at the top. (Or create a new SSID if you havent already)
6. Under the “Addressing and Traffic” section (about 2/3’s of the way down the page), select “Use VLAN Tagging” next to the “VLAN tagging” option. (NOTE: The APs must be in bridge mode. That is, clients are part of the LAN  and either the core switch or some other device must hand out DHCP – as opposed to using the Meraki DHCP)

7. Click “Add VLAN” under the “VLAN ID” and enter the Tag you created previously. It must match exactly. Enter the VLAN for that SSID to use, in this case, vlan 170.

8. Click Save to apply your changes and wait 1-2 minutes for them to propagate to the Meraki Cloud