VLAN Configuration

Version:

Dashboard Location: Security and SD-WAN > Configure > Addressing & VLANs > VLANs

VLAN Management

VLAN configuration in Meraki appliances provides comprehensive network segmentation capabilities including subnet management, DHCP services and advanced networking features. This functionality enables organizations to create secure network boundaries, implement traffic isolation policies, and support complex network architectures while maintaining centralized management and visibility. VLAN configuration is essential for enterprise deployments requiring network segmentation, security isolation, and scalable network design.

Diagram

Classes

appliance (meraki.domains.organizations.networks)

Name	Type	Constraint	Mandatory	Default Value
vlans	List	`[vlans]`	No

vlans (meraki.domains.organizations.networks.appliance)

Name	Type	Constraint	Mandatory	Default Value
name	String	min: `1`, max: `127`	No
subnet	String	Regex: `^((25[0-5]\|2[0-4][0-9]\|1[0-9]{2}\|[1-9]?[0-9])\.){3}(25[0-5]\|2[0-4][0-9]\|1[0-9]{2}\|[1-9]?[0-9])\/([1-9]\|[12][0-9]\|3[0-2])$`	No
appliance_ip	IP		No
template_vlan_type	Choice	`same`, `unique`	No
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No
mask	Integer	min: `0`, max: `32`	No
dhcp_handling	Choice	`Do not respond to DHCP requests`, `Relay DHCP to another server`, `Run a DHCP server`	No
dhcp_lease_time	Choice	`1 day`, `1 hour`, `1 week`, `12 hours`, `30 minutes`, `4 hours`	No
mandatory_dhcp	Boolean	`true`, `false`	No
dhcp_options	List	`[dhcp_options]`	No
dhcp_boot_options	Boolean	`true`, `false`	No
group_policy_name	String	min: `1`, max: `127`	No
vlan_id	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
vpn_nat_subnet	String	Regex: `^((25[0-5]\|2[0-4][0-9]\|1[0-9]{2}\|[1-9]?[0-9])\.){3}(25[0-5]\|2[0-4][0-9]\|1[0-9]{2}\|[1-9]?[0-9])\/([1-9]\|[12][0-9]\|3[0-2])$`	No
dhcp_relay_server_ips	List	IP	No
dhcp_boot_next_server	IP		No
dhcp_boot_filename	String	min: `1`, max: `127`	No
fixed_ip_assignments	List	`[fixed_ip_assignments]`	No
reserved_ip_ranges	List	`[reserved_ip_ranges]`	No
dns_nameservers	String	Regex: `^(upstream_dns\|google_dns\|opendns\|custom)$`	No

dhcp_options (meraki.domains.organizations.networks.appliance.vlans)

Name	Type	Constraint	Mandatory
code	String	Regex: `^([2-9]\|1[0-9][0-9]?\|2[0-9]\|2[0-5][0-4]\|[3-9][0-9])$`	Yes
type	Choice	`hex`, `integer`, `ip`, `text`	Yes
value	String	min: `1`, max: `127`	Yes

fixed_ip_assignments (meraki.domains.organizations.networks.appliance.vlans)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `127`	Yes
mac	MAC		Yes
ip	IP		Yes

reserved_ip_ranges (meraki.domains.organizations.networks.appliance.vlans)

Name	Type	Constraint	Mandatory
start	IP		Yes
end	IP		Yes
comment	String	min: `1`, max: `127`	Yes

Examples

Example-1: The example below demonstrates VLANs configuration.

This configuration creates and manages Virtual Local Area Networks (VLANs) to segment network traffic, provide organized IP allocation, and enable DHCP services. The example includes VLAN definitions, subnet assignments, DHCP settings, reserved IP ranges, DHCP options, and DNS configuration for structured network management.

VLAN 10 – “VLAN10”: Subnet: 192.168.10.0/24 with appliance IP 192.168.10.1 as the default gateway. DHCP is enabled with lease time 1 day and mandatory DHCP to prevent static IP assignment. DHCP boot options include PXE boot support (codes 66/67) pointing to tftp.example.com and bootfile. Reserved IP range 192.168.10.40–50 is set aside for printers. DNS is set to Google DNS servers (8.8.8.8 and 8.8.4.4). Note: Multiple dns servers are specified as newline seperated string of IP addresses or domain names. In this case, value is defined as “8.8.8.8\n8.8.4.4”. Fixed IP assignments for RFID readers based on mac, to maintain same ip across leases. Optional DHCP relay server is defined as 192.168.10.254.

VLAN 20 – “VLAN20”: Subnet: 192.168.20.0/24 with appliance IP 192.168.20.1. DHCP enabled with lease time 1 day and mandatory DHCP enforcement. DHCP boot options configured identically to VLAN 10 for PXE boot support. Reserved IP range 192.168.20.40–50 for printers. DNS is set to organization DNS servers ns1.example.com and ns2.example.com. Note: Multiple dns servers are specified as newline seperated string of IP addresses or domain names. In this case, value is defined as “ns1.example.com\nns2.example.com”. This configuration ensures centralized IP management, prevents unauthorized static IP usage, supports PXE boot for devices requiring network boot, and separates traffic into distinct VLANs for better organization, security, and network efficiency.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              appliance:
                vlans:
                  - vlan_id: 10
                    name: "VLAN10"
                    subnet: "192.168.10.0/24"
                    appliance_ip: "192.168.10.1"
                    group_policy_name: "CORP"  # Maps to group policy ID for CORP policy
                    dhcp_handling: "Run a DHCP server"
                    dhcp_lease_time: "1 day"
                    dhcp_boot_options: false
                    dhcp_options:
                      - code: "66"
                        type: "text"
                        value: "tftp.example.com"
                      - code: "67"
                        type: "text"
                        value: "bootfile"
                    reserved_ip_ranges:
                      - start: "192.168.10.40"
                        end: "192.168.10.50"
                        comment: "Reserved for printers"
                    fixed_ip_assignments:
                      - name: "RFID Reader 1"
                        ip: "192.168.10.111"
                        mac: "00:11:22:33:44:55"
                      - name: "RFID Reader 1"
                        ip: "192.168.10.112"
                        mac: "00:11:22:33:44:56"
                    dns_nameservers: "8.8.8.8\n8.8.4.4"
                    # vpn_nat_subnet: "192.168.10.0/24"
                    mandatory_dhcp: true
                  - vlan_id: 20
                    name: "VLAN20"
                    subnet: "192.168.20.0/24"
                    appliance_ip: "192.168.20.1"
                    group_policy_name: "BMS"  # Maps to group policy ID for BMS policy
                    dhcp_handling: "Relay DHCP to another server"
                    dhcp_relay_server_ips: ["192.168.10.2", "192.168.10.3"]
                    # vpn_nat_subnet: "192.168.20.0/24"
                    mandatory_dhcp: true