Skip to content

VLAN Configuration

Dashboard Location: Security and SD-WAN > Configure > Addressing & VLANs > VLANs

VLAN configuration in Meraki appliances provides comprehensive network segmentation capabilities including subnet management, DHCP services, IPv6 support, and advanced networking features. This functionality enables organizations to create secure network boundaries, implement traffic isolation policies, and support complex network architectures while maintaining centralized management and visibility. VLAN configuration is essential for enterprise deployments requiring network segmentation, security isolation, and scalable network design.

Diagram

appliance (meraki.domains.organizations.networks)

Section titled “appliance (meraki.domains.organizations.networks)”
NameTypeConstraintMandatoryDefault Value
vlansList[vlans]No

vlans (meraki.domains.organizations.networks.appliance)

Section titled “vlans (meraki.domains.organizations.networks.appliance)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
subnetStringRegex: ^((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\/([1-9]|[12][0-9]|3[0-2])$No
appliance_ipIPNo
template_vlan_typeChoicesame, uniqueNo
cidrStringRegex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$No
maskIntegermin: 0, max: 32No
ipv6Class[ipv6]No
dhcp_handlingChoiceDo not respond to DHCP requests, Relay DHCP to another server, Run a DHCP serverNo
dhcp_lease_timeChoice1 day, 1 hour, 1 week, 12 hours, 30 minutes, 4 hoursNo
mandatory_dhcpBooleantrue, falseNo
dhcp_optionsList[dhcp_options]No
dhcp_boot_optionsBooleantrue, falseNo
group_policy_nameStringmin: 1, max: 127No
vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2
vpn_nat_subnetStringRegex: ^((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\/([1-9]|[12][0-9]|3[0-2])$No
dhcp_relay_server_ipsListIPNo
dhcp_boot_next_serverIPNo
dhcp_boot_filenameStringmin: 1, max: 127No
fixed_ip_assignmentsClass[fixed_ip_assignments]No
reserved_ip_rangesList[reserved_ip_ranges]No
dns_nameserversStringRegex: ^(upstream_dns|google_dns|opendns|custom)$No

ipv6 (meraki.domains.organizations.networks.appliance.vlans)

Section titled “ipv6 (meraki.domains.organizations.networks.appliance.vlans)”
NameTypeConstraintMandatoryDefault Value
enabledBooleantrue, falseNo
prefix_assignmentsList[prefix_assignments]No

dhcp_options (meraki.domains.organizations.networks.appliance.vlans)

Section titled “dhcp_options (meraki.domains.organizations.networks.appliance.vlans)”
NameTypeConstraintMandatoryDefault Value
codeStringRegex: ^([2-9]|1[0-9][0-9]?|2[0-9]|2[0-5][0-4]|[3-9][0-9])$Yes
typeChoicehex, integer, ip, textYes
valueStringmin: 1, max: 127Yes

fixed_ip_assignments (meraki.domains.organizations.networks.appliance.vlans)

Section titled “fixed_ip_assignments (meraki.domains.organizations.networks.appliance.vlans)”
NameTypeConstraintMandatoryDefault Value
ipIPNo
nameStringmin: 1, max: 127No

reserved_ip_ranges (meraki.domains.organizations.networks.appliance.vlans)

Section titled “reserved_ip_ranges (meraki.domains.organizations.networks.appliance.vlans)”
NameTypeConstraintMandatoryDefault Value
startIPYes
endIPYes
commentStringmin: 1, max: 127Yes

prefix_assignments (meraki.domains.organizations.networks.appliance.vlans.ipv6)

Section titled “prefix_assignments (meraki.domains.organizations.networks.appliance.vlans.ipv6)”
NameTypeConstraintMandatoryDefault Value
autonomousBooleantrue, falseNo
static_prefixIPNo
static_appliance_ip6IPNo
originClass[origin]No

origin (meraki.domains.organizations.networks.appliance.vlans.ipv6.prefix_assignments)

Section titled “origin (meraki.domains.organizations.networks.appliance.vlans.ipv6.prefix_assignments)”
NameTypeConstraintMandatoryDefault Value
typeChoiceindependent, internetYes
interfacesListString[min: 1, max: 10]No

Example-1: The example below demonstrates VLANs configuration.

This configuration creates and manages Virtual Local Area Networks (VLANs) to segment network traffic, provide organized IP allocation, and enable DHCP services. The example includes VLAN definitions, subnet assignments, DHCP settings, reserved IP ranges, DHCP options, and DNS configuration for structured network management.

VLAN 10 – “VLAN10”: Subnet: 192.168.10.0/24 with appliance IP 192.168.10.1 as the default gateway. DHCP is enabled with lease time 1 day and mandatory DHCP to prevent static IP assignment. DHCP boot options include PXE boot support (codes 66/67) pointing to tftp.example.com and bootfile. Reserved IP range 192.168.10.40–50 is set aside for printers. DNS is set to Google DNS (8.8.8.8). Optional DHCP relay server is defined as 192.168.10.254.

VLAN 20 – “VLAN20”: Subnet: 192.168.20.0/24 with appliance IP 192.168.20.1. DHCP enabled with lease time 1 day and mandatory DHCP enforcement. DHCP boot options configured identically to VLAN 10 for PXE boot support. Reserved IP range 192.168.20.40–50 for printers. DNS also uses Google DNS (8.8.8.8). This configuration ensures centralized IP management, prevents unauthorized static IP usage, supports PXE boot for devices requiring network boot, and separates traffic into distinct VLANs for better organization, security, and network efficiency.

meraki:
domains:
- name: !env domain
administrator:
name: !env org_admin
organizations:
- name: !env org
networks:
- name: !env network_name
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
appliance:
# single_lan:
# subnet: "192.168.1.0/24"
# appliance_ip: "192.168.1.1"
# # ipv6:
# # enabled: true
# # prefix_assignments:
# # - autonomous: true
# # static_prefix: "2001:db8::/32"
# # static_appliance_ip6: "2001:db8::1"
# mandatory_dhcp: true
vlans:
# - vlan_id: 1
# name: "Default"
# subnet: "192.168.128.0/24"
# appliance_ip: "192.168.128.1"
- vlan_id: 10
name: "VLAN10"
subnet: "192.168.10.0/24"
appliance_ip: "192.168.10.1"
group_policy_name: "CORP" # Maps to group policy ID for CORP policy
dhcp_handling: "Run a DHCP server"
dhcp_lease_time: "1 day"
dhcp_boot_options: false
dhcp_options:
- code: "66"
type: "text"
value: "tftp.example.com"
- code: "67"
type: "text"
value: "bootfile"
reserved_ip_ranges:
- start: "192.168.10.40"
end: "192.168.10.50"
comment: "Reserved for printers"
dns_nameservers: "8.8.8.8"
# vpn_nat_subnet: "192.168.10.0/24"
mandatory_dhcp: true
# ipv6:
# enabled: true
# prefix_assignments:
# - autonomous: true
# static_prefix: "2001:db8::/32"
# static_appliance_ip6: "2001:db8::1"
# origin:
# type: "independent"
# interfaces:
# - "6"
- vlan_id: 20
name: "VLAN20"
subnet: "192.168.20.0/24"
appliance_ip: "192.168.20.1"
group_policy_name: "BMS" # Maps to group policy ID for BMS policy
dhcp_handling: "Run a DHCP server"
dhcp_lease_time: "1 day"
dhcp_boot_options: false
dhcp_options:
- code: "66"
type: "text"
value: "tftp.example.com"
- code: "67"
type: "text"
value: "bootfile"
reserved_ip_ranges:
- start: "192.168.20.40"
end: "192.168.20.50"
comment: "Reserved for printers"
dns_nameservers: "8.8.8.8"
# vpn_nat_subnet: "192.168.20.0/24"
mandatory_dhcp: true
# - vlan_id: 1234
# name: "My VLAN"
# subnet: "192.168.1.0/24"
# appliance_ip: "192.168.1.1"
# dhcp_handling: "Run a DHCP server"
# dhcp_lease_time: "1 day"
# dhcp_boot_options: false
# dhcp_options:
# - code: "66"
# type: "text"
# value: "tftp.example.com"
# - code: "67"
# type: "text"
# value: "bootfile"
# reserved_ip_ranges:
# - start: "192.168.1.40"
# end: "192.168.1.50"
# comment: "Reserved for printers"
# dns_nameservers: "8.8.8.8"
# # vpn_nat_subnet: "192.168.20.0/24"
# mandatory_dhcp: true