VLAN Configuration

Dashboard Location: Security and SD-WAN > Configure > Addressing & VLANs > VLANs

VLAN Management

VLAN configuration in Meraki appliances provides comprehensive network segmentation capabilities including subnet management, DHCP services, IPv6 support, and advanced networking features. This functionality enables organizations to create secure network boundaries, implement traffic isolation policies, and support complex network architectures while maintaining centralized management and visibility. VLAN configuration is essential for enterprise deployments requiring network segmentation, security isolation, and scalable network design.

Diagram

Classes

appliance (meraki.domains.organizations.networks)

Name	Type	Constraint	Mandatory	Default Value
vlans	List	`[vlans]`	No

vlans (meraki.domains.organizations.networks.appliance)

Name	Type	Constraint	Mandatory	Default Value
name	String	min: `1`, max: `127`	No
subnet	String	Regex: `^((25[0-5]\|2[0-4][0-9]\|1[0-9]{2}\|[1-9]?[0-9])\.){3}(25[0-5]\|2[0-4][0-9]\|1[0-9]{2}\|[1-9]?[0-9])\/([1-9]\|[12][0-9]\|3[0-2])$`	No
appliance_ip	IP		No
template_vlan_type	Choice	`same`, `unique`	No
cidr	String	Regex: `^(?i:any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any\|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$`	No
mask	Integer	min: `0`, max: `32`	No
ipv6	Class	`[ipv6]`	No
dhcp_handling	Choice	`Do not respond to DHCP requests`, `Relay DHCP to another server`, `Run a DHCP server`	No
dhcp_lease_time	Choice	`1 day`, `1 hour`, `1 week`, `12 hours`, `30 minutes`, `4 hours`	No
mandatory_dhcp	Boolean	`true`, `false`	No
dhcp_options	List	`[dhcp_options]`	No
dhcp_boot_options	Boolean	`true`, `false`	No
group_policy_name	String	min: `1`, max: `127`	No
vlan_id	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2
vpn_nat_subnet	String	Regex: `^((25[0-5]\|2[0-4][0-9]\|1[0-9]{2}\|[1-9]?[0-9])\.){3}(25[0-5]\|2[0-4][0-9]\|1[0-9]{2}\|[1-9]?[0-9])\/([1-9]\|[12][0-9]\|3[0-2])$`	No
dhcp_relay_server_ips	List	IP	No
dhcp_boot_next_server	IP		No
dhcp_boot_filename	String	min: `1`, max: `127`	No
fixed_ip_assignments	Class	`[fixed_ip_assignments]`	No
reserved_ip_ranges	List	`[reserved_ip_ranges]`	No
dns_nameservers	String	Regex: `^(upstream_dns\|google_dns\|opendns\|custom)$`	No

ipv6 (meraki.domains.organizations.networks.appliance.vlans)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	No
prefix_assignments	List	`[prefix_assignments]`	No

dhcp_options (meraki.domains.organizations.networks.appliance.vlans)

Name	Type	Constraint	Mandatory
code	String	Regex: `^([2-9]\|1[0-9][0-9]?\|2[0-9]\|2[0-5][0-4]\|[3-9][0-9])$`	Yes
type	Choice	`hex`, `integer`, `ip`, `text`	Yes
value	String	min: `1`, max: `127`	Yes

fixed_ip_assignments (meraki.domains.organizations.networks.appliance.vlans)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		No
name	String	min: `1`, max: `127`	No

reserved_ip_ranges (meraki.domains.organizations.networks.appliance.vlans)

Name	Type	Constraint	Mandatory
start	IP		Yes
end	IP		Yes
comment	String	min: `1`, max: `127`	Yes

prefix_assignments (meraki.domains.organizations.networks.appliance.vlans.ipv6)

Name	Type	Constraint	Mandatory
autonomous	Boolean	`true`, `false`	No
static_prefix	IP		No
static_appliance_ip6	IP		No
origin	Class	`[origin]`	No

origin (meraki.domains.organizations.networks.appliance.vlans.ipv6.prefix_assignments)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`independent`, `internet`	Yes
interfaces	List	String[min: `1`, max: `10`]	No

Examples

Example-1: The example below demonstrates VLANs configuration.

This configuration creates and manages Virtual Local Area Networks (VLANs) to segment network traffic, provide organized IP allocation, and enable DHCP services. The example includes VLAN definitions, subnet assignments, DHCP settings, reserved IP ranges, DHCP options, and DNS configuration for structured network management.

VLAN 10 – “VLAN10”: Subnet: 192.168.10.0/24 with appliance IP 192.168.10.1 as the default gateway. DHCP is enabled with lease time 1 day and mandatory DHCP to prevent static IP assignment. DHCP boot options include PXE boot support (codes 66/67) pointing to tftp.example.com and bootfile. Reserved IP range 192.168.10.40–50 is set aside for printers. DNS is set to Google DNS (8.8.8.8). Optional DHCP relay server is defined as 192.168.10.254.

VLAN 20 – “VLAN20”: Subnet: 192.168.20.0/24 with appliance IP 192.168.20.1. DHCP enabled with lease time 1 day and mandatory DHCP enforcement. DHCP boot options configured identically to VLAN 10 for PXE boot support. Reserved IP range 192.168.20.40–50 for printers. DNS also uses Google DNS (8.8.8.8). This configuration ensures centralized IP management, prevents unauthorized static IP usage, supports PXE boot for devices requiring network boot, and separates traffic into distinct VLANs for better organization, security, and network efficiency.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              appliance:
                # single_lan:
                #   subnet: "192.168.1.0/24"
                #   appliance_ip: "192.168.1.1"
                #   # ipv6:
                #   #   enabled: true
                #   #   prefix_assignments:
                #   #     - autonomous: true
                #   #       static_prefix: "2001:db8::/32"
                #   #       static_appliance_ip6: "2001:db8::1"
                #   mandatory_dhcp: true
                vlans:
                  # - vlan_id: 1
                  #   name: "Default"
                  #   subnet: "192.168.128.0/24"
                  #   appliance_ip: "192.168.128.1"
                  - vlan_id: 10
                    name: "VLAN10"
                    subnet: "192.168.10.0/24"
                    appliance_ip: "192.168.10.1"
                    group_policy_name: "CORP"  # Maps to group policy ID for CORP policy
                    dhcp_handling: "Run a DHCP server"
                    dhcp_lease_time: "1 day"
                    dhcp_boot_options: false
                    dhcp_options:
                      - code: "66"
                        type: "text"
                        value: "tftp.example.com"
                      - code: "67"
                        type: "text"
                        value: "bootfile"
                    reserved_ip_ranges:
                      - start: "192.168.10.40"
                        end: "192.168.10.50"
                        comment: "Reserved for printers"
                    dns_nameservers: "8.8.8.8"
                    # vpn_nat_subnet: "192.168.10.0/24"
                    mandatory_dhcp: true
                    # ipv6:
                    #   enabled: true
                    #   prefix_assignments:
                    #     - autonomous: true
                    #       static_prefix: "2001:db8::/32"
                    #       static_appliance_ip6: "2001:db8::1"
                    #       origin:
                    #         type: "independent"
                    #         interfaces:
                    #           - "6"
                  - vlan_id: 20
                    name: "VLAN20"
                    subnet: "192.168.20.0/24"
                    appliance_ip: "192.168.20.1"
                    group_policy_name: "BMS"  # Maps to group policy ID for BMS policy
                    dhcp_handling: "Run a DHCP server"
                    dhcp_lease_time: "1 day"
                    dhcp_boot_options: false
                    dhcp_options:
                      - code: "66"
                        type: "text"
                        value: "tftp.example.com"
                      - code: "67"
                        type: "text"
                        value: "bootfile"
                    reserved_ip_ranges:
                      - start: "192.168.20.40"
                        end: "192.168.20.50"
                        comment: "Reserved for printers"
                    dns_nameservers: "8.8.8.8"
                    # vpn_nat_subnet: "192.168.20.0/24"
                    mandatory_dhcp: true
                # - vlan_id: 1234
                #   name: "My VLAN"
                #   subnet: "192.168.1.0/24"
                #   appliance_ip: "192.168.1.1"
                #   dhcp_handling: "Run a DHCP server"
                #   dhcp_lease_time: "1 day"
                #   dhcp_boot_options: false
                #   dhcp_options:
                #     - code: "66"
                #       type: "text"
                #       value: "tftp.example.com"
                #     - code: "67"
                #       type: "text"
                #       value: "bootfile"
                #   reserved_ip_ranges:
                #     - start: "192.168.1.40"
                #       end: "192.168.1.50"
                #       comment: "Reserved for printers"
                #   dns_nameservers: "8.8.8.8"
                #   # vpn_nat_subnet: "192.168.20.0/24"
                #   mandatory_dhcp: true