SSID VPN Configuration

Dashboard Location: Wireless > Configure > SSIDs > Access Control > Client IP & VLAN > Tunneled

Wireless SSID VPN and Tunneling Management

SSID VPN configuration in Meraki wireless networks provides administrators with comprehensive virtual private network capabilities, enabling secure tunneled connections, split tunneling management, failover and redundancy mechanisms, and centralized network access control. This functionality supports Layer 3 VPN tunneling, traffic segmentation, secure remote access, policy-based routing, and network isolation requirements. VPN configuration is essential for enterprise wireless security, remote worker support, guest network isolation, compliance with data protection regulations, and maintaining secure connectivity across distributed wireless infrastructure while ensuring proper traffic handling, authentication integration, and network performance optimization.

Diagram

Classes

ssids (meraki.domains.organizations.networks.wireless)

Name	Type	Constraint	Mandatory	Default Value
vpn	Class	`[vpn]`	No

vpn (meraki.domains.organizations.networks.wireless.ssids)

Name	Type	Constraint	Mandatory
concentrator	Class	`[concentrator]`	No
split_tunnel	Class	`[split_tunnel]`	No
failover	Class	`[failover]`	No

concentrator (meraki.domains.organizations.networks.wireless.ssids.vpn)

Name	Type	Constraint	Mandatory	Default Value
network_id	String	min: `1`, max: `127`	No
vlan_id	Any	Integer[min: `1`, max: `4094`] or String[matches: `(?:[1-9]	[1-9][0-9]	[1-9][0-9]2

split_tunnel (meraki.domains.organizations.networks.wireless.ssids.vpn)

Name	Type	Constraint	Mandatory	Default Value
enabled	Boolean	`true`, `false`	No
rules	List	`[rules]`	No

failover (meraki.domains.organizations.networks.wireless.ssids.vpn)

Name	Type	Constraint	Mandatory
request_ip	IP		No
heartbeat_interval	Integer	min: `1`, max: `360`	No
idle_timeout	Integer	min: `1`, max: `360`	No

rules (meraki.domains.organizations.networks.wireless.ssids.vpn.split_tunnel)

Name	Type	Constraint	Mandatory	Default Value
protocol	Choice	`Any`, `TCP`, `UDP`	No
policy	String	min: `1`, max: `127`	Yes
comment	String	min: `1`, max: `127`	No
destination_cidr	String		No
destination_port	Any	Integer[min: `0`, max: `65535`] or String[matches: `(?:[1-9][0-9]3	[1-5][0-9]4	6[0-4][0-9]3

Examples

Example-1: The example below demonstrates SSID VPN configuration.

This configuration enables VPN tunneling for wireless SSID traffic routing. The example includes VPN concentrator settings, tunnel parameters, and traffic routing policies for secure remote access and centralized traffic management.

This wireless configuration sets up the CORP SSID (SSID 0) with a VPN concentrator identified by network ID N_123 and VLAN ID 44. Split tunneling is enabled, allowing all protocols under the rule named “split tunnel rule 1.” Additionally, VPN failover is configured to request the IP address 192.168.10.1, with heartbeat checks every 10 seconds and an idle timeout period of 30 seconds.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          networks:
            - name: !env network_name
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              wireless:
                ssids:
                  - name: CORP
                    ssid_number: "0"
                    vpn:
                      concentrator:
                        network_id: N_123
                        vlan_id: 44
                      split_tunnel:
                        enabled: true
                        rules:
                          - protocol: Any
                            policy: allow
                            comment: split tunnel rule 1
                      failover:
                        request_ip: 192.168.10.1
                        heartbeat_interval: 10
                        idle_timeout: 30