Skip to content

SSID VPN Configuration

Dashboard Location: Wireless > Configure > SSIDs > Access Control > Client IP & VLAN > Tunneled

Wireless SSID VPN and Tunneling Management

Section titled “Wireless SSID VPN and Tunneling Management”

SSID VPN configuration in Meraki wireless networks provides administrators with comprehensive virtual private network capabilities, enabling secure tunneled connections, split tunneling management, failover and redundancy mechanisms, and centralized network access control. This functionality supports Layer 3 VPN tunneling, traffic segmentation, secure remote access, policy-based routing, and network isolation requirements. VPN configuration is essential for enterprise wireless security, remote worker support, guest network isolation, compliance with data protection regulations, and maintaining secure connectivity across distributed wireless infrastructure while ensuring proper traffic handling, authentication integration, and network performance optimization.

Diagram

ssids (meraki.domains.organizations.networks.wireless)

Section titled “ssids (meraki.domains.organizations.networks.wireless)”
NameTypeConstraintMandatoryDefault Value
vpnClass[vpn]No

vpn (meraki.domains.organizations.networks.wireless.ssids)

Section titled “vpn (meraki.domains.organizations.networks.wireless.ssids)”
NameTypeConstraintMandatoryDefault Value
concentratorClass[concentrator]No
split_tunnelClass[split_tunnel]No
failoverClass[failover]No

concentrator (meraki.domains.organizations.networks.wireless.ssids.vpn)

Section titled “concentrator (meraki.domains.organizations.networks.wireless.ssids.vpn)”
NameTypeConstraintMandatoryDefault Value
network_idStringmin: 1, max: 127No
vlan_idAnyInteger[min: 1, max: 4094] or String[matches: `(?:[1-9][1-9][0-9][1-9][0-9]2

split_tunnel (meraki.domains.organizations.networks.wireless.ssids.vpn)

Section titled “split_tunnel (meraki.domains.organizations.networks.wireless.ssids.vpn)”
NameTypeConstraintMandatoryDefault Value
enabledBooleantrue, falseNo
rulesList[rules]No

failover (meraki.domains.organizations.networks.wireless.ssids.vpn)

Section titled “failover (meraki.domains.organizations.networks.wireless.ssids.vpn)”
NameTypeConstraintMandatoryDefault Value
request_ipIPNo
heartbeat_intervalIntegermin: 1, max: 360No
idle_timeoutIntegermin: 1, max: 360No

rules (meraki.domains.organizations.networks.wireless.ssids.vpn.split_tunnel)

Section titled “rules (meraki.domains.organizations.networks.wireless.ssids.vpn.split_tunnel)”
NameTypeConstraintMandatoryDefault Value
protocolChoiceAny, TCP, UDPNo
policyStringmin: 1, max: 127Yes
commentStringmin: 1, max: 127No
destination_cidrStringNo
destination_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3

Example-1: The example below demonstrates wireless SSID VPN configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: "!env domain"
administrator:
name: "!env org_admin"
organizations:
- name: "!env org"
networks:
- name: "!env network_name"
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
wireless:
ssids:
- name: CORP
ssid_number: "0"
vpn:
concentrator:
network_id: N_123
vlan_id: 44
split_tunnel:
enabled: true
rules:
- protocol: Any
policy: allow
comment: split tunnel rule 1
failover:
request_ip: 192.168.10.1
heartbeat_interval: 10
idle_timeout: 30