History for "Private Auto‑Routing VLANs for Enterprise Customers (Meraki + Proximity Integration)"
-
Updated by Alex Neil, Apr 16, 2025 at 12:52pm
Offering private, auto-routing VLANs to enterprise customers can greatly enhance network security and enable premium bandwidth services in your coworking space. By leveraging Cisco Meraki’s networking capabilities and the Proximity workspace platform, you can isolate each enterprise on its own virtual network (VLAN) and control their internet speed via group policies. This guide provides detailed step-by-step instructions for configuring Meraki and Proximity to set up private VLANs with auto-routing, assigning VLAN and bandwidth settings to group policies, and integrating those policies with Proximity memberships and user groups. Throughout, we include screenshots and real-world examples to help technical but non-expert users follow along.
Introduction and Overview
Enterprise teams often require their own secure network segment within a shared workspace. Using VLANs (Virtual Local Area Networks) on Meraki equipment allows you to segregate network traffic so each company’s devices are isolated from others, while auto-routing ensures all VLANs still have access to the internet. In the Meraki + Proximity integration, Proximity uses Meraki Group Policies to automatically assign the correct VLAN and bandwidth limits to each user’s device when they log in.
Proximity’s captive portal system checks a member’s plan, and if their membership (or workplace user group) includes a private network or enhanced speed, the platform will assign that device a specific Meraki group policy with the appropriate VLAN tag and traffic shaping rules. From then on, the device has the network access defined by that policy – for example, being on a private VLAN with higher speed. If the membership expires or is canceled, the Proximity platform automatically revokes the policy (removing internet access) for that device. This seamless process means enterprise customers get the right network isolation and speed without manual intervention each time.
Prerequisites
Before proceeding, ensure you have the basic Meraki-Proximity integration in place:
- Internet Access Integrations with the Proximity Platform
- Meraki Information
- Create and Manage User Groups
- Creating and Managing Membership Types
Ensure the following:
- Meraki hardware & license (Enterprise) set to Routed mode.
- Member SSID is in bridge mode with external splash page pointing to Proximity.
- Meraki API key is integrated and active in Proximity.
- Enterprise membership or user group is created and identified.
Step 1: Create Private VLANs on the Meraki Network
- Navigate to Security & SD-WAN > Configure > Addressing & VLANs.
- Enable VLANs if not already enabled.
- Click Add VLAN, enter a name, VLAN ID, subnet (e.g., 192.168.20.0/24), and interface IP (e.g., 192.168.20.1).
- Ensure DHCP is enabled for the VLAN or is configured externally.
- Save the VLAN.
- Configure switch ports as Trunk or Access as appropriate for the VLAN.
- Add Layer 3 firewall rules to isolate this VLAN from other local subnets.
Step 2: Create Meraki Group Policies for VLAN and Bandwidth Control
- Go to Network-wide > Configure > Group policies.
- Click Add a group, name it (e.g., “Enterprise1 – VLAN 20”).
- Set VLAN override to use custom VLAN ID (e.g., 20)
Configure bandwidth settings: - Unlimited for premium clients.
- Custom limit for standard users (e.g., 5 Mbps).
- Set splash page behavior to Bypass.
- (Optional) Add firewall rules to prevent inter-VLAN traffic.
- Save the policy.
Step 3: Assign Group Policies to Memberships and User Groups in Proximity
Coworking Memberships
- Navigate to Manage Members > Memberships.
- Create/edit a membership type.
- Enable Internet Access.
- Select the Meraki Group Policy created.
- Save.
Workplace User Groups
- Navigate to Manage Users > User Groups.
- Create/edit a group, define as External.
- Assign the appropriate Meraki Group Policy.
- Save.
Step 4: How Proximity Enforces VLAN & Bandwidth via Group Policies
- Member logs into the Wi-Fi portal.
- Proximity verifies the user and assigns the correct Meraki group policy.
- Device receives VLAN tag and speed limits.
- Device has internet access with policy settings.
- Membership changes trigger automatic policy revocation.
- Devices can be pre-added by admins to auto-assign policy.
Step 5: Use Cases, Security Benefits, and Monetization Opportunities
- Network Isolation: Prevents communication between enterprise clients.
- Performance Management: Guaranteed or throttled speeds per policy.
- Premium Offerings: Sell enhanced internet tiers or private networks.
- Frictionless Onboarding: Login once, device is remembered.
- Optional SSID Creation: For large tenants or temporary events.
- Compliance-Friendly: VLAN isolation can support HIPAA, SOC2, etc.
Summary
By integrating Meraki VLANs and Proximity group policies, you can deliver secure, scalable, and revenue-generating network access. Enterprise members enjoy private, fast internet; operators maintain control and flexibility.
Key resources:
- Internet Access Integrations with the Proximity Platform
- Meraki Information
- Create and Manage User Groups
- Creating and Managing Membership Types
Use this setup to power premium experiences and grow your enterprise offerings with minimal IT overhead.
A Friendly Note from
ProximityProximityWe created this guide to offer general tips and information. Since every network setup is unique, following these suggestions doesn't automatically guarantee compatibility or that everything will work perfectly with your specific system – networks can differ quite a bit! If you feel unsure or uncomfortable trying any of these steps, asking an experienced IT professional for help is always a good idea. Also, just so you know, technical support is included with active Meraki hardware licenses.
-
Updated by Alex Neil, Apr 16, 2025 at 12:51pm
Offering private, auto-routing VLANs to enterprise customers can greatly enhance network security and enable premium bandwidth services in your coworking space. By leveraging Cisco Meraki’s networking capabilities and the Proximity workspace platform, you can isolate each enterprise on its own virtual network (VLAN) and control their internet speed via group policies. This guide provides detailed step-by-step instructions for configuring Meraki and Proximity to set up private VLANs with auto-routing, assigning VLAN and bandwidth settings to group policies, and integrating those policies with Proximity memberships and user groups. Throughout, we include screenshots and real-world examples to help technical but non-expert users follow along.
Introduction and Overview
Enterprise teams often require their own secure network segment within a shared workspace. Using VLANs (Virtual Local Area Networks) on Meraki equipment allows you to segregate network traffic so each company’s devices are isolated from others, while auto-routing ensures all VLANs still have access to the internet. In the Meraki + Proximity integration, Proximity uses Meraki Group Policies to automatically assign the correct VLAN and bandwidth limits to each user’s device when they log in.
Proximity’s captive portal system checks a member’s plan, and if their membership (or workplace user group) includes a private network or enhanced speed, the platform will assign that device a specific Meraki group policy with the appropriate VLAN tag and traffic shaping rules. From then on, the device has the network access defined by that policy – for example, being on a private VLAN with higher speed. If the membership expires or is canceled, the Proximity platform automatically revokes the policy (removing internet access) for that device. This seamless process means enterprise customers get the right network isolation and speed without manual intervention each time.
Prerequisites
Before proceeding, ensure you have the basic Meraki-Proximity integration in place:
- Internet Access Integrations with the Proximity Platform
- Meraki Information
- Create and Manage User Groups
- Creating and Managing Membership Types
Ensure the following:
- Meraki hardware & license (Enterprise) set to Routed mode.
- Member SSID is in bridge mode with external splash page pointing to Proximity.
- Meraki API key is integrated and active in Proximity.
- Enterprise membership or user group is created and identified.
Step 1: Create Private VLANs on the Meraki Network
- Navigate to Security & SD-WAN > Configure > Addressing & VLANs.
- Enable VLANs if not already enabled.
- Click Add VLAN, enter a name, VLAN ID, subnet (e.g., 192.168.20.0/24), and interface IP (e.g., 192.168.20.1).
- Ensure DHCP is enabled for the VLAN or is configured externally.
- Save the VLAN.
- Configure switch ports as Trunk or Access as appropriate for the VLAN.
- Add Layer 3 firewall rules to isolate this VLAN from other local subnets.
Step 2: Create Meraki Group Policies for VLAN and Bandwidth Control
- Go to Network-wide > Configure > Group policies.
- Click Add a group, name it (e.g., “Enterprise1 – VLAN 20”).
- Set VLAN override to use custom VLAN ID (e.g., 20)
Configure bandwidth settings: - Unlimited for premium clients.
- Custom limit for standard users (e.g., 5 Mbps).
- Set splash page behavior to Bypass.
- (Optional) Add firewall rules to prevent inter-VLAN traffic.
- Save the policy.
Step 3: Assign Group Policies to Memberships and User Groups in Proximity
Coworking Memberships
- Navigate to Manage Members > Memberships.
- Create/edit a membership type.
- Enable Internet Access.
- Select the Meraki Group Policy created.
- Save.
Workplace User Groups
- Navigate to Manage Users > User Groups.
- Create/edit a group, define as External.
- Assign the appropriate Meraki Group Policy.
- Save.
Step 4: How Proximity Enforces VLAN & Bandwidth via Group Policies
- Member logs into the Wi-Fi portal.
- Proximity verifies the user and assigns the correct Meraki group policy.
- Device receives VLAN tag and speed limits.
- Device has internet access with policy settings.
- Membership changes trigger automatic policy revocation.
- Devices can be pre-added by admins to auto-assign policy.
Step 5: Use Cases, Security Benefits, and Monetization Opportunities
- Network Isolation: Prevents communication between enterprise clients.
- Performance Management: Guaranteed or throttled speeds per policy.
- Premium Offerings: Sell enhanced internet tiers or private networks.
- Frictionless Onboarding: Login once, device is remembered.
- Optional SSID Creation: For large tenants or temporary events.
- Compliance-Friendly: VLAN isolation can support HIPAA, SOC2, etc.
Summary
By integrating Meraki VLANs and Proximity group policies, you can deliver secure, scalable, and revenue-generating network access. Enterprise members enjoy private, fast internet; operators maintain control and flexibility.
Key resources:
- Internet Access Integrations with the Proximity Platform
- Meraki Information
- Create and Manage User Groups
- Creating and Managing Membership Types
Use this setup to power premium experiences and grow your enterprise offerings with minimal IT overhead.
A Friendly Note from Proximity
We created this guide to offer general tips and information. Since every network setup is unique, following these suggestions doesn't automatically guarantee compatibility or that everything will work perfectly with your specific system – networks can differ quite a bit! If you feel unsure or uncomfortable trying any of these steps, asking an experienced IT professional for help is always a good idea. Also, just so you know, technical support is included with active Meraki hardware licenses.
-
Created by Josh Freed, Apr 16, 2025 at 11:02am