When we introduced Layer 3 Essentials for the Meraki MS320 and MS420 switches, we promised to continue development of features that enhance manageability and security for our customers—and today, we’re here to deliver.
Our latest MS switch update will provide IPv4 Access Control List (ACL) capabilities on all of our MS switches—that means layer 2 and layer 3 families. IP traffic between hosts on separate VLANs, traffic from LAN clients to the Internet, and traffic between LAN clients can now be filtered and controlled from within the switch itself, without needing a separate firewall. For example, at the switch level you can now:
Prevent hosts on one network subnet from communicating with hosts on another subnet
Restrict clients on a guest VLAN from accessing any internal resources
Disallow Web access for specific hosts
Ensure internal servers only reply to requests using authorized protocols and ports
Block undesired protocols (e.g. ICMP) and services to reduce unnecessary network overhead
The interface for switch ACLs will be familiar to our MR access point or MX security appliance customers: simply navigate to Configure > IPv4 ACLs and begin filtering based on criteria such as protocol, source and destination IP address, and port number. Note: you can filter by IP subnet (e.g. 192.168.1.0/24) and give port ranges (e.g. 80-88) in these dashboard fields.
ACLs are a critical tool for enforcing security, and give customers using the Meraki MS greater control over traffic at the switch level. We’ll be announcing additional features coming to a switch near you in the upcoming days—so stay tuned!