How to make MR AP's invisible to MX reporting?

Chris_Watkins
Here to help

How to make MR AP's invisible to MX reporting?

We have a MX67 that shows our access points as being the end users of data.
For example, if Billy uses his iphone to browse youtube, while connected to a MR33 AP:
The clients page in the MX shows that the MR33 was the device that used the bandwith, instead of Billy's iphone.
Is there a way to change setup so the switches & AP's are invisible to the reporting of data usage?


6 REPLIES 6
ww
Kind of a big deal
Kind of a big deal

Is this a combined network or seperate  wifi /mx network?

 

Your ssid is on nat or bridge mode?

Chris_Watkins
Here to help

It is a separate network, as the MX is provided & supported by our ISP, although I do have full control of it.

The AP's are in NAT mode, although they have static IP's assigned within the Client network range.
which - now that I've looked at the settings seems to be contradictory to what the NAT intention is.
It seems static IP's have made the AP's function as Bridge mode. ??
I'm taking over several previous setups so trying to figure out the best course of action

Might not be feasible if your admin rights split visibility between you and your ISP for the network. But, combining the networks would resolve this issue.

ww
Kind of a big deal
Kind of a big deal

In nat mode all clients are hidden behind the MR ip. So there is no way for the mx network to know the clients.  

 

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Modes_for_Client_IP_Assignme...

Chris_Watkins
Here to help

My previous statement of the AP's being in NAT mode wasn't entirely correct.  We have 3 SSID's.  2 are Bridge & 1 is NAT. The guest ssid was set to NAT as an attempt to give guest's internet only and no LAN access. 
So I've changed to Bridge and enabled LAN isolation on this guest ssid.
If this sounds like an incorrect move, feel free to correct me.

You should also set the L3 firewall policy to deny Local LAN. Otherwise the guests could route to the other subnets.

 

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.