I'm just curious to know if Meraki switches or security appliances would be a good choice for a small ISP style setup?
In this scenario you take in a large pipe from a wholesaler with a stack of public IP addresses and separately distribute them to each tenant in your property. Each tenant gets a public IP address that is delivered to it via DHCP in an isolated VLAN.
Furthermore you would need to do customised speeds per client, e.g. 20/20 , 50/50 , 100/100 etc. I note that the MS L3 switches could probably do this apart from the bandwidth management. And the MX's would do the bandwidth but probably not deal with the public IPs in and out so well.
We work with a small ISP who provides this exact setup but they use Juniper switches and MicroTrik routers connected via radio links etc.
It wouldn't be my first choice ...
But you should be able to do this using the NO-NAT option in the MX in the 15.x code. Then create a VLAN per port, and assign a group policy to that VLAN.
Another option is to have a single VLAN, and use NO-NAT mode again, but put the entire public IPv4 subnet in that one VLAN.
Then make the clients use their own CPE. These CPE will show up individually as clients. Assign a group policy to each one with the appropriate traffic shapping.
I would probably make the default policy be something horrible like 64Kb/s, so a client can get plugged in, and then you assign the policy after that.
Generally speaking, when I hear people talking about small ISPs, I hear Mikrotik, FiberStore whitebox switches, and Juniper. Mikrotik especially in the wireless ISP market.
I really think you should explore the standard technology stack in use by your competitors, rather than going for Meraki. There's a reason they've got a pretty standard stack. It's because it works, and it works real well.
If you want to act like a small ISP, I'd recommend getting in touch with one of the consulting firms that specialize in that space. They'll be experts in the appropriate technology and able to help you create a solid design.
I did something similar to this with a customer. I used one VLAN per suite, and gave each suite a /29 private subnet behind an MX. If the tenant required a public IP for inbound traffic then we'll create a DHCP reservation for the tenant router, and map a 1:1 NAT from a public IP to the reservation IP.
Thanks for the reply.
How many IPs did you pass through? Were the /29 subnets on the inside private or public IPs?