Meraki Go Security Gateway + 2 Meraki Go Access points - un wanted multiple DHCP servers

speakerfritz
A model citizen

Meraki Go Security Gateway + 2 Meraki Go Access points - un wanted multiple DHCP servers

good day.

 

I got my Meraki Go Security Gateway + 2 Meraki Go Access points setup to work as a meshed wireless network and verified proper functionality.   I can also see end points  split being both access points...so I think its setup correctly.

 

negative feature...

 

.if I setup the access points in bridge mode, I get the wan ip on the AP external interface and I get info that the AP is on  the internet with the recommendation to use NAT.  Although the conditions of my goals match the bridge use.

 

if I setup the access points in NAT mode, I wind up with a second set of DHCP servers (one for each AP) and an new network IP range of 10.X.X.X is created.    when this happens...the security gateway has no end point info at the software console and I have to go down one level into the AP's to see client activity.

 

when it was in bridge mode...all the end points were visible at the firewall console software and details of use by end points was centralized.

 

the default install set everything up for the APs to be in bridge mode...but according t the messages and warnings....NAT mode is preferred.

 

so right now my security gateway external IP is a provided by ISP in the 173.X.X.X range.   my security gateway created a 192.X.X.X network on its internal interface.  My 2 APS have a 192.X.X.X IP on their WAN interface and my 2 APs are providing DHCP in the 10.x.x.x range to my wireless network.

 

so if I enable the 2 APs to be in bridge mode, both AP WAN interfaces show my Security gateway external IP address, and the security gateway provides DHCP to the entire wireless network, DNS is from  the gateway re-direct to openDNS, their is no 10.X.X.X network, and I can see all the end point info at the security gateway.

 

so its not clear to me why 

 

1.  the default setup puts the APs in bridge mode

2.  if I do a manual change from bridge to NAT, the comments for why I should use bridge are all met 100% and the comments as to why I should use NAT are not met 100%.   in other words, based on the comments, I should be using bridge mode.

3.  but, there are some messages while in bridge mode, indicating I should be in NAT mode.  one message relates to the AP WAN interface having the ISP IP address (same as the firewall).

 

while in bridge mode, the APs are behaving as if they have been configured for being on the internet directly.

 

As I type this, I am in NAT mode.

 

I would be interested in any comments / opinions.

 

 

 

 

 

1 Reply 1
speakerfritz
A model citizen

solved

 

if AP's are plugged directly into security gateway, NAT is better

if APs are plugged into a switch which is plugged into security gateyway, the default setup will be bridge mode.

 

so the problem was that the software setup assumed everyone would use a switch between gateway and APs .

 

ordering a meraki go switch so that my setup would be standardized.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.