Cisco APs running guest wireless via an MX

cocacond
Here to help

Cisco APs running guest wireless via an MX

We are working on an issue where we are replacing cisco ISR 43xx routers with Meraki MX series devices.  We are losing our guest wifi access via our Cisco APs.  In the old iWAN config we are creating a 192.168.x.x subnet for guest wifi and using nat to go back across a GRE tunnel to the corporate office where the guest wifi is off loaded.  We are working on getting our networks to all meraki but do not have to ability to move everything all at once.  So i am wondering if anyone else has seen an issue like this and has some ideas.  We have been working with Cisco and Meraki with no real luck.  

3 REPLIES 3
CptnCrnch
Kind of a big deal
Kind of a big deal

That‘s very little background for a rather Open question sir... 😉

 

Your setup may be completely clear to you, but to be honest, I wouldn‘t even have an idea about an answer to that.

Bruce
Kind of a big deal

I’m taking a stab in the dark here, but are you dropping guest Wifi onto the local LAN and then via a NAT on the ISR putting it into a GRE tunnel that then drops out into a DMZ or similar at a head-end?

 

If this is the case then you’ll most likely have to look at rearchitecting the wireless guest network, rather than solving it in the way you currently do. Are you using Wireless Controllers? Are they centralised? Can you use Local Mode on the controllers for guest? Can you add a guest anchor for the guest traffic? Do you even need the guest traffic to be backhauled across the WAN?

PhilipDAth
Kind of a big deal
Kind of a big deal

Put on MX in the corporate office and run it in VPN concentrator mode.  Then connect the SSID to the VPN concentrator.

Will work very similar.

 

This gives you 75% of the info you need.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin... 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels