Solved: Guest traffic on Meraki MX versus an ASA

Slider · ‎04-12-2019

How do we handle Guest wireless traffic on Merak MX (MX84)? With ASA you can create a NAT rule that allows you to keep your Guest traffic on a separate WAN IP than your CORP traffic. It looks like this is not a function on the MX yet. What can we do to separate this traffic?

HM

BrechtSchamp · ‎04-12-2019

That's not possible on an MX I'm afraid. As you're not using the second uplink atm... couldn't you connect the second port to the same provider device with the second IP address?

View solution in original post

BrechtSchamp · ‎04-12-2019

I assume your guest traffic is on a separate VLAN and subnet. With flow preferences you can specify which uplink their traffic needs to take:

Slider · ‎04-12-2019

Thanks for the reply,

There is only 1 uplink with multiple available IP addresses. Let's say that x.x.x.1/29 is the IP for CORP traffic, I want x.x.x.2/29 to be what we use for Guest traffic. We whitelist the CORP IP on AWS, so I don't want users on Guest network to have the same access as CORP. This is how the ASA is currently configured without issue.

HM

BrechtSchamp · ‎04-12-2019

That's not possible on an MX I'm afraid. As you're not using the second uplink atm... couldn't you connect the second port to the same provider device with the second IP address?

Slider · ‎04-12-2019

Thanks, Yes I should be able to.

HM

Nick · ‎04-12-2019

That would be the best approach if you are able to

Slider · ‎04-12-2019

got it Thanks!

HM