Meraki Community

Slider · ‎Apr 12 2019

How do we handle Guest wireless traffic on Merak MX (MX84)? With ASA you can create a NAT rule that allows you to keep your Guest traffic on a separate WAN IP than your CORP traffic. It looks like this is not a function on the MX yet. What can we do to separate this traffic?

HM

BrechtSchamp · ‎Apr 12 2019

That's not possible on an MX I'm afraid. As you're not using the second uplink atm... couldn't you connect the second port to the same provider device with the second IP address?

View solution in original post

BrechtSchamp · ‎Apr 12 2019

I assume your guest traffic is on a separate VLAN and subnet. With flow preferences you can specify which uplink their traffic needs to take:

Slider · ‎Apr 12 2019

Thanks for the reply,

There is only 1 uplink with multiple available IP addresses. Let's say that x.x.x.1/29 is the IP for CORP traffic, I want x.x.x.2/29 to be what we use for Guest traffic. We whitelist the CORP IP on AWS, so I don't want users on Guest network to have the same access as CORP. This is how the ASA is currently configured without issue.

HM

BrechtSchamp · ‎Apr 12 2019

That's not possible on an MX I'm afraid. As you're not using the second uplink atm... couldn't you connect the second port to the same provider device with the second IP address?

Slider · ‎Apr 12 2019

Thanks, Yes I should be able to.

HM

Nick · ‎Apr 12 2019

That would be the best approach if you are able to

Slider · ‎Apr 12 2019

got it Thanks!

HM

Meraki Community

Guest traffic on Meraki MX versus an ASA

Guest traffic on Meraki MX versus an ASA