Guest traffic on Meraki MX versus an ASA

SOLVED
Slider
Getting noticed

Guest traffic on Meraki MX versus an ASA

How do we handle Guest wireless traffic on Merak MX (MX84)? With ASA you can create a NAT rule that allows you to keep your Guest traffic on a separate WAN IP than your CORP traffic. It looks like this is not a function on the MX yet. What can we do to separate this traffic?

HM
1 ACCEPTED SOLUTION
BrechtSchamp
Kind of a big deal

That's not possible on an MX I'm afraid. As you're not using the second uplink atm... couldn't you connect the second port to the same provider device with the second IP address?

View solution in original post

6 REPLIES 6
BrechtSchamp
Kind of a big deal

I assume your guest traffic is on a separate VLAN and subnet. With flow preferences you can specify which uplink their traffic needs to take:

Screen_Shot_2016-07-26_at_5.10.05_PM

Thanks for the reply,

 

There is only 1 uplink with multiple available IP addresses. Let's say that x.x.x.1/29 is the IP for CORP traffic, I want x.x.x.2/29 to be what we use for Guest traffic. We whitelist the CORP IP on AWS, so I don't want users on Guest network to have the same access as CORP. This is how the ASA is currently configured without issue.

HM
BrechtSchamp
Kind of a big deal

That's not possible on an MX I'm afraid. As you're not using the second uplink atm... couldn't you connect the second port to the same provider device with the second IP address?

View solution in original post

Thanks, Yes I should be able to.

HM
Nick
Head in the Cloud

That would be the best approach if you are able to
Slider
Getting noticed

got it Thanks! 

HM
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels