Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Introduction and Challenge with Meraki MX using Cisco 5508 Local Controller for Guest WI-FI

NetworkCarbonat
Conversationalist
‎Dec 23 2020 8:39 AM
‎Dec 23 2020 8:39 AM

Introduction and Challenge with Meraki MX using Cisco 5508 Local Controller for Guest WI-FI

Our organization has been in the process of implementing Meraki MX, MR, and MS platforms to our Enterprise remote locations for the past year and a half and has been a very positive experience. Meraki delivers, hands down, in an environment where we can manage our networks more efficiently as we wear a lot of different hats. Hello everyone. 

 

One of the challenges I'm facing is a hybrid integration of an MX firewall (SDWAN) and Guest WI-FI using a Cisco 5508 local controller via ISE splash page. I realize the best solution is to replace each site with all Meraki, however budgeting and immediate needs has set the direction.

 

Used to be:   iWan ISR4430 > Cisco 3850 switch  > 5508 controller > 3702 AP > Guest SSID > ISE Guest Platform

(the ISR 4430 handled the NAT's and firewalling to ISE for the Guest VLAN)

 

Now is: MX100 firewall > MS250 switch >  5508 controller > 3702 AP > Guest SSID > ISE Guest Platform

(ISE is not responding back)

 

Our Goal: is to standardize the same 192.168.X.X subnet for Guest traffic at all locations, but we're missing something whether it's NAT or if we need to now involve rules for the Enterprise Cisco firewalls. or maybe a Wireless Concentrator? Our ISE for Guest is not accessible publicly. 

 

I'm looking for others who have a similar scenario they've faced, thank you.

 

 

0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 23 2020 10:35 AM
‎Dec 23 2020 10:35 AM

Are you using AutoVPN?

Are you using Internet tails or a private xPLS style service?

 

Any reason you can't just tunnel the guest SSID back to the WLC rather than using FlexConnect?

0 Kudos
In response to PhilipDAth
Aaron_Wilson
A model citizen
‎Dec 23 2020 11:51 AM
‎Dec 23 2020 11:51 AM

Yea, same question as Philip.

 

We have Cisco APs, local/centralized controllers, but guess SSID tunnels back to guest wlc in a dmz. Works fine and it doesnt matter if it's a MPLS site or a Meraki based site, centralized wlc or flexconnect. Guest SSID is all fine and dandy.

 

We did have one little issue at one site, but it was a mtu issue when we tried to use a GRE tunnel over the Meraki connection - haven't messed with gre since. Otherwise, zero issues.

0 Kudos
NetworkCarbonat
Conversationalist
‎Mar 11 2021 7:52 AM
‎Mar 11 2021 7:52 AM

Thank you gentlemen for your replies and sorry I slept on this so long. The issue is resolved. On my MX 100, I went into 'Security & SDWAN'  > 'Access Control' > 'Network Access' and set the Guest VLAN to None. Access Control was not necessary as the WLC was already sending the access/splash requests to ISE.  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.