MX Split Tunneling VPN with MR30H/MR33

Solved
JohnGeorge
Here to help

MX Split Tunneling VPN with MR30H/MR33

Crowd sourcing time!

Has anyone done this?

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin...

 

I am thinking that the MR33 (Wall Power) or MR30H PoE (both spokes sites) and sizing the OAC MX (Hub) would be a pretty slick configuration. I just have not seen anyone doing this setup, for all wireless deployments - this would be a great, budget friendly solution.

 

Thanks for your time!

John

1 Accepted Solution
NolanHerring
Kind of a big deal

I'm not personally using it but I tested it with an MR33

Basically if you have any AP with power and it has internet, that is all that is really required at the 'spoke' end. You just need an MX and a subnet with DHCP behind it for clients at the other side (although NAT mode isn't supposed to work but I tested it and it did so might be worth testing, makes it easier for sure vs passthrough mode).
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

5 Replies 5
NolanHerring
Kind of a big deal

If your asking if it works, it does. 😃
Nolan Herring | nolanwifi.com
TwitterLinkedIn
JohnGeorge
Here to help

Sweet!

Can you tell me what hardware you're using at the spoke sites?

I really this this would make an awesome setup for a remote (wireless) site.

Are there any gotchas with this?

 

If this works, this would make for a very light roll out to support micro/small wireless deployments.

 

NolanHerring
Kind of a big deal

I'm not personally using it but I tested it with an MR33

Basically if you have any AP with power and it has internet, that is all that is really required at the 'spoke' end. You just need an MX and a subnet with DHCP behind it for clients at the other side (although NAT mode isn't supposed to work but I tested it and it did so might be worth testing, makes it easier for sure vs passthrough mode).
Nolan Herring | nolanwifi.com
TwitterLinkedIn
JohnGeorge
Here to help

Thank you for your test setup.
In these odd times of WFH, this may be an easier setup than a full blown MX,MS,MR.
The Z series and W series don't support the radius attributes for Vlan assignment, which stinks.
DarrenOC
Kind of a big deal
Kind of a big deal

We have a number of customers using this setup.  MX100’s as the concentrator and a mixed bag of AP’s deployed at various employees houses (MR33’s, 42’s).

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Get notified when there are additional replies to this discussion.