Use another external IP for guest user MX64/65 and MR33?

pwb
Here to help

Use another external IP for guest user MX64/65 and MR33?

Hi, is it possible to let guest users connected to MR33 to use another external IP address. I have a /27 external (WAN) net. I have done it on other firewalls using snat, but i cant find snat on the MX64 og MX65, its the latest firmware.

7 REPLIES 7
AjitKumar
Head in the Cloud

Hi

 

I understand you have similar requirement. 

Pls check the following communication.

 

https://community.meraki.com/t5/Wireless-LAN/Having-different-Public-IP-addresses-for-Main-amp-Guest...

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
SoCalRacer
Kind of a big deal

My recommendation would be connect a second WAN to the MX, then setup a flow preference to route guest VLAN traffic out that WAN2 connection with a different public IP.

kYutobi
Kind of a big deal

To add to what @SoCalRacer explained just login local status page and enable WAN2 on MX port. 

 


@SoCalRacer wrote:

My recommendation would be connect a second WAN to the MX, then setup a flow preference to route guest VLAN traffic out that WAN2 connection with a different public IP.


 

Enthusiast

here's a pic of how we have our flow preferences setup.

 

SD-WAN & traffic shaping / 

 

Global Preferences / Primary Uplink WAN1

 

Flow Preferences / add the VLAN Subnet(s) (attached to SSIDs) =Preferred uplink WAN2

 

0-SD-WAN & traffic shaping - Meraki Dashboard.png

okey, but since local lan is 10.10.10.0 /24 and wireless guest with Meraki DHCP is on 10.0.0.0 /8 then i should make 10.0.0.0 /8 as primary uplink and use flow preference on 10.10.10.0 /24? Will that work? Is there any way to setup geust wireless to use anything else than 10.0.0.0 /8

pwb-

Do you have 2 separate WAN connections.. or are you trying to use 1 WAN with a block of public IP's? 

Here's how I'm doing it.. with 2 WANs

 

 

0-SD-WAN & traffic shaping - Meraki Dashboard.png001-Addressing_VLANs_Meraki_Dashboard.jpg 

Keep in mind that the flow preferences are just that: preferences. In case of issues with one of the WAN links it will still failover to the other.

 

Imo there's no way to do this, at least not with the default features available in dashboard. Unfortunately 1-1 NAT also doesn't help as source IP for outgoing traffic is still NATed to the MX IP. If I were you I'd reach out to Meraki helpdesk to see if any hidden feature could be enabled. If not, definitely make a wish.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels