Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VLAN Config on Singled Armed concetrator for SSID Tunneling

Solved
S_Remella
Conversationalist
‎Nov 6 2019 4:20 AM
‎Nov 6 2019 4:20 AM

VLAN Config on Singled Armed concetrator for SSID Tunneling

Is it possible to configure multiple vlans on one armed VPN concentrator. 

we need a SSID tunneling from MS access point to MX at DC which suppose to allocate a subnet based on SSID. 

5 different SSID's distributed across spoke end sites, when users connected these are to be centrally switched. 

 

As per documentation, AP must connect to MX only on VPN concentrator mode, however in this mode i didnt see options to enable VLANS

0 Kudos
Subscribe
1 Accepted Solution
jdsilva
Kind of a big deal
‎Nov 6 2019 7:46 AM
‎Nov 6 2019 7:46 AM

Hey @S_Remella ,

 

You can do what you're asking, but you do not have to configure SSIDs on the MX. You set this under the SSID, and when traffic exits the tunnel on the MX it will be tagged accordingly. 

 

So you set the SSID to VPN tunnel mode and then below you specify the VLAN tag you wish traffic to be tagged with when it exits the MX. Optionally, you can specif the VLAN via RADIUS attributes in the Access-Accept message. 

 

image.png

You don't need to set anything on the MX at all for this as it's just layer 2 for whichever VLANs you specify in the SSID config. Just make sure that the appropriate VLANs are trunked to the WAN interface of the MX and it should work. 

http://blog.brokennetwork.ca | @jdsilva

View solution in original post

Subscribe
3 Replies 3
jdsilva
Kind of a big deal
‎Nov 6 2019 7:46 AM
‎Nov 6 2019 7:46 AM

Hey @S_Remella ,

 

You can do what you're asking, but you do not have to configure SSIDs on the MX. You set this under the SSID, and when traffic exits the tunnel on the MX it will be tagged accordingly. 

 

So you set the SSID to VPN tunnel mode and then below you specify the VLAN tag you wish traffic to be tagged with when it exits the MX. Optionally, you can specif the VLAN via RADIUS attributes in the Access-Accept message. 

 

image.png

You don't need to set anything on the MX at all for this as it's just layer 2 for whichever VLANs you specify in the SSID config. Just make sure that the appropriate VLANs are trunked to the WAN interface of the MX and it should work. 

http://blog.brokennetwork.ca | @jdsilva
Subscribe
In response to jdsilva
S_Remella
Conversationalist
‎Nov 6 2019 9:32 PM
‎Nov 6 2019 9:32 PM

Thank you jdsilva!! 

Subscribe
In response to jdsilva
Toby
Getting noticed
‎Feb 25 2021 1:27 AM
‎Feb 25 2021 1:27 AM

Good answer!


I'm wondering if this is documented by Meraki somewhere?

 

Been trying to getting a good grip on exactly how this works, but either the documentation which do exist explains this poorly or I'm just failing at finding the correct documentation.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.