Meraki

Shadius · ‎Sep 18 2024

Hi, all,

We've configured all of our ports of our core switch (MS425-32) to be mirrored to a destination port on the same switch. The destination port has a device connected to it that is being used to capture the traffic from the source ports.

The issue that we're having is that the traffic shows the IP address of the wireless access point instead of the IP address of the client that is connected to the wireless access point.

How would I be able to achieve this?

Brash · ‎Sep 18 2024

Is the SSID the clients are connected to setup in Meraki NAT mode?

NAT Mode with Meraki DHCP - Cisco Meraki Documentation

Shadius · ‎Sep 19 2024

We have three SSIDs and two of those three are set up using Meraki NAT Mode.

The other SSID uses RADIUS with an external DHCP server.

Kevin_R · ‎Sep 19 2024

Hello Shadius,

Is the issue that you are seeing the AP's IP for the 2 SSIDs using Meraki NAT mode or for all 3 SSIDs? It is expected for the 2 SSIDs using Meraki NAT mode, as the document that Brash shared explains.

Meraki NAT mode means that the AP provides IP addresses to clients connected to the SSID from the 10.0.0.0/8 subnet via DHCP. When a client sends traffic out to the network, the AP NATs the client's IP to its own management IP, masking what client actually sent the traffic. There is no way around this when using Meraki NAT mode either; client devices cannot be tracked behind NAT mode enabled SSIDs.

The bridge mode SSID, on the other hand, should not have this issue. You should be able to track clients connected to the SSID, as the client IPs are used within the wider network.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

ChloeGray · ‎Oct 8 2024

Thanks for the info, I appreciate you.

XavierRoss · ‎Oct 9 2024

Any update?

Meraki

Community

Port Mirroring

Port Mirroring