Configuration for a MX67 Advanced Security and MR46 WAPs?

New here

Configuration for a MX67 Advanced Security and MR46 WAPs?

I am a very experienced systems engineer but I am new to Meraki and the Meraki cloud-managed products.  I'm trying to configure a network using the MX67 Advanced Security appliance and MR46 Wireless Access points. 


The goal is to have a secure wired corporate LAN (Windows AD environment), a secure wireless corporate WLAN and a guest WLAN.


The Guest WLAN should connect directly to the Internet and use external public DNS.  Guest wireless devices will need to be assigned addresses using DHCP sourced from one of the Meraki devices.  I normally dedicate a 172.16.X.X. network for this purpose.  The Guest wireless should not have any access to the Corporate networks.


The Corporate networks - both wired and wireless - can share a subnet (like 10.11.11.X for both) or can be separated (like 10.11.11.X for wired and 10.11.12.x for WLAN).  If separated, traffic should route freely between the two networks.


For the corporate network, addresses will also be assigned using DHCP, but that can come from either a Windows Server or the Meraki equipment.  The corporate network will use internal DNS only as required for Windows AD. 


It seems like this would be a common topology.  Is there an existing playbook or recipe that I can refer to to help get started?




Kind of a big deal

Hi @KMorley , as you’ve stated your requirements are pretty standard and achievable within the Meraki stack you’re using.


In all honesty you know what you want to achieve. Get the kit online and poke around the dashboard and you’ll soon get to grips with the Config.


Some best practice guidelines can be found here:

Darren OConnor |

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.