Having different Public IP addresses for Main & Guest SSID?

David_Boyle
Comes here often

Having different Public IP addresses for Main & Guest SSID?

Hi everyone,

 

Since our company uses our Public IP address as a way of accessing external resources that hold sensitive data, I was wondering would it be possible to have a different Public IP address for our Guest Network so that those connected to it wouldn't be able to access these resources?

 

Thanks for your help.

5 REPLIES 5
vassallon
Kind of a big deal

@David_Boyle Have you looked into vlan tagging? This seems perfect for what you are looking to do as you would just assign different Public IPs to each vlan.

 

https://n22.meraki.com/WL-MA-OB-wireles/n/LaNi3cw/manage/support?utf8=%E2%9C%93&kb_article=2063

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
AjitKumar
Head in the Cloud

Hi David

MR on its own may not be able to do so.

However it can segregate traffic as @vassallon suggested by tagging the SSID to appropriate VLAN.

 

Once the traffic is segregated your gateway appliance shall route the subnets to desired WAN interfaces.

 

If you are using MX as your gateway appliance 

Security & SDWAN->SD-WAN & traffic shaping may help you to  do so.

 

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
PhilipDAth
Kind of a big deal
Kind of a big deal

You could also create MR firewall rules to block access to those sensitive assets.

pjc
A model citizen

If you use a bridged wifi network for your corporate devices and a nat wifi network for your guests, then the guests will be natted behind the ip address of the access point (the corp bridged clients will be on your lan ip subnets).

You can then nat outbound through your main internet facing firewall for external services (internet) on a different ip address for the source ip's of the access points, therfore your guest clients will go outbound on a different public ip to your bridged corporate clients (assuming you nat them on a different public ip)

David_Boyle
Comes here often

Thanks for the reply. So I do currently have the main network on Bridge mode and Guest network on NAT mode. 

 

Do you have any documentation on how the second part of your reply is done? 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels