Is it possible to setup Meraki AP on Access Port??

SOLVED
HovnanianEA
Here to help

Is it possible to setup Meraki AP on Access Port??

Hi All. Brand new to the forums as this is my first post. Our company has Meraki MX appliances setup at 3 divisional offices at the moment. Two being MX67's and one being an MX100. Our switching environment still consists of Catalyst 3750's and 3560's. All divisions are setup with a Data VLAN and a Voice VLAN. In our one office that is using an MX67, we have three MR52's configured on trunk ports and everything is working just fine. Our MX is connected to our 3750 in that office as a trunk port with native VLAN 165.

 

In this example, Data is 165, Voice is 65, and Wireless is 200.

 

interface GigabitEthernet1/0/1
description Port Ready for Meraki AP
switchport trunk encapsulation dot1q
switchport trunk native vlan 165
switchport trunk allowed vlan 65,165,200
switchport mode trunk

 

 

In our division office that is using the MX100, we have two separate racks for Data switches and Voice switches. This is simply because the cubicles are wired with 2 jacks. We currently have the main Data switch plugged into the MX as an access port and same goes for the main Voice switch. All is working well currently but we're looking to replace our current Aruba AP's with Meraki AP's. This is where I'm a little concerned on how the Meraki AP's will have to be configured on the switchports and if our configuration will have to slightly change. We're not using any native VLAN at the moment.

 

Any help would be appreciated.

1 ACCEPTED SOLUTION
Bruce
Kind of a big deal

Yes, your configuration for the switch port connecting to the AP could be that simple. The AP will either need a static IP address from that VLAN or it will need to get a DHCP address from that VLAN.

 

You’ll still need to carry the new VLAN (200) from the switch where the AP connects back to the MX. This could mean you need to add it to the existing trunks between switches (by default a trunk caries all VLANs, so nothing to do unless you’ve restricted them), and since they are Catalyst switches you’ll need to create the VLAN on the switches between the one where the AP connects and the MX. Depending on the VTP mode you’re using this means either creating the VLAN on the VTP server (in which case it should propagate to all switches), or if you’re using VTP transparent mode then creating the VLAN on each switch.

 

As has been said by others, why not set it up the same as all your other sites? It’s really not going to be that much harder, if at all, to adding a single wireless VLAN.

View solution in original post

6 REPLIES 6
ww
Kind of a big deal
Kind of a big deal

You can use meraki on a access port(if the access port has no port security etc... )But your wifi clients can only  get a ip in that single vlan.

The plan would be to add an additional Wireless VLAN (200) to the MX and switches to keep wireless on a different subnet. So would the config for the Meraki AP be as simple as the following:

 

interface GigabitEthernet1/0/1
description Port Ready for Meraki AP
switchport access vlan 200
switchport mode access

 

Also, does this mean the AP's themselves in the dashboard would need to be statically assigned an IP within that Wireless VLAN as well? In the office that currently has the Meraki AP's set as trunk ports, we assign the AP an IP within the Data VLAN but tag the traffic for the Wireless VLAN.

Bruce
Kind of a big deal

Yes, your configuration for the switch port connecting to the AP could be that simple. The AP will either need a static IP address from that VLAN or it will need to get a DHCP address from that VLAN.

 

You’ll still need to carry the new VLAN (200) from the switch where the AP connects back to the MX. This could mean you need to add it to the existing trunks between switches (by default a trunk caries all VLANs, so nothing to do unless you’ve restricted them), and since they are Catalyst switches you’ll need to create the VLAN on the switches between the one where the AP connects and the MX. Depending on the VTP mode you’re using this means either creating the VLAN on the VTP server (in which case it should propagate to all switches), or if you’re using VTP transparent mode then creating the VLAN on each switch.

 

As has been said by others, why not set it up the same as all your other sites? It’s really not going to be that much harder, if at all, to adding a single wireless VLAN.

Thank you Bruce. We're currently using VTP transparent mode on all switches so it should be as simple as adding the Wireless VLAN to all switches. We're also not restricting any VLAN's on the trunk ports between switches.

 

I plan to change the config in the office which has the AP's setup as trunk ports and turn them into access ports. This way we can keep a standard going forward as we currently use access ports for our Aruba AP's.

DarrenOC
Kind of a big deal
Kind of a big deal

At your HQ why not create a new management vlan for your Meraki devices.

 

Then as per your 3750 Config configure a trunk port to the AP with the Native Vlan assigned for Management.  Then on your SSIDs Tag the respective VLAN

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

All 20+ switches in our HQ would need to be configured for that new management VLAN then correct? Currently, we have these switches daisy chained to one another as just switchport mode trunk and switchport mode encapsulation dot1q. All trunk ports would then need the native VLAN added to it as well.

 

A thought I had was to just take the specific 3750 that connects all AP's and setup an additional trunk port with native VLAN and connect to another port on the MX also set as a trunk port with native VLAN. This way we can leave the current config as is and not have to add config to all the additional switches. Thoughts?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels