NAT Mode or Bridge Mode?

JasonSnyder
Here to help

NAT Mode or Bridge Mode?

 

I didn't have much experience when we deployed the Meraki Switches into our environment the first year I was here. Initially the scopes were pretty open but as we added devices especially chromebooks im almost always in the 90% utilization in DHCP, I don't want to reconfigure the scope until im ready to do all of the scopes and clean them up entirely.

 

Right now I use Bridge Mode on all of our SSID's but I was wondering if anyone suggests to use NAT Mode on those SSID's like Chromebooks who wont really need access to anything on the LAN not even printing. 

 

Could that cause any potential issues? or should I apply any configuration to the switch ports or configuration in the dashboard before I do this?

 

Thank you guys, this community is very helpful!

9 REPLIES 9
bholmes12
Getting noticed

@JasonSnyder

 

I haven't used NAT mode yet, but one thing you probably want to test/check. 

 

Does each AP create a separate NAT Network. 

 

AP1 192.168.1.0/24

AP2 192.168.2.0/24

AP3 192.168.3.0/24

 

If that is what happens, roaming could get really ugly, because each roam will require the client to get a new IP and my guess is clients would be unhappy. 

 

I'm not sure if it works that way or not, but probably worth testing before deploying. 

Nope currently it's not separate but with the NAT it would, I see that the roaming devices would essentially drop more frequently if they roamed at all.

The way NAT mode works basically creates an isolated network out of the 10.0.0.0/8 space. The AP's assign each device an IP based off their MAC address, so even though technically each AP is its own isolated subnet, the clients won't notice, because they effectively get the same IP each time they roam.

 

If you're trying to use NAT mode just temporarily until you can renumber your upstream subnet(s) appropriately, as long as you don't have any need for client devices to talk to each other directly, you should be fine.

PhilipDAth
Kind of a big deal
Kind of a big deal

This is not correct.

 

When doing layer 3 roaming, the AP you are currently attached to forwards your traffic back to the AP you originally connected to for processing.  This way there can not be an IP address conflict.

Apologies, I'm a bit confused as to why you're bringing L3 Roaming into this conversation, since it wasn't mentioned at all.

So, from what you said the devices if we implemented NAT would not lose a connection by jumping to another AP in another room?

 

That would be the main concern for us, L3 Roaming wouldn't need to happen as the locations are very far apart from each other.

That's correct, and why it's designed that way.

Sara_Oseas
Conversationalist

Hi!
As I understand, there is a problem when clients roams between APs on NAT mode(I attach screenshot of manual).
It says that TCP connections will be drop and have to be re-established, but I have a doubt: if I use splash-page as network access, it means that I will have to log on again through splash-page each time that I roam from an AP? or it is just one time for authenticate?

 

Thanks for your time!

 

The authentication only happens once, NAT or Bridge once they are authenticated it last's as long as the lease.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels