cancel
Showing results for 
Search instead for 
Did you mean: 

NAT Mode or Bridge Mode?

Here to help

NAT Mode or Bridge Mode?

 

I didn't have much experience when we deployed the Meraki Switches into our environment the first year I was here. Initially the scopes were pretty open but as we added devices especially chromebooks im almost always in the 90% utilization in DHCP, I don't want to reconfigure the scope until im ready to do all of the scopes and clean them up entirely.

 

Right now I use Bridge Mode on all of our SSID's but I was wondering if anyone suggests to use NAT Mode on those SSID's like Chromebooks who wont really need access to anything on the LAN not even printing. 

 

Could that cause any potential issues? or should I apply any configuration to the switch ports or configuration in the dashboard before I do this?

 

Thank you guys, this community is very helpful!

9 REPLIES 9
Getting noticed

Re: NAT Mode or Bridge Mode?

@JasonSnyder

 

I haven't used NAT mode yet, but one thing you probably want to test/check. 

 

Does each AP create a separate NAT Network. 

 

AP1 192.168.1.0/24

AP2 192.168.2.0/24

AP3 192.168.3.0/24

 

If that is what happens, roaming could get really ugly, because each roam will require the client to get a new IP and my guess is clients would be unhappy. 

 

I'm not sure if it works that way or not, but probably worth testing before deploying. 

Here to help

Re: NAT Mode or Bridge Mode?

Nope currently it's not separate but with the NAT it would, I see that the roaming devices would essentially drop more frequently if they roamed at all.

Highlighted
Meraki Employee

Re: NAT Mode or Bridge Mode?

The way NAT mode works basically creates an isolated network out of the 10.0.0.0/8 space. The AP's assign each device an IP based off their MAC address, so even though technically each AP is its own isolated subnet, the clients won't notice, because they effectively get the same IP each time they roam.

 

If you're trying to use NAT mode just temporarily until you can renumber your upstream subnet(s) appropriately, as long as you don't have any need for client devices to talk to each other directly, you should be fine.

Kind of a big deal

Re: NAT Mode or Bridge Mode?

This is not correct.

 

When doing layer 3 roaming, the AP you are currently attached to forwards your traffic back to the AP you originally connected to for processing.  This way there can not be an IP address conflict.

Meraki Employee

Re: NAT Mode or Bridge Mode?

Apologies, I'm a bit confused as to why you're bringing L3 Roaming into this conversation, since it wasn't mentioned at all.

Here to help

Re: NAT Mode or Bridge Mode?

So, from what you said the devices if we implemented NAT would not lose a connection by jumping to another AP in another room?

 

That would be the main concern for us, L3 Roaming wouldn't need to happen as the locations are very far apart from each other.

Meraki Employee

Re: NAT Mode or Bridge Mode?

That's correct, and why it's designed that way.

Conversationalist

Re: NAT Mode or Bridge Mode?

Hi!
As I understand, there is a problem when clients roams between APs on NAT mode(I attach screenshot of manual).
It says that TCP connections will be drop and have to be re-established, but I have a doubt: if I use splash-page as network access, it means that I will have to log on again through splash-page each time that I roam from an AP? or it is just one time for authenticate?

 

Thanks for your time!

 

Here to help

Re: NAT Mode or Bridge Mode?

The authentication only happens once, NAT or Bridge once they are authenticated it last's as long as the lease.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.