SSID using NAT mode

Comes here often

SSID using NAT mode

We are replacing our old Cisco WLC with Meraki. On the existing Wi-Fi network IP addresses are published from our own DHCP and the Wi-Fi sits on its own VLAN, 10. Clients can then go out to the internet as the firewall has a dedicated port connected to VLAN 10, and outgoing WAN port. This allows us to use the UTM functionality on the WiFi network. I would like if possible to retain the VLAN and firewall setup as is.


I have added a diagram of what I am trying to achieve with Meraki:


1. Create the Guest SSDI to use Meraki DHCP;

2. Set firewall rules to prevent access to the LAN;

3. Assign VLAN 10 to the SSID;

4. Use NAT mode on the SSID.


From what I have read when using NAT mode the LAN IP address will be the address of the AP. That being the case then it would be on the native VLAN, 50 and in theory will not work as the VLAN 10 subnet is


I would appreciate some thoughts and guidance. 







Kind of a big deal
Kind of a big deal

Re: SSID using NAT mode

Why you want to nat vlan 50.


Make vlan 10 native on the trunk to the ap and assign the ap management a ip in vlan 10, then run the guest ssid in nat mode.


Tag vlan 50 or for example 100 on the trunk to the ap.


Then set internal ssid to bridge mode and tag this ssid with vlan 50 or 100.


Fw must then have a vlan 50 or 100 with ip



Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.