Wireless - Foreign/Anchor

Calb
Just browsing

Wireless - Foreign/Anchor

We had a demo of the Meraki solution, some of the things show was good

 

We currently running Cisco 8510 and 5520 WLCs with anchors to external agencies.

 

Can a Meraki Solution replace a Foreign/ Anchor Solution?  We have around 10k devices on out WLAN daily, with cross site and multi tenanted buildings.


Cheers

 

Calb

3 REPLIES 3
KarstenI
Kind of a big deal
Kind of a big deal

In general: Yes, but there will be big differences in the implementation.

What functionality are you referring to? Are you talking about roaming? Meraki has some options here:

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

Or are you talking about the typical Guest-setup with a controller in the DMZ to terminate the client-sessions? This is also supported, but the "Anchor-Controller" is a Meraki MX:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin...

Hi


So basically we are a hospitals with 3 large campuses.

We have mobility anchors to 4 different organisations.

 

We can roam in their buildings and they can roam in our buildings via Mobility Anchor as we are all using Cisco WLCs.

We also have Cisco WLC on DMZ for guest access.

 

Each Organisation has a separate Firewall between us and them.

 

So a CAPWAP tunnel is created between ours and their WLCS to allow us and them to proxy the authentication for wireless and they break out on their WLCs.  It's clean and tidy.

All APs are in local mode do all go back to the WLC

 

Looking at Meraki the APs break on out on the switch.  So guessing each SSID we use, will be on it's on vlan and connect to the vpn connector, which would then create a VPN between these and the organisations firewalls?

 

So from the AP to the VPN Connector this traffic will be on our LAN and could be accessed.

 

Just trying to get a better understanding, if company decide to migrate to Meraki for new buildings.

 

cheers

 

 

KarstenI
Kind of a big deal
Kind of a big deal

The first important thing is that there will be no fast roaming between Meraki and the other Cisco gear.

For the concentrator implementation:

The concentrator is typically placed in the DMZ. For each SSID you can choose to break out the traffic locally or to tunnel the traffic to one of your concentrators. This tunnelling is basically what you are doing with local mode and the local break out would be comparable to FlexConnect.

An important point to consider is what you say about the different organisations: There are also organisations as a Meraki term where all devices and licenses of a company are combined. SSID tunnelling is only possible between devices in one organisation. If each of your organisations want to buy their own concentrators, then there is no tunnelling from your AP to their the other organisations concentrator.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels