Meraki

deesloop · ‎Apr 8 2019

Hello,

I have 2 SSID's one is for rny local LAN access - it's set to get DHCP from local server and uses Meraki firewall as the gateway. Howveer I also want to enable guest access via the guest SSID to a different gateway on a cheap & cheerful broadband line.

I've was hoping to use Meraki DHCP on the 10.0.0.0/8 subnet that they offer, however I'm wanting to know how they get off the subnet and online - I don't see an option to set a default gateway for the DHCP pool?

Can someone please explain where I'm going wrong, or if what I'm doing is feasible?

Thanks

BrechtSchamp · ‎Apr 9 2019

Ah then the setup will not work. You need a trunk going from the MX to the APs. If you put an unmanaged (and VLAN unaware) switch in between then you will encounter issues. For example, packets coming from your corporate SSID, and tagged with the corporate VLAN id by an AP, will also get sent to the wired guests, with the tag still on.

View solution in original post

deesloop · ‎Apr 8 2019

Doh! I thought I had it with this.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/NAT_Mode_with_Meraki_DHCP

However that's not quite what I'm wanting.

BrechtSchamp · ‎Apr 8 2019

In NAT-mode the AP itself is default gateway for the clients. The outgoing packets are NAT-ed by the AP using its own management IP address, so naturally in its VLAN too.

Probably not very good practice, but you could put the management IP of your access points into a VLAN that is in an isolated environment with the cheap broadband gateway therefore having the guests traffic going out that way.

The corporate Wi-Fi users would get put on another VLAN that goes to the Meraki Firewall via a bridge mode SSID that has VLAN-tagging enabled.

@HodyCrouch 's solution above is another possibility. But then you need to provide DHCP on that guest VLAN using either your DHCP server or the Meraki MX.

deesloop · ‎Apr 8 2019

Both networks have their own DHCPO.

Internal is windows server, guests is the broadband router.

BrechtSchamp · ‎Apr 8 2019

Are there any switches in the mix?

deesloop · ‎Apr 9 2019

Theres a non managed POE switch.for some hard wired visitors too.

I had thought of swapping it out for a Meraki POE but it's not an inexpensive swap.

BrechtSchamp · ‎Apr 9 2019

Ah then the setup will not work. You need a trunk going from the MX to the APs. If you put an unmanaged (and VLAN unaware) switch in between then you will encounter issues. For example, packets coming from your corporate SSID, and tagged with the corporate VLAN id by an AP, will also get sent to the wired guests, with the tag still on.

deesloop · ‎Apr 9 2019

So I need a new switch. Bummer.

So it's APs to new switch. APs have VLAN 1 for corporate, vlan 30 for guest

Doe I then simply setup a couple of ports on the new switch with the corresponding VLAN and then connect the respective vlan port to either the MX for corporate and the other to the ADSL for visitors?

Or do I connect the switch to the MX84 and use it to handle VLANS and connect the ADSL router to that?

BrechtSchamp · ‎Apr 9 2019

Both options are possible.

deesloop · ‎Apr 9 2019

Grand I'll make a purchase.

Thanks a lot for the input folks.

HodyCrouch · ‎Apr 8 2019

Have you considered VLAN tagging?

You can set your guest SSID to tag with a different VLAN and use the "different gateway" to provide DHCP. That approach would provide you with the level of control you're looking for over the traffic routing.

deesloop · ‎Apr 8 2019

Yes, This is what I was wanting to do.
I'#ve spent a fair while trying to get it work.
Perhaps ther'es an article that could assist?

I'll get alook when my heads les busy

Thanks

Meraki

Community

DHCP Issue on 2 SSID wireless network with 2 different gateways. MR33 & MX84 fierwall

DHCP Issue on 2 SSID wireless network with 2 different gateways. MR33 & MX84 fierwall