Meraki

Martinez_e

Hello, my question is the following, I have to migrate the WiFi network from a WLC to Meraki, the issue is that between the WLC and the APs I am passing all the VLANs through the capwap tunnel, in addition the traffic goes out through the WLC in separate interfaces such as the Visitor VLAN that is directly connected to a port between the WLC and the Firewall, the question is how can I replicate this configuration in remote sites for the APs???

The APs I am using are MR57 model.

DarrenOC

Just a thought, what about placing your guest traffic at the remote sites in a separate VRF and routing that traffic back to your main site? Not a tunnel but your guest traffic is segmented.

There’s a lot of questions to be asked and a lot of depends but worth exploring?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

KarstenI

You can tunnel the traffic to an MX VPN concentrator at the main office as described in this document:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Martinez_e

Hi KarstenI.

We actually discussed this possibility with the client and he doesn't like it. Is there another way for guest users to access the Internet through the central site like in the WLC?

Martinez_e

Hi KarstenI.

I forgot to tell you that, at this moment we only have Meraki APs, the rest of the equipment is Cisco C2960x Switches plus two Cores, one model C9300 and the other is a C9407, both in separate Data Centers.

KarstenI

It's a different system that operates differently. You need some tunnel, and this is how it is implemented in the Meraki world. Regardless of whether it is liked or not ... 😉 The MX concentrator is the component that takes the role of the CAPWAP tunnel endpoint for data.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Martinez_e

Even more difficult if the solution is to add a team that was not quoted.😢

KarstenI

There are countless times I think, "If they just came here to ask before they started to implement it" ...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

cmr

Why do the guest users need to access the internet from the central site? I've usually just sent them out of the local site with corporate users going via a central site where it can be better controlled.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Eortega

Hello Karstenl

About the documentation, ,Its not clear for me how many MX do you need to build the tunnel. If the customer has a remote site where they have an MR device installed in their LAN, do they need to add a MX at the remote site to build the tunnel? or can we build the tunnel to the Centyral VPN concentrator directly from the MR?

Thank you

KarstenI

You can use any MX in your organization; the central MX is OK. You need IP connectivity.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

DarrenOC

Just a thought, what about placing your guest traffic at the remote sites in a separate VRF and routing that traffic back to your main site? Not a tunnel but your guest traffic is segmented.

There’s a lot of questions to be asked and a lot of depends but worth exploring?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Martinez_e

Hi DarrenOC

Thank you for the idea, we presented it to the client and he liked it. Now, another question: on the Meraki Dashboard I have configured all the VLANs and DHCP for the networks that we will use, but when adding an AP, the "Security & SD-WAN" options where I have created the DHCP and VLANs are deleted. Can you help me with that?

DarrenOC

Hey @Martinez_e - do you want to share a screenshot of the new issue? Are you saying you’ve created some new VLANs, dhcp scopes on a network but they’ve disappeared since doing so? Sorry to ask, and it’s an easy mistake to do - but did you click Save?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Martinez_e

Hi DarrenOC.
First of all, thank you for your support.
Yes, I did indeed save the configuration. I also doubted that and to clarify, I configured all the parameters again, but the problem occurs when adding the APs to the Network. At that moment, many of the options disappear and only the Network-Wide, Assurance, Wireless and Organization options are left. Then the "Security & SD-WAN" option is lost, which is where I have created the DHCP and the VLANs.

Meraki

Community

How to pass VLANs on remote APs.

How to pass VLANs on remote APs.