- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to pass VLANs on remote APs.
Hello, my question is the following, I have to migrate the WiFi network from a WLC to Meraki, the issue is that between the WLC and the APs I am passing all the VLANs through the capwap tunnel, in addition the traffic goes out through the WLC in separate interfaces such as the Visitor VLAN that is directly connected to a port between the WLC and the Firewall, the question is how can I replicate this configuration in remote sites for the APs???
The APs I am using are MR57 model.
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a thought, what about placing your guest traffic at the remote sites in a separate VRF and routing that traffic back to your main site? Not a tunnel but your guest traffic is segmented.
There’s a lot of questions to be asked and a lot of depends but worth exploring?
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can tunnel the traffic to an MX VPN concentrator at the main office as described in this document:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi KarstenI.
We actually discussed this possibility with the client and he doesn't like it. Is there another way for guest users to access the Internet through the central site like in the WLC?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi KarstenI.
I forgot to tell you that, at this moment we only have Meraki APs, the rest of the equipment is Cisco C2960x Switches plus two Cores, one model C9300 and the other is a C9407, both in separate Data Centers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's a different system that operates differently. You need some tunnel, and this is how it is implemented in the Meraki world. Regardless of whether it is liked or not ... 😉 The MX concentrator is the component that takes the role of the CAPWAP tunnel endpoint for data.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Even more difficult if the solution is to add a team that was not quoted.😢
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are countless times I think, "If they just came here to ask before they started to implement it" ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why do the guest users need to access the internet from the central site? I've usually just sent them out of the local site with corporate users going via a central site where it can be better controlled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Karstenl
About the documentation, ,Its not clear for me how many MX do you need to build the tunnel. If the customer has a remote site where they have an MR device installed in their LAN, do they need to add a MX at the remote site to build the tunnel? or can we build the tunnel to the Centyral VPN concentrator directly from the MR?
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use any MX in your organization; the central MX is OK. You need IP connectivity.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, but let me rephrase the question. Is it mandatory have a MX at remote site to build the tunnel to central MX concentrator? or can we do it directly from the MR to the concentrator?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The tunnel is built from the MR to the Concentrator. At the remote site where the AP is located, you don't need an MX.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Karstenl.
Thank you for your help.
Could you recommend any document in which to see what this type of implementation would look like?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here we go:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a thought, what about placing your guest traffic at the remote sites in a separate VRF and routing that traffic back to your main site? Not a tunnel but your guest traffic is segmented.
There’s a lot of questions to be asked and a lot of depends but worth exploring?
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi DarrenOC
Thank you for the idea, we presented it to the client and he liked it. Now, another question: on the Meraki Dashboard I have configured all the VLANs and DHCP for the networks that we will use, but when adding an AP, the "Security & SD-WAN" options where I have created the DHCP and VLANs are deleted. Can you help me with that?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @Martinez_e - do you want to share a screenshot of the new issue? Are you saying you’ve created some new VLANs, dhcp scopes on a network but they’ve disappeared since doing so? Sorry to ask, and it’s an easy mistake to do - but did you click Save?
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi DarrenOC.
First of all, thank you for your support.
Yes, I did indeed save the configuration. I also doubted that and to clarify, I configured all the parameters again, but the problem occurs when adding the APs to the Network. At that moment, many of the options disappear and only the Network-Wide, Assurance, Wireless and Organization options are left. Then the "Security & SD-WAN" option is lost, which is where I have created the DHCP and the VLANs.