Meraki

Community

IP Obfuscation for Guest VLAN

Solved
Vaibhav_Vishnoi
Here to help
‎Aug 23 2023 3:33 PM
‎Aug 23 2023 3:33 PM

IP Obfuscation for Guest VLAN

Hi Experts - need your advice on following situation. 

 

We need to create a GUEST VLAN in our Meraki Setup, and my project manager requesting if we can obfuscate the public IP for Guest users. 

 

Is there a possibility with a setup where we have only Meraki MS Switch and Meraki WAPs .. uplink firewall is not from meraki. 

 

Please let me know.  

0 Kudos
1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal
‎Aug 23 2023 4:08 PM
‎Aug 23 2023 4:08 PM

There's really no way to do this with the Meraki gear.

Users will always be able to lookup their public IP address by going to a page like Instant IP Address Lookup (whatismyipaddress.com)

 

The only options that come to mind are:

  • Tunnel all traffic to a SaaS gateway/VPN (Cisco Umbrella, ZScaler, Cloudflare etc.) so that their public IP is what will show, not your one.
  • ISP configured CG-NAT, in which your outbound IP address will actually be a private IP NAT'd to the ISP's public IP.

 

That being said, I don't think either of these options are justifiable for that specific purpose alone.

View solution in original post

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 23 2023 3:38 PM
‎Aug 23 2023 3:38 PM

What do you mean with obfuscation? Could you please explain it better?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Aug 23 2023 4:08 PM
‎Aug 23 2023 4:08 PM

There's really no way to do this with the Meraki gear.

Users will always be able to lookup their public IP address by going to a page like Instant IP Address Lookup (whatismyipaddress.com)

 

The only options that come to mind are:

  • Tunnel all traffic to a SaaS gateway/VPN (Cisco Umbrella, ZScaler, Cloudflare etc.) so that their public IP is what will show, not your one.
  • ISP configured CG-NAT, in which your outbound IP address will actually be a private IP NAT'd to the ISP's public IP.

 

That being said, I don't think either of these options are justifiable for that specific purpose alone.

Vaibhav_Vishnoi
Here to help
‎Aug 24 2023 6:01 AM
‎Aug 24 2023 6:01 AM

Thanks Brash - You are correct, I have done Obfuscation using the mentioned options. Was just wondering if Meraki has any magical feature. Thanks so much for the time and updating the answer. Much Appreciated. 

0 Kudos
In response to Vaibhav_Vishnoi
TBHPTL
A model citizen
‎Aug 29 2023 1:30 PM
‎Aug 29 2023 1:30 PM

Why does a project manager have any say at all.😁  Foe what reason would you want to hide their egress point to the Internet? If the circuit is also used for your corporate /business traffic then you are far better served installing a local Internet egress circuit on an MX or some other gateway that serves GUESTS only, IMO

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.