With a dual ethernet port MR such as the MR57 are we able to have separate SSID that terminate in two different switches with ultimately have different gateways.
We would run two network drops to the AP. One would go back to our LAN switches and would be for corporate access and go out our LAN default gateway and out the corporate firewall. The other drop would go back to a MX device which has as internet gateway, different and isolated from the LAN gateway - this would just be for guest access. To keep guest access isolated to a separate circuit.
Is this possible?
Thanks
I don't think that this is possible. But you can tunnel back the second SSID to the MX. If I remember right, it is not officially supported in NAT mode but it was working for me when I tried it some time ago.
Tunnelling to a routed mode MX is supported (though there was indeed a fair bit of debate about this, back in the day) - you just have to take care to understand how it operates (the tunnels terminate on the WAN side)
Good to know!
No. The dual port on the MR57 is only for Link Aggregation/redundancy or PoE aggregation/redundancy.
Hi @jp26 ,
why not just configure your Guest SSID with NAT mode and use Meraki DHCP. Clients will be isolated from each other. Then block the clients from the LAN using the Layer 3 firewall rules section, select Deny from the drop-down menu for the rule labeled Wireless clients accessing LAN
The answer is yes, but it has nothing to do with multiple Ethernet ports. By "yes", I mean that you can configure it so that all traffic for an SSID goes to a seprate MX by way of a separate VLAN that is not configured on the primary MX or is not trunked to it. This approach requires L2 connectivity between APs and MX.