MR57 (Dual Ethernet Ports)

jp26
New here

MR57 (Dual Ethernet Ports)

With a dual ethernet port MR such as the MR57 are we able to have separate SSID that terminate in two different switches with ultimately have different gateways.

 

We would run two network drops to the AP. One would go back to our LAN switches and would be for corporate access and go out our LAN default gateway and out the corporate firewall. The other drop would go back to a MX device which has as internet gateway, different and isolated from the LAN gateway - this would just be for guest access. To keep guest access isolated to a separate circuit.

 

Is this possible?

Thanks

6 Replies 6
KarstenI
Kind of a big deal
Kind of a big deal

I don't think that this is possible. But you can tunnel back the second SSID to the MX. If I remember right, it is not officially supported in NAT mode but it was working for me when I tried it some time ago.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
GreenMan
Meraki Employee
Meraki Employee

Tunnelling to a routed mode MX is supported (though there was indeed a fair bit of debate about this, back in the day) - you just have to take care to understand how it operates (the tunnels terminate on the WAN side)

KarstenI
Kind of a big deal
Kind of a big deal

Good to know!

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
rhbirkelund
Kind of a big deal
Kind of a big deal

No. The dual port on the MR57 is only for Link Aggregation/redundancy or PoE aggregation/redundancy.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @jp26 ,

 

why not just configure your Guest SSID with NAT mode and use Meraki DHCP.  Clients will be isolated from each other.  Then block the clients from the LAN using the Layer 3 firewall rules section, select Deny from the drop-down menu for the rule labeled Wireless clients accessing LAN

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
K2_Josh
Building a reputation

The answer is yes, but it has nothing to do with multiple Ethernet ports. By "yes", I mean that you can configure it so that all traffic for an SSID goes to a seprate MX by way of a separate VLAN that is not configured on the primary MX or is not trunked to it. This approach requires L2 connectivity between APs and MX.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels