MR76 Extending the LAN for wired clients (bridge mode) using integrated port on the MR76

Solved
RobbyD
Conversationalist

MR76 Extending the LAN for wired clients (bridge mode) using integrated port on the MR76

We are in a need to extend a group of devices connected to a industrial POE Switch located in a shack outside the building and a bit far out that we cant place the AP inside the shack so the AP needs to be weather proof thus the use of an MR76.

 

connectivity description:

shack devices > industrial switch with POE powering the AP and  some of the devices > MR76 on a pole outside the shack,>  wireless connection to meraki mesh APs that is wired connected to the main network, where the controllers for the shack devices are located.

 

Was able to configure the Bridge SSID on the dashboard, but when it came for me to configure the port profile to assign the port on the MR76 to the SSID, the MR76 is not in the list of devices on the device selection to assign the port profile. Does this mean im not able to use the MR76 to bridge the wired clients to the mesh? is it because it only has 1 ethernet port and its meant for lan uplink only?

 

what's my option here?

1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee

Meaning you have other mesh repeaters APs in this network and people could gain access to it physically to connect to the eth port and it would still be powered via some other source?

 

The wired port config is a network wide setting. I suppose the only way to limit the scope here is move two APs to their own network. One is the gateway and one is the repeater.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

10 Replies 10
GreenMan
Meraki Employee
Meraki Employee

Por profiles don't apply to MR76 - see here:  https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/Port_Profiles#Applying_profiles_t...

 

It is possible though, in principle, to extend wired LANs across a Meraki MR-based wireless link, in roughly the way you want.   You will want to read this thoroughly, if you haven't already:    https://documentation.meraki.com/MR/Wi-Fi_Basics_and_Best_Practices/Extending_the_LAN_with_a_Wireles...   You'll note that port profiles are not used as part of this setup.

Ryan_Miles
Meraki Employee
Meraki Employee

For a visualization it should look something like this example. Just make sure in Network-wide you map the "clients wired directly to Meraki APs" to a SSID with the VLAN you want. It can be any bridge mode SSID including a SSID already used for regular wired clients.

 

Screenshot 2023-09-20 at 07.16.17.png

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
RobbyD
Conversationalist

Thank you for your response both, is there no way to set this with a limited set of APs? because what is being suggested would mean all our AP, network wide, if we plug a device on any ethernet port on any AP will pass traffic since SSID authentication is not used for clients attached to physical port which would be a security hole.

 

will allowing the SSID be available only to the repeater AP and the nearest mesh AP means that the other AP in the network will not pass traffic to that vlan if something is plugged to the ethernet port?

Ryan_Miles
Meraki Employee
Meraki Employee

Meaning you have other mesh repeaters APs in this network and people could gain access to it physically to connect to the eth port and it would still be powered via some other source?

 

The wired port config is a network wide setting. I suppose the only way to limit the scope here is move two APs to their own network. One is the gateway and one is the repeater.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Dunky
Head in the Cloud

Hi Ryan,

We are now close to placing orders for a LAN Upgrade that includes two MR76's to provide a mesh link across a road to another building.  The remote building will have an MS switch and a couple of MV cameras connected.

Will the remote MR76 boot up ok given that the LAN side of it wont have any internet hence dashboard connectivity when it boots, i.e. the mesh needs to form before the remote MR/MS/MV will have internet connectivity.

 

 

 

Ryan_Miles
Meraki Employee
Meraki Employee

Yes, that will work fine. I would first boot all that gear up in a lab so the devices can update to the latest firmware and grab their configs. But it's not mandatory. 

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Dunky
Head in the Cloud

Thanks Ryan, yes that is my plan to build in a lab first.

 

Once deployed, when we do MR firmware upgrades is there any special consideration for this setup - i.e. with downstream switches you can do staged upgrades to prevent an upstream switch from rebooting whilst the downstream ones are still downloading firmware.

Ryan_Miles
Meraki Employee
Meraki Employee

No specific guidance that I've seen. But to be safe with this setup you could just schedule the firmware jobs for different times. So, for example if there's new firmware for the MR, MS, MVs update the Cameras first, then the Switch, then the AP. Keeping in mind that will of course cause two reboots of the AP (two outages for the remote building).

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Dunky
Head in the Cloud

Sorry, I meant on the MR's - i.e. non danger of the upstream MR taking out the downstream one whilst its still downloading firmware?

Dunky
Head in the Cloud

Just wanted to thank @Ryan_Miles for all your help and here are the MR76's 'in the wild' so to speak with the sector antenna fitted....

Dunky_0-1729260080215.png

Dunky_1-1729260104934.png

We are getting 190-200Mbps across the link

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels