I have a simple question:
What VLAN does traffic from a SSID set to NAT mode traverse?
Solved! Go to solution.
The implications of enabling NAT mode are as follows:
Please note that each AP will NAT to its own management IP address. As a result, LAN flows will be interrupted when the client roams between APs.
The DHCP service for NAT mode will only hand out addresses in the 10.0.0.0/8 subnet. SSIDs in NAT mode can still be used on wired networks already using a 10.x.x.x address space, however clients on the NAT SSID may be unable to communicate with these networks.
NAT mode works well for providing a wireless guest network, since it puts clients on a private wireless network with automatic addressing. Layer 3 firewall rules can also be used to quickly limit or block access to network resources.
I saw that article, but it doesn't answer the question.
I suppose it is, but then again, I'd normally only use Meraki DHCP on deployments that quickly need guest WiFi, and only able to use single vlans.
Then again, all clients are isolated from eachother. No client can talk to eachother in NAT mode. Internet access only.
I'm wondering which is more secure, NAT mode or Bridge mode with a L3 rule blocking access to the local LAN?
@RobMcLean NAT mode by default blocks access to the LAN unless you change L3 rules. Just letting you know. 😏
Thanks for all the replies.
I think I am going to go back to a bridge mode guest network , if for nothing else than a more seamless roaming, but I do want my management traffic completely separate.
Perhaps if the alternate management IP feature comes out of beta, there will be a way to keep them separate.
How do we migrate wireless clients from Meraki DHCP(NAT Mode) to an internal DHCP server(Bridge Mode) seamlessly? Any Suggestions.