Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Quick Questions on Meraki Wireless LAN extension

Solved
noobnetwizard
Here to help
‎Dec 6 2023 2:51 AM
‎Dec 6 2023 2:51 AM

Quick Questions on Meraki Wireless LAN extension

Good day everyone,
Before writing this I made sure to read offical documentation:
Extending the LAN with a Wireless Mesh Link - Cisco Meraki

We are planning following topology to  extend  our lab network:

noobnetwizard_0-1701859636107.png
The documentation does say that multi vlan is supported version 28 but it's not very clear to me if multi-vlan is supported on the right side of the bridge and if switch need to be L2 or L3 mode.


Thanks in advance for any feedback


 

Labels:
0 Kudos
Subscribe
1 Accepted Solution
GreenMan
Meraki Employee
Meraki Employee
‎Dec 6 2023 4:23 AM
‎Dec 6 2023 4:23 AM

With your multi-VLAN scenario at the far end, you will need a Layer 3 switch, as per this extract from the doc you referenced (see below)   Note though - you can't use the same VLANs on both sides of your Layer 3 boundary;  your VLANs on the far right would need to be different VLAN IDs / subnets - hence the need for routes on both sides.

 

It is possible to extend the LAN and support multiple subnets on the remote side of the bridge. However, this does require a layer 3 switch due to the nature of 802.11 frames preventing multiple VLAN IDs from traversing the wireless bridge link. The layer 3 switch will rewrite the frame and place it in the required (transit) VLAN when sending it to the wireless bridge (repeater MR)

Configuration

  • Configure a bridge-mode SSID as noted in the topologies above. 
  • Configure layer 3 interfaces on the switch located on the remote side of the bridge.
    • A transit VLAN (ie. VLAN 20 in diagram)
    • Any additional access VLANs for APs and clients
    • Configure the required static routes both upstream and on the remote side of the bridge. 

View solution in original post

Subscribe
10 Replies 10
GreenMan
Meraki Employee
Meraki Employee
‎Dec 6 2023 4:23 AM
‎Dec 6 2023 4:23 AM

With your multi-VLAN scenario at the far end, you will need a Layer 3 switch, as per this extract from the doc you referenced (see below)   Note though - you can't use the same VLANs on both sides of your Layer 3 boundary;  your VLANs on the far right would need to be different VLAN IDs / subnets - hence the need for routes on both sides.

 

It is possible to extend the LAN and support multiple subnets on the remote side of the bridge. However, this does require a layer 3 switch due to the nature of 802.11 frames preventing multiple VLAN IDs from traversing the wireless bridge link. The layer 3 switch will rewrite the frame and place it in the required (transit) VLAN when sending it to the wireless bridge (repeater MR)

Configuration

  • Configure a bridge-mode SSID as noted in the topologies above. 
  • Configure layer 3 interfaces on the switch located on the remote side of the bridge.
    • A transit VLAN (ie. VLAN 20 in diagram)
    • Any additional access VLANs for APs and clients
    • Configure the required static routes both upstream and on the remote side of the bridge. 
Subscribe
In response to GreenMan
noobnetwizard
Here to help
‎Dec 6 2023 5:40 AM
‎Dec 6 2023 5:40 AM

First thank you very much for such detailed and (sadly) clear feedback.

I agree that documentation did specify the LAYER 3 MS on far right...
I did not want to read that transit Bridge would not send any tagged frame 😄

 

But to be honest I wrongly suspected that documentation was not fully updated since following multivlan update:

noobnetwizard_0-1701868678695.png
(source: https://documentation.meraki.com/MR/Wi-Fi_Basics_and_Best_Practices/Extending_the_LAN_with_a_Wireles... )

Last question:
looking @ this :

noobnetwizard_1-1701869911356.png

Transit vlan (here VLAN2 20)  cannot be defined as an exiting one to extend left side L2VLAN /Broadcast domaine...
L3 routing is looking at your answer mandatory.

Bummer 

 

0 Kudos
Subscribe
noobnetwizard
Here to help
‎Dec 6 2023 7:25 AM
‎Dec 6 2023 7:25 AM

So M. Greenman in case I need to extend 2 vlans to a remote (13m) location if clients contraints me to have same broadcast domain would this architectcure be valid?
Inspired from the most basic first example from said documentation to extend L2 vlan 😄

 

noobnetwizard_2-1701876275800.png

 

 

 

0 Kudos
Subscribe
Ryan_Miles
Meraki Employee
Meraki Employee
‎Dec 6 2023 8:17 AM
‎Dec 6 2023 8:17 AM

@noobnetwizard  based on your diagram the far side switch does not need to be layer 3. This diagram is showing multi VLAN mesh and that feature needs to be enabled by Meraki Support on your repeater AP. You only require a L3 switch on the far end when there will be more wired Meraki APs connected to it.

 

I have essentially the same config in my lab right now.

 

Screenshot 2023-12-06 at 08.15.32.png

Subscribe
In response to Ryan_Miles
K2_Josh
Building a reputation
‎Dec 6 2023 5:18 PM
‎Dec 6 2023 5:18 PM

I haven't labbed this, but what you are describing seems to run counter to the "Extending the LAN and Configuring Network Segmentation" section where it says that allowing connectivity to any VLAN other than the one used on the wireless link "does require a layer 3 switch due to the nature of 802.11 frames preventing multiple VLAN IDs from traversing the wireless bridge link."

I can see in my console where it has the pop-up menu  for "Clients wired directly to Meraki access points" and then lists the SSIDs for the network. How have you set this up to allow for Layer 2 roaming to wired devices for multiple VLANs across one wireless link? What does support enable or setup when you engage them? This makes me wonder what other features are hidden like gnomes only to be revealed by calling Meraki support to ask for things that the documentation says are not possible.

0 Kudos
Subscribe
In response to K2_Josh
Ryan_Miles
Meraki Employee
Meraki Employee
‎Dec 6 2023 5:23 PM
‎Dec 6 2023 5:23 PM

At some point I hope the feature will be visible in the UI, but I don't control such things. Today, it's backend/device level on the repeater AP to enable trunking of the eth port and requires Support to enable it. 

 

And to be fair the doc does state it's possible.

Subscribe
In response to Ryan_Miles
K2_Josh
Building a reputation
‎Dec 6 2023 5:26 PM
‎Dec 6 2023 5:26 PM

I guess I didn't read that doc to the end. Thank you!

 

I'm still not sure one would configure the SSID, and potentially other configuration elements. But it's not a problem I need to solve today.

0 Kudos
Subscribe
In response to Ryan_Miles
noobnetwizard
Here to help
‎Dec 7 2023 1:31 AM
‎Dec 7 2023 1:31 AM

So I'd like to thank you very much for your answer.
So I would have avoided bothering any of you if following documentation (doc 1 below) is somewhat (complete from my perspective) contradiction with other documentation (doc2 below)  and with your very clear answer.

doc 1: Extending the LAN with a Wireless Mesh Link - Cisco Meraki
should be updated by
doc 2: Mesh Deployment Guide - Cisco Meraki
and ryan answer.

so in visual:

noobnetwizard_0-1701941328361.png

I suspect that this multi Vlan function is not very well known looking on the different thread I read before writing my ow.
@GreenMan  could also provide an updated opinion (or not) .
anyway thank you all I'll provide results.

0 Kudos
Subscribe
GreenMan
Meraki Employee
Meraki Employee
‎Dec 7 2023 2:12 AM
‎Dec 7 2023 2:12 AM

Proving things in a lab > reading a document every time - particularly if another document suggests something different.   I bow to @Ryan_Miles !     He and I have already been talking, in the back end and will be looking into how we can improve the documentation.

Subscribe
In response to GreenMan
noobnetwizard
Here to help
‎Dec 7 2023 2:16 AM
‎Dec 7 2023 2:16 AM

I did not mean to make anyone bow!
You were right from start to end according to official documentation.(Now I kinda feel like a J*rk)
I just wanted to make sure we all are on same page...
...

...
and depending on my lab result ...All (me included) bow to @Ryan_Miles ...:D

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.