SSID Tunneling

Solved
Fabian17
Conversationalist

SSID Tunneling

Hi

 

i'm trying to set up SSID Tunneling. I used this documentation: SSID Tunneling and Layer 3 Roaming - VPN Concentration Configuration Guide - Cisco Meraki

 

The MX is in passthrough mode und has a cable in "internet" and Port 3. But i get a BPDU Error on Nexus side on both ports when i insert Port 3. Why is that?

 

Thanks for your help

1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee

Passthrough where you connect the WAN port and a LAN port is for placing the MX inline and doing traffic inspection and optional enforcement.

 

If you want to use the MX for SSID tunneling you should be using concentrator mode topology in which you only connect the WAN port. The MX would typically reside in a DMZ network only connected via its WAN port. All traffic entering and exiting on that same WAN interface.

 

I show an example topology in this old thread https://community.meraki.com/t5/Wireless-LAN/Reference-architecture-for-Guest-SSID-tunneling/m-p/151...

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

2 Replies 2
KarstenI
Kind of a big deal
Kind of a big deal

How did you cable it? This is the expected topology for passthrough:

 

fb09065b-2fdd-4a18-bd41-213d2b645527.png

 

 

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Ryan_Miles
Meraki Employee
Meraki Employee

Passthrough where you connect the WAN port and a LAN port is for placing the MX inline and doing traffic inspection and optional enforcement.

 

If you want to use the MX for SSID tunneling you should be using concentrator mode topology in which you only connect the WAN port. The MX would typically reside in a DMZ network only connected via its WAN port. All traffic entering and exiting on that same WAN interface.

 

I show an example topology in this old thread https://community.meraki.com/t5/Wireless-LAN/Reference-architecture-for-Guest-SSID-tunneling/m-p/151...

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels