Meraki

Parm · ‎Oct 2 2019

I would like to create a 3 SSID networks using my MR52 device
The 1st as a guest network going out on one gateway IP via my Juniper firewall. Using the built in NAT from Meraki.
The 2nd will be a developer network going out on the default gateway IP via my Juniper firewall. Using the built in NAT from Meraki.
The 3rd will be our corporate LAN (direct access) in bridge mode.
Is this possible to create using just my Access Points?

Nash · ‎Oct 2 2019

Yes, you should be fine to do that. Make sure you configure the wireless firewall between your NATted (Meraki DHCP) SSIDs to deny access to LAN. Meraki DHCP by default will NAT all traffic to the IP address of the Meraki AP, so your Juniper will see all that traffic as coming from the AP.

I'm not sure I'd configure your guest and dev with Meraki DHCP for the reason above. Also, if you ever add another Meraki AP, it impacts client experience during roaming between APs. Clients will have a full disassociation/association process as they move around. So if they're on a phone/video call, it may drop.

I would create separate DHCP pools for guest and dev with attendant vlans, tag the vlan on the SSID, and utilize wireless client isolation instead. It's more work up front, but leads to better client experience long term.

Windows 10 Client VPN scripts: Makes life better!

kYutobi · ‎Oct 2 2019

I would create separate DHCP pools for guest and dev with attendant vlans, tag the vlan on the SSID, and utilize wireless client isolation instead. It's more work up front, but leads to better client experience long term.

@Nash Agreed. 👍

Enthusiast

Meraki

Community

SSID with network isolation

SSID with network isolation