Meraki

Community

Terminate Remote APs to MCG?

FlyingFrames
Building a reputation
2 weeks ago
2 weeks ago

Terminate Remote APs to MCG?

Would it be possible to terminate remote APs for people working from home to an MCG in the data center? Or will the RTT limit of <20ms play spoil sport there?

0 Kudos
8 Replies 8
RaphaelL
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Where is that 20ms limit from ?

0 Kudos
In response to RaphaelL
FlyingFrames
Building a reputation
2 weeks ago
2 weeks ago

https://rowelldionicio.com/cisco-unveils-meraki-campus-gateway-a-cloud-managed-overlay-for-complex-n...


It says:

"

RTT < 20msMust be in the same geographical area, same cluster"
0 Kudos
In response to FlyingFrames
FlyingFrames
Building a reputation
2 weeks ago
2 weeks ago

"Campus Gateway and AP should be part of the same geo location (RTT<20ms) > Focus at FCS is on Campus deployments"

https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2025/pdf/BRKEWN-2046.pdf

In response to FlyingFrames
RaphaelL
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

I wasn't aware of that presentation. Such a great read !

rhbirkelund
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

20 ms RTT is the official number from Cisco. Would it work with higher RTT? Most likely. 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
In response to rhbirkelund
AlexanderN
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
2 weeks ago
2 weeks ago

This is not a supported use case, so please do not use Campus Gateway in this way. If you need a remote SSID termination, please use VPN tunnel data to concentrator MX appliance or another appropriate option.

In response to AlexanderN
rhbirkelund
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

I am not implying that it is supported. Simply stating numbers. 

 

From what I understand, 20 ms RTT is the requirement between AP and CCG. Is it a hard limit? I doubt it, so with longer RTT it would probably still work.

 

From my understanding, it's possible to have the MCG assigned one network, and have APs on several other networks, all connecting back to the same MCG. That way, sites can be segregated, and all still have one exit point, much like the Local Mode APs we know today on 9800 platform. 

 

Of course, the APs need to have a way back to the MCG. Whether this is a routed link or a VPN connection, who knows. As long as there is a route back, that is not Internet.

 

All I'm saying is, will it work? Likely, yes. 

Is it supported? No.

As is the case with most corner-case Cisco deployments. 

 

And if it doesn't work? Too bad, it should have been tested in a POC before deployment.

 

 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
justloo
Meraki Employee
Meraki Employee
a week ago
a week ago

There are two other factors to consider here for the CCG right now:

  1. We do not support going through NAT from AP to CCG. You would either need some sort of site-to-site tunnels (ex. AutoVPN) or give the CCG a public IP.
  2. Please also consider that the data plane is not encrypted at FCS. We are bringing support for VXLAN encryption starting with MR/MCG 32.2 release train.

    So even if you were to tunnel the remote APs to the Campus Gateway, you would need a way to securely transport the traffic.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.