Meraki

Community

Using MR86 with Verizon router - internet only access

Solved
alceryes1
Here to help
2 weeks ago
2 weeks ago

Using MR86 with Verizon router - internet only access

Standard Verizon FiOS router, default settings.

2x MR86 connected to dumb PoE switch which is connected to the FiOS router.

 

We want the wireless networks on the MR86s to be guest/public only, with no access to the internal network that the FiOS router gives off. Can I just create a wireless that uses the Meraki DHCP for connected clients? Would wireless connected users have any way of accessing devices on the FiOS network?

 

TIA!

Labels:
0 Kudos
1 Accepted Solution
In response to alceryes1
BrandonD
Meraki Employee
Meraki Employee
2 weeks ago
2 weeks ago

Hi @alceryes1,

 

Thats correct, we have a NAT Mode (Meraki DHCP) feature on our MR APs that will utilize the upstream MR AP's IP address and use a dynamic port for the downstream traffic.

 

Clients will get a randomized value in the 10.0.0.0/8 range based on a hash value of their MAC address - the below articles go more in depth on the specifics but in short the client isolation prevents any wireless clients from directly accessing anything on the LAN (defined as 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 destined IP addresses.)

 

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

View solution in original post

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Use the "Deny Local LAN" option.

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_...

 

alceryes1
Here to help
2 weeks ago
2 weeks ago

Got it.

So, set up the wireless using Meraki DHCP and then do 'deny local LAN access' and we should be good? No wireless clients should be able to access anything on the FiOS internel network?

In response to alceryes1
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

It doesn't matter whether you use Meraki DHCP mode or not.  Clients wont be able to talk to anything on the local LAN.

In response to PhilipDAth
alceryes1
Here to help
2 weeks ago
2 weeks ago

Thanks.

I was just concerned since a lot of WAPs don't/can't do DHCP on their own. Looks like the MRs can.

0 Kudos
In response to alceryes1
BrandonD
Meraki Employee
Meraki Employee
2 weeks ago
2 weeks ago

Hi @alceryes1,

 

Thats correct, we have a NAT Mode (Meraki DHCP) feature on our MR APs that will utilize the upstream MR AP's IP address and use a dynamic port for the downstream traffic.

 

Clients will get a randomized value in the 10.0.0.0/8 range based on a hash value of their MAC address - the below articles go more in depth on the specifics but in short the client isolation prevents any wireless clients from directly accessing anything on the LAN (defined as 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 destined IP addresses.)

 

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.