Thanks I was really hoping to see if anyone else is using the 'single IP' method for both interfaces. Or maybe I am the only one who doesn't follow the rules. To tell the truth, I was in a bind and had to make it work. New customer asked to have a new site setup just like their others. And all the other sites were setup like that (so I am not the only one). ISP only gives a /30 and no other L3 devices on premise. You have to get a little creative to configure it. The portal will not let you make the Layer 3 interface IP the same as the Management interface IP. But the local access web page will let you make the Management interface IP the same as the Layer 3. So you have to initially set it up at a different site that already has connectivity, and configure the L3 interface while the Mgmt is different. Then bring the switch to the site and use the local access web page to change the Management interface. I know it's not right, but it seems to work. I don't know if the MAC address of the Management interface is the same as the Layer 3 interface. And I don't have one to play with right now. Just worry as I stated - the upstream router might be ARPing all over the place, or Meraki might make a change down the road that really prohibits this. Thanks again for the feedback.
... View more
If it was me, I would just expand your pool of IP address space for the devices that are attaching. Note that you do expose yourself to a possible DHCP exhaustion attack using the approach you are using (and you are in a school ...). With a DHCP exhaustion attach you can download existing attack tools, and all they do is send DHCP requests using different MAC addresses until the DHCP server has no IP address space left to give out to real clients. The second approach I would use is to just use a NAT mode SSID. With 16 million IP addresses it makes a DHCP starvation attack improbable. With the hashing method that Meraki uses with a NAT mode SSID to generate DHCP client addresses - it is probably impossible.
... View more