Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About techsupportdor
techsupportdor
Here to help
Member since Jul 10, 2019
Mar 3 2020
Community Record
8
Posts
0
Kudos
0
Solutions
Badges
Mar 3 2020
2:22 AM
Hi BrechtSchamp, thank you for your comments. So installing the APs inside your firewall and using the Meraki DHCP is just as secure as installing the APs in your DMZ and using your firewall to secure the traffic. I have used the Meraki DHCP before for guest SSIDs but it does sometimes conflict with Guest VPN connections due to conflicting network ranges.
... View more
Mar 3 2020
2:00 AM
Hi All, I'm just looking for views on the best way to deploy a new wireless network with regards network security. Should you place all the access points in a management dmz so it is physically in an isolated location on your firewall? Then use your firewalls security policies to allow say the Corporate SSIDs VLAN through onto the trusted network. Then with a guest SSID, just allow that VLAN access to the internet. Or do you use the builtin security on the Meraki APs and secure the network from the access point. I have deployed Meraki APs before, but was told to put them in a DMZ as above, but that then has a performance impact as the traffic is inspected by the firewall. Any suggestions on how you do it are welcome. Thanks
... View more
Jul 16 2019
8:51 AM
Hi SELBYCA, Thanks for your input. Please see my current working config EX2300 v3 and a config from an EX2200 v1 which is doing the same role. With regards to the EX2200 config, it is patched to an interface on a Fortigate Firewall with the main interface being the WirelessDMZ, then all the other subnets are subinterfaces and configured as vlans. The EX2200 is works as intended with the default untagged vlan being the WirelessDMZ and all the other vlans tagged. The EX2200 in this instance is the core switch with three other WirelessDMZ switches uplinking to it. When an "AP" is patched to a trunk port, it receives an IP address from the WirelessDMZ range, which is the management vlan, then each SSID with issue an ip from any other the tagged vlans depending on what vlan id the ssid has. I have tried to replicate the config in the EX2300 as in the EX2200, but I suppose that dealing with different switches and different firewalls, you don't always get the result you want, unless I'm missing something.
... View more
Jul 15 2019
7:56 AM
I have taken another look at the switch config and made the following changes. I have made the default native vlan, 89. I have managed to get it all working, but not quite how I would have wanted it. To make it all work, I've had to add the default vlan into each member vlan and it works. Its this correct? EX2300 Config v2
... View more
Jul 12 2019
5:54 AM
Hi, I think that would be my preferred option. I want my default vlan to be 89 as it is the management vlan and only APs will be patched into the switch. The MX is running DHCP.
... View more
Jul 12 2019
5:52 AM
Hi, although LACP is configured, Its only using one link, so I could probrarly remove it. There is no config for LACP on the MX.
... View more
Jul 12 2019
5:51 AM
Hi, thanks for the suggestions, I will check the dhcp relay, and report back.
... View more
Jul 10 2019
8:24 AM
Hi, I have a MX65W which I plan to install into a small site along with a handful of MR32/33s. As the MX65W only has two POE ports, I have a Juniper EX2300 ready to patch into the MX65W and then patch the access points into the EX2300. I have a configured a port on the MX65W as a trunk and set the native vlan to 89. On my EX2300, I have created a trunk port and again set the native vlan to 89. I have then also added vlans 90 and 91 as members so that traffic from those vlans can pass up the trunk. To test, I have set a port on the EX2300 to an access port and then set it to either vlan 90 or 91, but the traffic never gets there and the client doesn't receive a dhcp address from the MX65W. I'm I missing some config on the EX2300? I'm sure its a vlan tagging issue, I just can't see where. Has anyone got a Juniper working like this with a MX firewall? Switch config
... View more
© 2024 Cisco Systems, Inc.
