HI,
I have 6 Meraki AP's connect to a Meraki MX67, but we have to change the MX67 and replace it with Cisco FTP firewall 1010 for some reasons.
My question is can we connect Meraki AP to Cisco FTP firewall 1010. If yes can you please share some ideas how ?
Solved! Go to solution.
The Firepower 1010 only has two PoE-Ports. So all APs are connected to a switch. The VLANs for the Wireless users are configured on the Firepower for everything that is Guest and IoT as I want a strict access-control and the internal Users VLAN is configured on the switch. The connection between switch and Firewall is a Trunk in this case.
DHCP is always running on the device that holds the VLAN, but it could also be done on the internal DHCP-server.
Configuring the FTD will be a little bit more challenging, that device is not as easy to configure as the Meraki MX.
Mx as wireless concentrator? Or are AP's using local breakout/bridge mode?
Yes its AP's using local breakout/bridge mode
I have 6 MR33 AP's now connected to MX64, and for some reason we need to replace the Mx64 with Cisco FTP, or Fortigate.
The APs are completely independent of your firewall as long as they can reach the Meraki cloud. And the FTD 1010 for sure works with these APs. In my office I also have a 1010 combined with my Meraki AP.
One drawback is that you will not have the complete visibility from client to internet as you can have it with the Meraki FullStack.
Thanks @KarstenI for the update
And i agree with you we will lose the Complete visibility from client to internet
Do you connect the Meraki AP directly to the FTP 1010 or to a switch ?
So you just created VLAN on the FTP1010 and configure the port to be Truck in order to pass all the Meraki VLANs (staff, and the Guest) ?
And then DHCP for the client
Any specific tips for the config or its straightforward as i never did a config for FTP devises
The Firepower 1010 only has two PoE-Ports. So all APs are connected to a switch. The VLANs for the Wireless users are configured on the Firepower for everything that is Guest and IoT as I want a strict access-control and the internal Users VLAN is configured on the switch. The connection between switch and Firewall is a Trunk in this case.
DHCP is always running on the device that holds the VLAN, but it could also be done on the internal DHCP-server.
Configuring the FTD will be a little bit more challenging, that device is not as easy to configure as the Meraki MX.
I have the FP1010 now with me
The existing setup is
Meraki MX64 connected to 3 switches SG350MP, and I have 6 Meraki MR33 connected to the switches and getting the VLAN’s, and DHCP from the Meraki MX64
I need to remove the MX64 and replace it with FP1010
But in FP1010 I can configure Bridge group to connect the 3 switches with same subnet but can’t create VLAN’s on bridge group to support the Meraki AP VLANS, VLAN can be created as subinterface on an interface !
And how to configure the FP1010 as truck ?
Thanks in advance
In this setup, the FP1010-interfaces are configured as Switchports and you configure VLAN interfaces that you can map to these switchports as either Access or trunk. It is pretty much identical as it was done on the MX64. Just do not use Bridge-Groups on the FP1010.
I am not sure if i get you correctly above is my interfaces
I am using Ethernet 1/1, and Ethernet 1/2 as WAN interface
And rest of the ports i need to use them to connect my 3 switches as a stunk on VLAN 1 and create DHCP for all the uses, and allow other VLANs and then connect my Meraki MR33 to the switches for the staff SSID will get the VLAN DHCP and Guest ssid will use another VLAN 10 with its own DHCP from the FP 1010 similar to the Meraki
If i removed the bridge then i need to configure the same VLAN's on all the ports which is not possible
So how can add the all Ethernet ports on one group and start assign VLANs on them simialr to the Mx74
Sorry but this is my 1st experience with FP if you can help will be really appreciated
Are you running an old Firepower version? Switchports were introduced in 6.5 and 6.6.1 is the recommended version.
@KarstenI Thank you very much again
Yes after upgrading my FP1010 i can see the switch port now so i have 2 smart switches connected to port 2 on the FP1010 and each one will be configured with switch port, with the native VLAN, and allowed VLAN
Native VLAn 1
Guest wifi VLAN 10 (used by the meraki AP)
And then connect the switches to these ports, and connect the Meraki Ap's to the switches with trink port as well and VLANs will work i assumed
That's the way it should work. And if not, you know where to get help ... 😉