Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
470
Views
1
Helpful
3
Replies

DNS Setting on GR10-HW-EU

Go to solution
chrisse
Level 1
Level 1

ā€Ž11-02-2024 01:54 PM

I have several GR10-HW-EU access points set up. They broadcast both Guest WIFI's (which I have configured in my Meraki Go App) and "ordinary" WIFI's (which use my IP Pool and DHCP provided by the central Cisco Business 350 Series Managed Switches). If a client connects to the "ordinary" WIFI's, which are part of my home network, they are assigned an IP from the configured IP pool.

The devices on my Guest WIFI are unable to reach devices in my "normal" network, which is what I want. I have seen that they are assigned a different IP address (like completely different IP address range) compared to my "ordinary" WIFI. So far, this is logical. Also note that the GR10-HW-EU-Access points all have a static IP address which is on the same subnet than my IP pool (but the access points have a static IP and do not use DHCP and the IP pool).

However, my central DNS is also part of my home network. I have configured each access point to use the DNS on my home network. I have realized that the Guest WIFI devices seem to use the DNS on my home network as well, which first appeared a bit strange to me. I thought that the Guest WIFI devices (different IP address) would be completely shielded from accessing any device in my home network. The devices as such (ie. my kids tablets are on guest wifi) are unable to access other devices on the local network directly (ie. cannot print on my printer in my home network), but it appears as if the access point then uses it's own internal IP address to route the traffic to the local network and the DNS (somehow behaving like a router).

Is this how it's supposed to work and is my explanation (that the AP indeed acts like a small router) sound and valid? Or am I missing a point here?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

ā€Ž11-02-2024 02:20 PM - edited ā€Ž11-02-2024 02:21 PM

This is also the way the "regular" Meraki APs do Guest-networks. The AP itself provides the new IP network and the AP applies NAT/PAT to all guest traffic and sends it out with it's own IP address. By default the AP itself is the DNS-server for the client and the AP forwards DNS to it's own upstream DNS server which is your internal DNS. But access-control should still be applied. Your guests might be able to resolve the names of your printer, but they can't reach the internal devices.

BTW: There is a dedicated community for Meraki Go: https://community.meraki.com/t5/Meraki-Go-Community/ct-p/go

View solution in original post

3 Replies 3

Go to solution
Karsten Iwen
VIP
VIP

ā€Ž11-02-2024 02:20 PM - edited ā€Ž11-02-2024 02:21 PM

This is also the way the "regular" Meraki APs do Guest-networks. The AP itself provides the new IP network and the AP applies NAT/PAT to all guest traffic and sends it out with it's own IP address. By default the AP itself is the DNS-server for the client and the AP forwards DNS to it's own upstream DNS server which is your internal DNS. But access-control should still be applied. Your guests might be able to resolve the names of your printer, but they can't reach the internal devices.

BTW: There is a dedicated community for Meraki Go: https://community.meraki.com/t5/Meraki-Go-Community/ct-p/go

Go to solution
chrisse
Level 1
Level 1

ā€Ž11-03-2024 11:13 AM

Thanks Karsten for your response and clarification. This confirms my observation.

Thanks also for pointing me to the Meraki-Community. I was unaware of this, as I used to post my Cisco Switch - question(s) in this forum. I'll stick to the Meraki Go-Forum for future Meraki-questions.

0 Helpful

Go to solution
Rich R
VIP
VIP

ā€Ž11-06-2024 02:18 PM - edited ā€Ž11-06-2024 02:18 PM

You don't have to use NAT mode.  In your case it would be better to use Bridge mode and leave the NAT to your home network.  That way all your wireless clients will be on the same broadcast domain/subnet and you'll be able to use peer to peer applications like printing

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Modes_for_Client_IP_Assignment
https://documentation.meraki.com/Go/Features/Meraki_Go_-_Wireless_Address_Translation

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card