Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2661
Views
3
Helpful
4
Replies

IP Obfuscation for Guest VLAN

Go to solution
Vaibhav Vishnoi
Visitor

‎08-23-2023 03:33 PM

Hi Experts - need your advice on following situation.

We need to create a GUEST VLAN in our Meraki Setup, and my project manager requesting if we can obfuscate the public IP for Guest users.

Is there a possibility with a setup where we have only Meraki MS Switch and Meraki WAPs .. uplink firewall is not from meraki.

Please let me know.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Brash
Meraki Community All-Star
Meraki Community All-Star

‎08-23-2023 04:08 PM

There's really no way to do this with the Meraki gear.

Users will always be able to lookup their public IP address by going to a page like Instant IP Address Lookup (whatismyipaddress.com)

The only options that come to mind are:

  • Tunnel all traffic to a SaaS gateway/VPN (Cisco Umbrella, ZScaler, Cloudflare etc.) so that their public IP is what will show, not your one.
  • ISP configured CG-NAT, in which your outbound IP address will actually be a private IP NAT'd to the ISP's public IP.

That being said, I don't think either of these options are justifiable for that specific purpose alone.

View solution in original post

4 Replies 4

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎08-23-2023 03:38 PM

What do you mean with obfuscation? Could you please explain it better?

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Go to solution
Brash
Meraki Community All-Star
Meraki Community All-Star

‎08-23-2023 04:08 PM

There's really no way to do this with the Meraki gear.

Users will always be able to lookup their public IP address by going to a page like Instant IP Address Lookup (whatismyipaddress.com)

The only options that come to mind are:

  • Tunnel all traffic to a SaaS gateway/VPN (Cisco Umbrella, ZScaler, Cloudflare etc.) so that their public IP is what will show, not your one.
  • ISP configured CG-NAT, in which your outbound IP address will actually be a private IP NAT'd to the ISP's public IP.

That being said, I don't think either of these options are justifiable for that specific purpose alone.

Go to solution
Vaibhav Vishnoi
Visitor

‎08-24-2023 06:01 AM

Thanks Brash - You are correct, I have done Obfuscation using the mentioned options. Was just wondering if Meraki has any magical feature. Thanks so much for the time and updating the answer. Much Appreciated.

0 Helpful

Go to solution
DainBrammage
Level 7
Level 7
In response to Vaibhav Vishnoi

‎08-29-2023 01:30 PM

Why does a project manager have any say at all.😁 Foe what reason would you want to hide their egress point to the Internet? If the circuit is also used for your corporate /business traffic then you are far better served installing a local Internet egress circuit on an MX or some other gateway that serves GUESTS only, IMO

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card