cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5166
Views
0
Helpful
4
Replies

Meraki MX and MR | SSID with VPN: tunnel data to a concentrator settings

Hello there. 

We are planning to deploy more than 500 Meraki APs for a Free Public hotspot.

The reason why we use this settings is that we wanted to terminate MRs to a DSL internet line and can still provide services like DHCP, DNS and Portal that is behind the MX which is located inside our network.

Here's the high level call flow.

WiFi users > open SSID (with VPN tunnel data to concentrator) MR APs > DSL router > Internet > MX > internal network (DHCP, DNS, PORTAL) > wifi user GW > FW > Public Internet

When WiFi users connect to SSID,

1. User will get an IP address from DHCP from internal network

2. User will then browse and gets redirected to a PORTAL

3. User will accept and agree some pages in PORTAL

4. User will then be connected to the Public Internet

Here are my questions, If I'm going to put Meraki MX600 as concentrator, then

1. What is my expected number of WiFi device that can tunnel in this open SSID? Is it 10000 as stated in Datasheet in Recommended Max Client?

2. What is the recommended number of APs that can tunnel?

3. What is the recommended number of network that can be used?

Hoping on your expert advice on this one. Thank you so much.

Regards,

Dave

4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

It will be a million times easier if you use just the Meraki access points, and a third party portal service like Splash Access.  Trying to tunnel that many units back to a central location will require huge amounts of bandwidth and may be challenging to scale.

1. Yes, I expect it should be able to handle 10,000 users in total - not concurrently.
2. I believe it can support 5,000 concurrent access point tunnels.

Hi Philip,

Appreciate your reply. I do agree that this will definitely require huge bandwidth as all AP will tunnel back to the MX. Our client do have an existing PORTAL in placed.

Follow up questions,

1. May I know the concurrent users that MX600 can handle?

2. When you say "it can support 5,000 concurrent AP tunnel" its means and it has something to do with MX600 Max VPN sessions capability?

Thanks!

Dave

 

1. Not sure.  A lot.  A substantial portion of the 10,000 users.

2. Yes.

Have you considered using L2TPv3 mode?  When you do this, you have to terminate the connections on something like a Cisco ASR.
https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/L2TPv3_Concentration_for_SSIDs

It will still be much simpler terminating them on an MX600, but I just mention it so you are aware of that option.

Thanks again Philip.

About L2TPv3 /or EoGRE for SSIDs, I would love to test but I find no detailed documentation (technotes) regarding these setups.

Dave

Review Cisco Networking for a $25 gift card