Re: Meraki MX DHCP capabilities in SSID VPN concentrator mode

steve.blunt · ‎12-02-2019

Hi is it now possible to configure MX appliances in SSID VPN termination mode to act as a client DHCP server, this was not supported last time I looked.

Thanks

balaji.bandi · ‎12-02-2019

not sure is this what you looking :

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roaming_-_VPN_Concentration_Configuration_Guide

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

steve.blunt · ‎12-03-2019

Hi, yes I have seen this guide thanks, but there is no reference to DHCP capabilities. All that is required is for the MX to support DHCP for clients connecting to an SSID which terminates its tunnel on the MX

Karsten Iwen · ‎12-03-2019

I'm also not sure if this is what you want:

When tunneling an SSID to an MX, you specify a local MX VLAN to terminate the SSID on. This VLAN is configured for DHCP and the client gets an IP out of that pool.

steve.blunt · ‎12-03-2019

I think this is saying that the MX receives its IP address via DHCP, the documentation does not refer to the MX been able to run DHCP services to facilitate client addressing

Karsten Iwen · ‎12-03-2019

The MX can get its IP in any way: static, DHCP or PPPoE. But for a central device running as a concentrator I would only use an internet-connection with statically assigned IPs.

For the client-addressing: Running a DHCP-server is one of the base features of the MX. Probably that's the reason the above document does not mention it.

steve.blunt · ‎12-03-2019

Hi thanks for the reply. I was lead to believe the MX in VPN concentrator mode (one arm) was not capable of running client DHCP services. I'm struggling to find anything official in writing

Karsten Iwen · ‎12-03-2019

Ok, I think I really did not get your environment. Up to now I only ran the concentrator on devices in NAT-Mode. Although "officially" unsupported it works fine. You are right that in passthrough there is no DHCP-server. But you should be able to provide DHCP-services from the upstream device. Or is exactly this what you want to avoid?

steve.blunt · ‎12-03-2019

Hi thanks for coming back, all I'm looking for is for the MX to be a DHCP server when used to terminate SSID tunnels, Meraki's validated design says use one-arm pass through mode but does not mention DHCP capabilities

Karsten Iwen · ‎12-03-2019

Yes, here you are right that the MX still can not provide DHCP. Is there any reason you don't want to use the upstream device at your MX-location for this task? There has to be a L3 device like a router or a firewall and that device should provide DHCP or at least send the DHCP-requests as a relay to the corporate DHCP server.

steve.blunt · ‎12-03-2019

The reason for wanting the MX to provide DHCP is simply this is the case for the clients legacy on-prem wireless LAN controller. Effectively the client will need to provision a DHCP server for the Meraki solution as this functionality is not supported...shame really

Karsten Iwen · ‎12-03-2019

In this use case I would look into the option to use the MX as the main firewall and use NAT-mode where you also can use DHCP-server.

nmeadows02 · ‎08-24-2020

Hi,

The problem is this doesn't solve the essential question, which is how to get an MX concentrator at say the Headquarters site in "Passthrough mode" to service DHCP for wireless clients at a branch site? Given that the MX concentrator in one armed passtrhough mode, has no ability to run a DHCP server.

However, the above configuration, but with the MX concentrator in NAT or routed mode, works, but is not supported by Meraki and anyway (in my environment at least) the speed at the wireless client is very poor.

Meraki MX DHCP capabilities in SSID VPN conentrator mode