Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6808
Views
5
Helpful
9
Replies

Traffic isolation

Go to solution
Vl@d@Ni
Frequent Visitor
Frequent Visitor

‎08-29-2019 06:21 AM

Hi all,

I am scratching my head how to isolate the traffic for management and data plane.

Scenario is following:

- I have local management system which I need to use. It is on the local lan

- I have two SSIDs, Corp and Guest

Question is for do I change the gateways so that my mgmt traffic goes other way then the rest of the traffic. If I change the default gateway on AP it will send all traffic that way.

I want different gateways for management and different for WiFi users.

Any advice ?

BR
V

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
9 Replies 9

Go to solution
Nolan H.
Level 11
Level 11

‎08-29-2019 06:24 AM

Unless my coffee isn't kicking in yet, you want to use VLANs.

Do you have them already set up on the LAN side? If so, on the SSID Access-Control page you want to configure the option to drop the traffic off onto the VLAN you want. Make sure the AP is connected to a trunk port.

Are you using Meraki switches as well?

Go to solution
Vl@d@Ni
Frequent Visitor
Frequent Visitor
In response to Nolan H.

‎08-29-2019 06:31 AM

Sorry I didnt explain that fully.

Yes I do have AP connected to the L2 switch and yes it will be a trunk. I want to have mgmt vlan and LAN vlan.

Mgmt vlan needs different gateway then LAN vlan.

Switch will be Meraki and Cisco depending from the size of the branch.

0 Helpful

Go to solution
ww^
Meraki Community All-Star
Meraki Community All-Star
In response to Vl@d@Ni

‎08-29-2019 06:36 AM

your ip and gateway of the AP is for the ap management. but also for your ssid in nat mode.

if you configure your ssids for bridge mode you can set the vlan you want the ssid traffic in.

make sure your switches allow these vlans on the trunks to your layer3 device that is the gateway for these vlans

0 Helpful

Go to solution
Nolan H.
Level 11
Level 11
In response to ww^

‎08-29-2019 06:41 AM

If you want the AP to grab an IP on the management VLAN, on the trunk port, set the native VLAN to that management VLAN ID. On the SSID, don't tag it and it will drop clients onto that native VLAN. The other SSID you'll want to set to bridge-mode and tag.

Or if you have the AP on a 3rd separate vlan, use that as the native and set the corp SSID to the VLAN you want.

Let me know if that works
0 Helpful

Go to solution
Vl@d@Ni
Frequent Visitor
Frequent Visitor
In response to jdsilva

‎08-29-2019 07:27 AM

This is exactly what would solve my problem. Separating the data from mgmt traffic. I will give it a try.

AMI - traffic flow.png

Go to solution
Nolan H.
Level 11
Level 11
In response to jdsilva

‎08-29-2019 07:33 AM

@jdsilva wrote:

Perhaps this new feature will help you with your ask?

https://documentation.meraki.com/MR/Other_Topics/Alternate_Management_Interface_on_MR_Devices

Good catch !

I always forget about that feature

0 Helpful

Go to solution
jdsilva
Level 11
Level 11
In response to Nolan H.

‎08-29-2019 07:37 AM

@Nolan Herring wrote:

Good catch !

I always forget about that feature

Yeh I haven't actually tried this out myself yet so it's not really on my radar, but for whatever reason I thought of it when I saw this question. Definitely interested to hear how you make out with this @Vl@d@Ni .

http://blog.brokennetwork.ca | @jdsilva
0 Helpful

Go to solution
Vl@d@Ni
Frequent Visitor
Frequent Visitor
In response to jdsilva

‎01-06-2020 03:08 AM

This feature works only on APs unfortunately :(. On MSs is still work in progress.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card