Hello, so I was watching this YouTube video (https://youtu.be/FFOwt6jTEgE?si=qlN6PFEB_H8OVT-t) about tunneling guest traffic back to the HQ where a MX is being deployed as a VPN concentrator via a MPLS network. My question is, how does the MR get access to the internet in the first place in order for it to connect to the Meraki dashboard. Forgive me if it’s a dumb question, I’m new to Meraki.
Like any Meraki device would on a LAN. As long as the AP can route through the internal network and NATs at the edge FW it can reach dashboard.
Totally fine, just don’t put the AutoVPN tunnel from the AP inside another tunnel. Not sure if you’re doing that, but just FYI.
I’m generally not a fan of SSID tunneling, hopefully it’s something you actually need and you’re not just trying to replicate traditional WLC behavior.
Your question has already been answered but I wanted to add some info incase you are trying to implement a tunneled guest SSID.
One of the cool things with Meraki and I think Roger has missed a trick here is that you don’t need your VPN concentrator as part of your internal network at all. You can deploy two MXs with a ‘dirty’ internet circuit. Put one in L3 mode and one in Concentrator mode and completely air-gap your guest traffic.
There is obviously more cost to this but, it means your corporate IP space is being used by guest traffic.
So this is the exact same thing that’s assumed here?