Extending the LAN with a Meraki wireless mesh link

Meraki_Wireless-Bridge

Cisco Meraki access-points can operate as mesh repeaters, which allows them to extend the wireless network range. Since repeaters also support wired clients plugged into their wired interface, a repeater can be used to bridge a remote LAN segment back to the main network.

This article explains how the LAN can be extended via a wireless bridge, including limitations and requirements. There are 3 supported designs for extending the LAN via wireless mesh.

  1. Extending the LAN for wired clients
  2. Extending the LAN for a mixture of wireless access points and wired clients
  3. Extending the LAN for wireless access points (Introduced in version MR 25)

 

1. Extending the LAN for wired clients

The goal is to utilize mesh repeaters to serve remote wired clients.

Topology example

Meraki_Wireless-Bridge

Configuration

Go to o Network-wide > Configure > General > Device configuration, find the option to configure Clients wired directly to Meraki APs and set that option to have clients Behave like they are connected to the bridge SSID, as shown below:

Meraki-bridge-configuration Requirements and restrictions

  • At least one SSID in bridge mode must be configured in Dashboard (can be an existing SSID used by clients, but must be in bridge mode).
  • The APs must be configured to share the bridge SSID over their interface.
  • The authentication type of the SSID does not matter, wired clients will bypass authentication and gain network connectivity as though they had associated to that SSID.
  • VLAN tags are not maintained across wireless mesh links. Any VLAN tags applied by wired infrastructure will be stripped before sent across the air. By extension, wired clients across the mesh link do not support the use of VLANs applied by Group Policies.

2. Extending the LAN for a Mixture of Wireless Access Points and Wired Clients

Wireless access points and wired clients may coexist on a remote LAN segment served by a repeater AP as long as there is a router segmenting the wireless bridge from the remote wired devices. This segmentation is to keep the possibility of network loops to a minimum.

Topology example

Meraki_Wireless-Bridge-2

Configuration

Follow the same configuration detailed in the “Extending the LAN for wired clients” section. Configure the SSID for bridge mode on Wireless > Configure > Access Control.

 Requirements and restrictions

  • At least one SSID in bridge mode must be configured in Dashboard (can be an existing SSID used by clients, but must be in bridge mode).
  • The APs must be configured to share the bridge SSID over their interface.
  • The authentication type of the SSID does not matter, wired clients will bypass authentication and gain network connectivity as though they had associated to that SSID.
  • VLAN tags are not maintained across wireless mesh links. Any VLAN tags applied by wired infrastructure will be stripped before sent across the air. By extension, wired clients across the mesh link do not support the use of VLANs applied by Group Policies.
  • The router (firewall MX in this case) on the right must act as a DHCP server or relay for the VLAN 2 network.

3. Extending the LAN for Wireless Access Points

It is possible to connect multiple repeaters together using Ethernet to increase the mesh speed of the Meraki network. This configuration is referred as a wired hop or Mesh over Ethernet configuration.

A common scenario would be for one “relay” access point to have a solid mesh link to a distant gateway and its Ethernet port is connected to an isolated switch. The other repeaters APs could then be connected to this switch for mesh communication. The switch connection allows for the mesh to be extended beyond the capabilities of wireless mesh. Also, on dashboard, all relay access points on the isolated switch will report a mesh throughput equivalent to that of the relay access point with the strongest mesh speed.

Topology example

Meraki_Wireless-Bridge-3

 

Configuration

No special configuration is needed in this case. This is the default mesh behavior.

 Requirements and restrictions

  • It is important to not have any other computers or network services such as DHCP running on this switch or the relays will change to gateway mode causing unpredictable network behavior.
  • IP communication outside of the proprietary mesh traffic will be blocked by the MR repeater, so IP access to the remote switch will be lost. In order to mix IP and mesh extension, a router would need to be introduced as described on point 2.
  • This topology is supported in wireless firmware version 25.2 and later.

     

Leave a Reply

Your email address will not be published. Required fields are marked *

*