Re: MR76 Extending the LAN for wired clients (bridge mode) using integrated port on the MR76 (2024)

Solved!Go to solution.

Reply

Ryan / Meraki SE

If you found this post helpful, please give it

Kudos. If my answer solved your problem click Accept as Solution so others can benefit from it.

View solution in original post

1Kudo

Por profiles don't apply to MR76 - see here:https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/Port_Profiles#Applying_profiles_t...

It is possible though, in principle, to extend wired LANs across a Meraki MR-based wireless link, in roughly the way you want. You will want to read this thoroughly, if you haven't already: https://documentation.meraki.com/MR/Wi-Fi_Basics_and_Best_Practices/Extending_the_LAN_with_a_Wireles... You'll note that port profiles are not used as part of this setup.

For a visualization it should look something like this example. Just make sure in Network-wide you map the "clients wired directly to Meraki APs" to a SSID with the VLAN you want. It can be any bridge mode SSID including a SSID already used for regular wired clients.

Thank you for your response both, is there no way to set this with a limited set of APs? because what is being suggested would mean all our AP, network wide, if we plug a device on any ethernet port on any AP will pass traffic since SSID authentication is not used for clients attached to physical port which would be a security hole.

will allowing the SSID be available only to the repeater AP and the nearest mesh AP means that the other AP in the network will not pass traffic to that vlan if something is plugged to the ethernet port?

0Kudos

Meaning you have other mesh repeaters APs in this network and people could gain access to it physically to connect to the eth port and it would still be powered via some other source?

The wired port config is a network wide setting. I suppose the only way to limit the scope here is move two APs to their own network. One is the gateway and one is the repeater.

Hi Ryan,

We are now close to placing orders for a LAN Upgrade that includes two MR76's to provide a mesh link across a road to another building. The remote building will have an MS switch and a couple of MV cameras connected.

Will the remote MR76 boot up ok given that the LAN side of it wont have any internet hence dashboard connectivity when it boots, i.e. the mesh needs to form before the remote MR/MS/MV will have internet connectivity.

0Kudos

Yes, that will work fine. I would first boot all that gear up in a lab so the devices can update to the latest firmware and grab their configs. But it's not mandatory.

Thanks Ryan, yes that is my plan to build in a lab first.

Once deployed, when we do MR firmware upgrades is there any special consideration for this setup - i.e. with downstream switches you can do staged upgrades to prevent an upstream switch from rebooting whilst the downstream ones are still downloading firmware.

0Kudos

No specific guidance that I've seen. But to be safe with this setup you could just schedule the firmware jobs for different times. So, for example if there's new firmware for the MR, MS, MVs update the Cameras first, then the Switch, then the AP. Keeping in mind that will of course cause two reboots of the AP (two outages for the remote building).

0Kudos

0Kudos