The DHCP server run by the Cisco Meraki AP provides addresses in the 10.0.0.0/8 subnet (10.x.x.x). Outbound connections will be initiated with the LAN IP address of the AP using Network Address Translation. Wireless clients that connect to the network will be given the following configuration via Meraki DHCP:
A wireless network using NAT Mode with Meraki DHCP can be seen below in Figure 1. When clients on the wireless network access resources upstream of the AP, their IP addresses will be translated to the IP address of the AP (192.168.1.1).
Figure 1 - NAT Mode with Meraki DHCP
NAT mode with Meraki DHCP isolates clients. Devices with a Meraki DHCP address will be able to access external and internal resources, such as the Internet and LAN (if firewall rules permit). However, connected clients will be unable to contact each other. The client isolation features of Merkai DHCP can be seen above in Figure 1. Client A and Client B can both access the Internet. When Client A wants to send traffic to Client B, the traffic will reach the AP. However, the AP will not forward this traffic to Client B. Therefore, the two clients are isolated from each other.
Configuring NAT mode with Meraki DHCP
To configure NAT mode with Meraki DHCP on an SSID, follow the directions below:
There are a few common problems that can arise when deploying NAT mode with Meraki DHCP to provide client addressing. These problems are outlined in greater detail below.
Figure 2 - Preventing inbound connections
The issues described above can be resolved by using bridge mode for client addressing. Bridge mode simply passes traffic between the wireless client and wired distribution system. An upstream DHCP server will be required to handle client addressing.
For additional information about NAT mode with Meraki DHCP and client addressing, please consult the following documentation and Knowledge Base articles:NAT Mode