When an SSID is configured in NAT mode, wireless clients will point to the MR access point (AP) as their DNS server. The AP then acts as a DNS proxy, and will forward clients' DNS queries to its configured DNS server. This article shows how to set custom DNS servers for a NAT SSID, instead of using the AP's DNS server. This is typically used to forward NAT SSID clients to a DNS server with custom content filtering.
NAT mode with Meraki DHCP allows a MR Access Point to provide client addressing by running its own DHCP server to simplify management, allow guest access, and provide client isolation functionality.
A RADIUS server has the ability to send VLAN information to the AP in RADIUS Access Accept messages. To send VLAN information, three required RADIUS attributes must be configured in your RADIUS policy:
Using an MR access point, if a client connects to an SSID set for NAT Mode, it will be put on an isolated 10.0.0.0/8 network that can then be granted limited access to the local LAN. This can cause conflicts if a 10.x.x.x addressing scheme is in use elsewhere on the network. This article describes how a conflicting subnet between NAT Mode's Meraki DHCP and a site-to-site VPN subnet is handled, as well as recommended solutions.
It is often necessary to configure VLANs on your network to limit broadcast traffic, segment traffic, or restrict traffic for security reasons. If you already have VLANs implemented on your wired network, you can extend this to your wireless network as well with MR Access Points which support IEEE 802.1Q VLAN tagging in Bridge mode. These VLAN tags can be applied per-SSID, per-user, per-device or per-AP
