Wireless Access

We want to add a cisco meraki switch from our customer.
Adding a universal snmp device, we need t provide an ip , should this be the Public Wan IP from customer office, or the lan ip of switch?

I assume your AMP server is on a different network and you connect to your customer site through their public IP? Do they only have a single public IP? And do you have a VPN connection between your network and theirs? If you have a VPN, you can point to their local IP. If you do not, they will have to enable port forwarding for SNMP and likely PING from their public to their internal Merakit switch IP (this might not be possible, it depends on their setup). If they have multiple public IPs, they can NAT their meraki to one of their publics not in use.

Our Airwave is in a datacenter and manages customers IAP clusters. So no we are not connected to their LAN or connected by VPN.

So this customer has one Meraki.

Another customer has 4 switches - we probably have to monitor - using Airwave. So hows that working then, when no vpn is in place, and assume they have mac two wan ip's?

Unless someone else on here has a better idea, if their network is private and yours is private, separated by the internet, you either need a VPN, or they have to do some specific NAT-rules and/or port-forwarding on their side to present to you access to their internal IPs from an external networks/internet. 

I would always setup a vpn to each customer with ACL's on it. Never send this management traffic over the Internet. But that's just my two cents

1000% agree with MrZero, but if you don't care about security and you use RO SNMP strings and proper firewalls, risk can be minimized. It's just MUCH more work and likely equipment to get a proepr firewall with ACLs at each customer site versus standing up a simple VPN solution.