Meraki Z3 and issues with AT&T homebase wifi router

Kristin
Here to help

Meraki Z3 and issues with AT&T homebase wifi router

Hi all

 

I am a remote worker for Geisinger Medical Center and we recently switched over from Cisco ASA boxes to Meraki Z3. I have not had any issues in the past 4 years working from home with my Cisco ASA box and my wifi router. Now that we have switched over to the Z3, my Meraki WILL connect to my att internet router BUT will not recognize my company's IP address. Networking said I need to reach out to AT&T and have them "reset the card/SIM setting"?? When I tried to explain this to the ATT IT guy, he was like no, your company needs to go into the Meraki Z3 and authorize the IP address?  I'm confused and wondering if anyone can help. In the meantime, my company is re-programming another ASA box for me to use at home but they really want us all switching over to these Meraki Z3 boxes.


Thank you

20 REPLIES 20
Uberseehandel
Kind of a big deal

I have a Z3C.

 

When attached to the home network, the Z3C's Internet port  is connected via a MS to a MX. The MX passes through the dynamic external IP address via a LAN connection to a third party security appliance with a WAN port connected to a modem and receives the ISP supplied dynamic IP address in the first place.

 

Both the MX and the Z3C show WAN 1 as being Active with the same ISP supplied dynamic IP address.

 

It does not work properly when the Z3C's internet port is connected to a VLAN port. If the Z3 is connected to an ISP modem, then make sure that PPPoE is configured on the Z3 internet port. If connecting to a router, set up a subnet on the router.

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Thank you! I'll report back to my networking team with this information. Hopefully it helps.

I'll keep you posted

 

 

Robin, why are you mentioning a Z3C, MS and MX. The OP never mentioned any of these.

Kristin - do you have ATT uVerse?


@Aaron_Wilson wrote:
Robin, why are you mentioning a Z3C, MS and MX. The OP never mentioned any of these.


Settle down Aaron

 

The Z3C is a Z3 with a LTE modem. At no point do I discuss the LTE functionality. However, the OP does make mention of being asked to have ATT "reset the card/SIM setting", so possibly has a Z3C, rather than a Z3.

 

The OP reports that the Z3 is connected to an ISP supplied router. I have described how my Z3C is indirectly attached to a third party router/security appliance, as well as how it is configured when attached directly to a modem/ISP device, covering the bases. It might be  a bit technical, but network administrators are involved in sorting out the problem.

 

The MS was mentioned because of completeness and to indicate that there are no particular port requirements on the upstream device, just an uplink port. In a domestic environment, it may well be more convenient to connect the Z3(C) to the ISP router via a switch. In a domestic situation there may well be subscriptions to such services as multicast IP TV, Chromecast capable A/V equipment, Smart TV/Monitors and IoT derived equipment. From a functionality and security viewpoint it is mandatory/preferable to separate out these packets before it gets anywhere near Meraki security appliances.

 

At this juncture, I have not addressed potential double NAT issues, although they may be germane to developing a complete solution.

 

Aaron, I might be old, and decrepit, but I'm not stupid.

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

>not recognize my company's IP address

 

What do you mean by this?  What IP address are you referring to?


@PhilipDAth wrote:

>not recognize my company's IP address

 

What do you mean by this?  What IP address are you referring to?


@Kristin , to add onto this:

  1. You said that "my Meraki WILL connect to my att internet router". What happens on the front of the device? Does the LED light ever turn white or does it rainbow and then stay orange?
  2. What does your IT team see when you plug in your device? Are they able to see any traffic on the device?

I have many users in my organization that use Z3s connected straight to their router without any additional devices. I know a few have AT&T. I don't recall having to do anything special to get their devices connected. I will double-check with them when they clock in shortly.

 

Kudos for you for hopping on the forum and trying to troubleshoot the issue! I'm sure it is very frustrating, but I hope that we will be able to help you out and get this solved!

 

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

HI there!

 

Yep, my Z3 turns white right away and my IT guy can actually remote in on the device and see that it is connected but I am still getting the " no internet" pop up and then when I try to trouble shoot it, I get the end result of " Ethernet is not connecting to internet" BUT I did take the ethernet cord out of the Z3 and plug it directly into the back of my PC and I have internet access. I am at a loss and it seems my IT team is too:( 

Good morning,

 

I am assuming my Geisinger IP address. The meraki connects just fine to my internet, turns white within a minute but my CISCO phone will just keep saying " Registering" and then when I select "troubleshoot" the end result is "ethernet is not connecting to network":(


@Kristin wrote:

my CISCO phone will just keep saying " Registering" and then when I select "troubleshoot" the end result is "ethernet is not connecting to network":(


VoIP phones can have issues negotiating Double-NAT installations.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Nope, not the uverse.

So it seems like to me your phone may be looking for a specific tagged vLAN. If the phone doesn't see that vLAN then it will assume it does not have an IP address even if other devices may work. I would have your IT personnel check to make sure the PBX (phone server) does not have any settings like that. Additionally, it may be wise to have your IT team check to make sure there aren't any firewall rules that may be interfering.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

Thank you, I will get this information to my IT team:)

 

Based on what you are describing, it sounds like your Z3 connected to the cloud and your IT team can access it. The "no internet" and "registering" comment makes me think there is an issue from the LAN side of the Z3 back to your corporate head-end.

Does your PC receive an IP address? Can you access internal corporate websites?

Hi,

 

Nope, cannot access anything from the company side. The only thing that works properly is the Meraki connects to my internet, turns white right away, and my IT team can see from their end it is connected to my internet and they can see my PC. I just cannot use any applications.  I was told my company's engineering team and AT&T had a meeting yesterday to resolve the issue but I am still waiting to hear from them.

My engineering team reached out to ATT and they found that I need to purchase the NIGHTHAWK modem from att as it allows for dual broadband access where as my current ATT homebase router does not. So I am going to try that and hopefully it'll work!


@Kristin wrote:

My engineering team reached out to ATT and they found that I need to purchase the NIGHTHAWK modem from att as it allows for dual broadband access where as my current ATT homebase router does not. So I am going to try that and hopefully it'll work!


Something doesn't sound quite right here.

 

  • The Nighthawk modem is a LTE device (and a call sign from 'Ello 'Ello)
  • The Homebase is a wired modem with built in telephone jacks and an Ethernet port.

 

The above are from the spec sheets available online, so handle with care.

 

Given comments made previously, there is no certainty that the device in in question is a Z3 or a Z3C. Why suggest "changing the LTE profile" unless the gateway device has a LTE modem already?

 

Or has ATT erroneously assumed that the device in question is LTE capable, ergo a Z3C?

 

  • Can we get confirmation (from the internal IT team) of what the device actually is from the Z3 teleworker gateway Uplink screen in the controller?
  • Why is a LTE modem required?

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

you asked a very good question because after just speaking with ATT, they said the NIGHTHAWK is mainly for faster speeds using a hot spot. They mentioned that I try the updated version of my current modem (WHPI) which now supports dual band wifi whereas mine at home does not have that option. I am going to try this and see if it works. I also have a Z3 not a Z3c. I know that was asked before and I don't believe I answered that question.

 

Thanks

Did your IT team verify if the IPSec tunnel established? If they see the Meraki and can access it, they should be able to verify the tunnel status and also attempt to reach internal resources.

Seems like easy first steps before replacing gear.

I have the nighthawk router as well. If this worked for you please let me know what settings you used on the router 

Tressa
New here

Hi. I am having this exact same problem for my new job. Could you please let me know how or if you found a solution? I have the Meraki Z3C and I’m using ATT mobile router 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.