Cisco to Meraki Site2Site VPN with wireless issue

Jwiley78
Building a reputation

Cisco to Meraki Site2Site VPN with wireless issue

So, this may be more of a Cisco issue then Meraki.  I have two sites.  One is all Cisco with a wireless controller and a WLC.  The other side is Meraki but with 1 Cisco 2702 WAP that connect back to the WLC through a tunnel.  

 

WAP connects to controller fine and can be managed.

 

The problem is when users connect to the WAP DHCP is not being issued.  I'm sure it's something to do with the DHCP request not going through the tunnel.  Just can't wrap my head around what I'm missing.

 

Things I have tested.

 

I can ping WLC and DHCP server from the Meraki side and tunnel seems to be stable.

12 REPLIES 12
rwiesmann
A model citizen

Not quite sure if i get your problem right.

 

Does your client get an IP? and from the correct subnet? If's so it's not DHCP.

 

I assume that, because you also mention that you can ping the WLC...

 

Jwiley78
Building a reputation

I am not getting an IP.  169 is showing.

Do you have a local DHCP server running?

If not, you need to configure DHCP relay on the MX.

 

https://documentation.meraki.com/MX/DHCP/Configuring_DHCP_Relay

 

Jwiley78
Building a reputation

I was hoping they would DHCP the same as the other WAPs on the other side of the tunnel but now I'm not thinking that's going to work.  This may turn into a more complicated task then I thought due to some ACL rules and what different SSIDs are allowed to do.

Jwiley78
Building a reputation

If I try to create these VLANs on this side of the tunnel I get an error that they conflict with the IPs on the other side.  This is were my confusion is.  I want the wireless clients on the Meraki side to use the same DHCP server on the Cisco side.

PhilipDAth
Kind of a big deal
Kind of a big deal

If the SSID is bridging to a local VLAN (aka FlexConnect) then that VLAN needs to be configured to process DHCP (either with a DHCP server or by using a DHCP relay) just like any other VLAN.

Jwiley78
Building a reputation

Anytime I try to create the VLAN on the Meraki end it gives me errors that it conflicts with VLANs in the tunnels which it should because it does conflict.  

Jwiley78
Building a reputation

So, I got a response today after doing some packet captures.  He told me that no discoveries are coming from the clients.  Then he let me know that since it is a Cisco product that he can't be of much help.

 

Now, I have the VLAN for the SSIDs going both ways through the tunnel.  If I remove them from going towards the Meraki side then it would let me add the VLANs and then just not respond to DHCP.

 

Just not sure if this is what needs done and hard to test doing everything remotely.

 

thoughts?

Jwiley78
Building a reputation

Finally circling back to this issue.  I need to see if it's possible to get the wireless clients to use a DHCP server on the opposite end of the tunnel.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Whatever is acting as the default gateway needs to be configured to do DHCP relay and forward the requests to the remote end.

 

Each site needs to be using unique subnets.

Jwiley78
Building a reputation

I tried to create the VLAN on the MX and do DHCP relay but it won't support DHCP through a non-Meraki tunnel.  Beginning to think this setup is not possible and that I may have to force the client to get an ASA.

Jwiley78
Building a reputation

Okay, finally got on a call with Cisco and Meraki support today on this issue.  Since one side is Cisco and the other side is Meraki.  DHCP relay is not supported by Meraki with a non-Meraki tunnel

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels