Meraki

Community

Devices moving policies Dynamically

Solved
AkilahIS
Conversationalist
‎Jul 30 2019 7:26 AM
‎Jul 30 2019 7:26 AM

Devices moving policies Dynamically

Hi Everyone,

 

We have about 1000 PC (windows) client devices, all set to be in Policy 'Student". We have had numerous issues with students coming to us to say they cannot connect or the internet is *very* slow. When we dig into it they have moved policy to 'normal' which is restricted to 20Kbps. Somehow they have been reassigned but not by a member of the IS staff. something is not right or the MX250 has been hacked...

 

Can anyone throw any light on this?

 

THanks

0 Kudos
1 Accepted Solution
In response to AkilahIS
samgbuyi
Getting noticed
‎Jul 30 2019 7:52 AM
‎Jul 30 2019 7:52 AM

reapply the policy and check to be sure no other device is doing DHCP from an unknown Vlan

View solution in original post

0 Kudos
7 Replies 7
AjitKumar
Head in the Cloud
‎Jul 30 2019 7:36 AM
‎Jul 30 2019 7:36 AM

Hi @AkilahIS 

Two things.

One check the Organization - Change Log. To verify if the settings are modified.

 

Two by any chance the devices are assigned with another VLAN and your Global Policy is applied.

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
0 Kudos
In response to AjitKumar
AkilahIS
Conversationalist
‎Jul 30 2019 7:43 AM
‎Jul 30 2019 7:43 AM

HI Ajit,

 

I will check the logs for sure...thanks for reminding I had not done that.

 

We do not have any VLANS configured right now its a flat layer 3 network.

 

THanks!

 

/M

0 Kudos
In response to AkilahIS
samgbuyi
Getting noticed
‎Jul 30 2019 7:52 AM
‎Jul 30 2019 7:52 AM

reapply the policy and check to be sure no other device is doing DHCP from an unknown Vlan

0 Kudos
In response to AkilahIS
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 30 2019 4:24 PM
‎Jul 30 2019 4:24 PM

>We do not have any VLANS configured right now its a flat layer 3 network.

 

Group policy assignments only work for layer 2 adjacent clients to the MX.

 

If you have an MX, and then a layer 3 switch, and then clients hanging off VLANs off the layer 3 switch then they wont work.

The clients will appear to have the MAC address of the layer 3 switch - and the group policy will actually apply to that.  This will make it look like the policy is working - but it is not actually applied to the correct place.

In response to PhilipDAth
AkilahIS
Conversationalist
‎Jul 31 2019 12:57 AM
‎Jul 31 2019 12:57 AM

HI Phillip,

 

This is useful info, thank you. Actually, there was a typo...its a flat layer 2 with no Vlans.

 

We are planning now to start subnetting with multiple VLANS and IP addressing accordingly so your reply was very timely.

 

I spoke with Meraki support also and it seems we also have an overloading problem so upgrading to MR45 from MR33....

 

Thanks everyone for the help, very much appreciated.

0 Kudos
In response to AkilahIS
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 31 2019 6:08 PM
‎Jul 31 2019 6:08 PM

>I spoke with Meraki support also and it seems we also have an overloading problem so upgrading to MR45 from MR33....

 

Althought the MR45 is a great choice (and my preferred AP to sell new clients) if you are experiencing client overloading then the solution is more access points rather than replacing existing APs with better APs.

0 Kudos
In response to PhilipDAth
AkilahIS
Conversationalist
‎Aug 1 2019 12:44 AM
‎Aug 1 2019 12:44 AM

We have also ordered more APs..... 🙂

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.