Digital tag AP issue

Coast-Tech
New here

Digital tag AP issue

Hi everyone.

 

This is a strange issue that I cannot resolve. 

 

We have several retail stores moving to a digital price tag system which uses an AP from a 3rd party and proprietary tech. Internally, we set up them up on their own VLAN and to be a trunk so laptops can access this 3rd party AP config purposes if ever needed. There is a group policy applied that has ZERO rules in it. The device itself can pull DHCP/DNS and I can see it talking to cloud specific servers for this 3rd party company.

 

However, the device does not work as expected.

 

Issues

  • no replies from device using ping
  • cannot access port 80 or 8080 as we should be able to
  • Both the 3rd party techs and Meraki engineers have looked at this and cannot correct the issue but it does seem to point the 3rd party AP

Gotchas

  1. That would be fine to say it's the 3rd party but the same behaviour occurs in at least 1 other location. 
  2. I brought one of these 3rd party devices home and it works in my vanilla, nothing special home network.

Suggestions?

Does anyone have any ideas about what I could try next

 

5 REPLIES 5
RaphaelL
Kind of a big deal
Kind of a big deal

We might need a little bit more info on the current setup.

 

I understand that you have a MX and 3rd party APs ?

Are the APs directly into the MX ? A switch in between ?

No firewall rules on the MX ? ( if the clients are not on the same vlan , check L3 Firewall rules )

 

Are the clients in the same vlan as the Digital Tag that are connected to the SSID ?

 

You are probably missing the only piece of the puzzle and it resides on the 3rd party APs. Might have some firewall rules , denying icmp or else.

Let me provide some clarity

 

The AP is directly connected to the MX65W on port 8 - it was connected to port 20 on one of the MS225-24 stacked switches. As we only group policy at the VLAN layer, there is nothing from the L3 layer blocking any protocols on that device.

 

I agree the 3rd party seems to have some issue they are not mentioning... Except for the fact that the same device works as expected on my home network which does not use Meraki.

Ryan_Miles
Meraki Employee
Meraki Employee

This 3rd party AP is connected to what? A MX LAN port, a switchport? Is the VLAN for the AP provisioned on the MX?

 

You mentioned a GP with zero rules. Why is there a GP applied if it has no rules?

 

Are you trying to access this AP locally or over S2S VPN?

 

More details on the topology & config or a diagram would be really helpful here. 

Hi Ryan.

 

We access it through S2S VPN and locally but neither allows the web traffic.

The reason to apply the GP is that we no it is a known blank. I have seen remnants left over in other firewalls so I believed a GP with a fresh start would ensure no ghost rules would apply. May not be a necessary step but it really doesn't much to remove it...

 

The 3rd party AP is directly connected to the MX65W on port 8 - it was connected to port 20 on one of the MS225-24 stacked switches. As we only use group policy at the VLAN layer, there is nothing from the L3 layer blocking any protocols on that device.

Coast-Tech
New here

What I see on the 3rd party AP is multiple interfaces and one of them may be conflicting with some rules in a GP:

 

10.10.X.X

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels