Meraki Community

Sounds similar to what they told me.  They made a change on one firewall in question, but the problem persists.  

I believe the issue is; any change in udp port for the NS will break it.  Ie:  I boot up a NS and it randomly decides to use udp 55000.  If it hits a NAT device, and 55000 is available - no problem - NAT type B everything is happy.  But what if 55000 is already used?  NAT device will pick something else, 55001 or whatever - now it's NAT type D and breaks.  (I have not done extensive testing on this - but I think it's what's happening)

There are two potential sources of the problem then; both break the 1:1 UDP port mapping NS's must have for some dumb reason:

 - Port Randomization on NAT device.

      - Disable Randomization

 - NS wants to use a port already in use.

    - Reboot NS until it grabs a UDP port not in use.

The problem with "in use" ports, the more devices/students - the more ports will likely be in use and higher probably your NS will get NAT-D.   Especially if using google QUIC or other apps using UDP vs TCP. The MX's don't support NAT pools (WHY?!?!_ , so you can't say...map the NS's to a different public IP address basically reserved for them.  (Less devices on an IP means more likely NAT will work correctly.)

I'm testing another solution now, but the only 100% solution I know of is 1:1 NAT for NS's: each NS gets its own unique public IP address.  Many schools I work with don't have large IP pools, sometimes just a single IP, so this can be problematic to say the least.

Will keep this list updated with my testing, but in general, try to limit the number of devices using the same public IP as the NS's.  And definitely disable port randomization - whatever Meraki calls it.

PS: You have a case number I can reference?  Want to ensure the same changes that worked for you were applied to my customer.  When I stated the issues persisted after the change, of 5 NS's, only 2 got NAT B - other 3 got NAT D.  As mentioned, I believe if the UDP ports are already in use, one would have to reboot NS over and over until it works....  How many NS's you have?

See my response to @RowellDomingo .

Adding a network switch does nothing - it's all about the NAT.  If adding that network switch helps you build another network and your NS's can then get a dedicated public IP address - sure - that will work.  Not the best option for sure...

if you have the public IP space, 1:1 NAT is your best bet.  If you don't...  Maybe the quickest/easiest option is a 5G WiFi HotSpot dedicated to eSports?  Not great either - as latency will be a bit higher, but it will at least work, and those are like $50/month - maybe less depending where you are.  OR - if someones phone has a good 5G hotspot and data plan, that may also be a temporary option.

I'll know a bit later if some of my other ideas may work - stay tuned.

After opening an additional case, and essentially asking for a second opinion, another support tech told me that they would be able to help. Unfortunately, I can't tell you exactly what they did, because when I asked them what they did to remedy the situation (so I could learn!), they just told me that it was a proprietary solution and they couldn't disclose the process. Maybe it was a special Meraki script that was run, I don't know, but within 15 minutes of making the call the Nintendo was showing NAT type B and we were able to connect.

What I'm really curious about is, why it took me almost two weeks to get to a 15 minute solution, especially when it wasn't something that I could fix??

I am just grateful it's working now!

Glad it's working!

"Proprietary"....   🙂   Like the KFC recipe?  Hopefully they will publish a KB / tech-note / whatever on it soon.