Meraki

Community

Access manager & DHCP

BjornAx
Here to help
‎Jul 24 2025 4:59 AM
‎Jul 24 2025 4:59 AM

Access manager & DHCP

Hello community!

 

Not sure this is the correct category but i hope it is.

 

I am using the early-access function access manager together with Entra ID to setup WiFi authorization at my company. Just a test for now to see if it works and are not a hassle for the end users.

 

I have got everything setup. It works in the sense that i can use my Entra ID credentials to access the SSID i have setup for this test and i get connected. But now the problem. When i get connected i do not get an IP from Meraki.

 

I can see that my access rules are added to my connection and that the VLAN ID is also added but Meraki doesn't seem to want to use that ID when requesting a IP for me.

 

In the event logs i see that it tries to request an IP from VLAN 1 and of course i do not give out any IP's on that VLAN and therefore it fails.

 

Is there some step that i have missed or why does it not want to use my access rule VLAN to request an IP?

Labels:
7 Replies 7
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jul 24 2025 5:53 AM
‎Jul 24 2025 5:53 AM

Before testing your access rules have you checked the basics?

On the switchport where the AP is located you should have the management vlan of the AP's untagged and all possible user VLANs you wish to use on the WiFi tagged on that port.

Make sure the tagging is correct on the switchport and then you can check with a packet capture if the dhcp request is coming through with the correct dot1Q tag.

If you meant wired authentication then I tripped up on your Wifi authorization mention in your question 😉

0 Kudos
In response to GIdenJoe
BjornAx
Here to help
‎Jul 24 2025 6:22 AM
‎Jul 24 2025 6:22 AM

You are correct that it's a WiFi setup currently. 🙂

 

I did a packet capture and the dot1Q tag when i connect to that specific network sends the ID=1.

 

When i connect to our normal network that we already have on the same AP the dot1Q ID is the correct one.

 

The only difference between those 2 networks is that the current one is using a on prem RADIUS server that when authenticated against sends the correct VLAN ID.

 

But for some reason access manager will not send the correct ID. 😞

0 Kudos
In response to BjornAx
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jul 24 2025 6:26 AM
‎Jul 24 2025 6:26 AM

Could be a bug that needs reporting.

However could you also try creating a Meraki group policy where you set the VLAN ID as a test and reference that in your access rule instead of the VLAN definition.  This may provide a temporary workaround.

In response to GIdenJoe
BjornAx
Here to help
‎Jul 24 2025 6:31 AM
‎Jul 24 2025 6:31 AM

Seems like a bug.

 

Created a group policy and tagged the VLAN ID in there. Added that to my access rule and tried to connect.

Got an IP directly.

 

How do you best report a bug to Meraki? 🙂

0 Kudos
In response to BjornAx
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Jul 24 2025 6:49 AM
‎Jul 24 2025 6:49 AM

Open a Support case via dashboard. https://documentation.meraki.com/General_Administration/Support/Ways_to_Contact_Meraki_Support#Submi...

 

Or call if you prefer that https://documentation.meraki.com/General_Administration/Support/Ways_to_Contact_Meraki_Support#Conta...

 

They can either tie issue to an existing bug (if there is one) or through the case process if confirmed to be a new bug they would create it.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 24 2025 12:19 PM
‎Jul 24 2025 12:19 PM

> It works in the sense that i can use my Entra ID credentials to access the SSI

 

Also note that username/password authentication will stop working once Microsoft migrates your Authentication Policies.  You can see if they are migrated or not under "Authentication Policies".  Once that is complete, you must use certificate-based authentication.

 

PhilipDAth_0-1753384709870.png

 

In response to PhilipDAth
BjornAx
Here to help
‎Jul 24 2025 11:30 PM
‎Jul 24 2025 11:30 PM

Aww crap. Thanks for the info.

 

Then it's just a waste of time doing this then. 🙂

 

Switch focus to certificate-based is a better direction. So i don't spend time on the username/password solution and then it stopps working.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.