VLAN is not being assigned properly with Group Policy

SOLVED
DanDaManGAMEZ
Conversationalist

VLAN is not being assigned properly with Group Policy

Hello,

 

I am trying to get a set of devices to go to a specific VLAN. For some reason, even though I believe I am doing it correctly, it doesn't seem to "take affect" even after a reboot of the Meraki and the device I'm trying to assign a specific VLAN.

 

DanDaManGAMEZ_0-1669910243225.png

 

As you can see above, I have the policy set to "Phone VLAN", and the VLAN is also apart of the same group (below) On the right you will see the device is using "VLAN 10 - Default" not "VLAN 9 - voice", even though it should be through the group policy. The device in question is apart of the "Phone VLAN" group. Everything should be pointing towards overriding the VLAN its assigned to the group policy its on, but its not.

 

DanDaManGAMEZ_1-1669910573784.png

 



Possibly Unrelated: I also attempted to set the device to specific IP (static) to force the correct DHCP format (preferably would come from VLAN but I was just trying stuff) and I couldn't even get the device to grab the new static IP. Its like the changes I'm making in the Meraki are just being ignored by the devices, even after reboot of both the Meraki and the device I'm configuring.

 

Thank you for any advice you can give.

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

You don't need a group policy for this (in fact, they won't work for this).  Instead, configure the Meraki MS phone VLAN option.

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Configuring_the_MS_Access_Switch_for... 

View solution in original post

8 REPLIES 8
alemabrahao
Kind of a big deal
Kind of a big deal

Hi,

 

Are you trying to assign dynamic VLAN via group policies? Could you please give us more information?

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I'm honestly a bit in over my head with this stuff. But I will try.

 

How this network needs to be setup, is all the phones need a IP format as "192.168.100.X" because that is what the onsite PBX system uses. Every other devices (printers + stations) need to be on the default custom DHCP "77.77.77.X". The people who set this up was using VLANs to accomplish it, but I don't think they did it right. 

My ultimate goal: Set all phones to the needed IP fomat, and everything else will fall under the default DHCP. Right now, I am attempting to use a group policy to achieve this goal by setting the VLAN to be apart of the Group policy then setting the devices to the same Group policy to try to "force" the VLAN into giving out the correct IP format.

I'm sorry if this doesn't answer your question. I'm pretty new to intermediate/advanced networking stuff like this.

The group policy is not for this purpose, so I think that you will not achieve it with group policy.

 

 

When a group policy is applied to a VLAN, that policy becomes the new "network default" for any other group policies applied to clients in that VLAN. Since this policy is the new "network default," the client devices will still show a "normal" policy applied under Network-wide > Monitor > Clients.

For example, a group policy named "Guest Network" with more restrictive layer 3 firewall rules than the network-wide configuration is applied to the guest VLAN, and a second group policy "Low Bandwidth" has a custom bandwidth limit, but is set to Use network firewall & shaping rules. If the Low Bandwidth group policy is applied to a client on the guest VLAN, the client will use the layer 3 firewall rules configured on the Guest Network group policy, not the network-wide layer 3 firewall rules configured on the Security & SD-WAN > Configure > Firewall page.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

DanDaManGAMEZ_0-1669912128286.png

I tried to follow that best I could, but I got a little confused. I only have 1 group policy, and on Network-wide > Monitor < Clients, the "test" device I am trying this on doesnt use "normal" it says "Phone VLAN" as intended.... But lets back up.

Let's completely forget about group policies for now, as you said it wasn't intended for this.

If you needed 1 set of devices to be a specific DHCP format, and another set of devices to be another, how would you approach this? What is the CORRECT way to approach this problem?

 

Thanks

Who are your DHCP server and gateway? You need to use VLANs. I need more information about your network. A topology will help a lot to understand.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

DanDaManGAMEZ_0-1669912878666.pngDanDaManGAMEZ_1-1669912930526.png

Above is the only information on my Teleworker Gateway > Configure > DHCP page.


And this is the only information I could find for "gateway" which is on my Teleworker Gateway > Monitor > Appliance Status > Uplink page.

DanDaManGAMEZ_2-1669913094125.png

 

If this isn't enough information to help me, we can end it here. I will just keep trying on my own until something happens.

 

Thanks

 

sure, the port your IP phone is connected to is configured for the correct VLAN (9)? Is it connected to the Teleworker Gateway or a switch? If it's connected to a switch, is the switch manageable?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

You don't need a group policy for this (in fact, they won't work for this).  Instead, configure the Meraki MS phone VLAN option.

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Configuring_the_MS_Access_Switch_for... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels