2 SSIDS, 2 Gateways

SOLVED
deesloop
Here to help

2 SSIDS, 2 Gateways

Further to this post

 

https://community.meraki.com/t5/Wireless-LAN/DHCP-Issue-on-2-SSID-wireless-network-with-2-different-...

 

So on the switch I set the follwoing

Port 1 to native VLAN 1 and only allows VLAN 1 - it's connected to my ADSL router.

Port 2 to native VLAN 30 and only allows VLAN30 - It's connected to the Meraki firewall which is also connected to core LAN switches

Ports 3 - 5 Native VLAN 1 but allow VLANS 1 & 30, they are also POE for AP.

 

My APs are configured with 2 SSIDS. Internal & Guest

Internal VLAN is set to VLAN 30

Guest VLAN set to VLAN 1

 

I can connect fine to internal SSID and access resources needed.

However I don't get a DHCP lease when joining the Guest SSID/

 

Anyone want to point me somewhere to start troubleshooting.

Am I doing anything wrong, anything right?

 

Thanks in advance

 

 

1 ACCEPTED SOLUTION
nvrdone
Here to help

Change native VLAN of ports 3-5.  You can't pass VLAN tagged traffic over a port with the same native vlan.  Or change your ssid to NAT mode and let the AP handle DHCP for clients.

View solution in original post

9 REPLIES 9
ww
Kind of a big deal
Kind of a big deal

best is to make a drawing...

from my understanding you want to get dhcp for vlan 1 from the DSL router?  make a capture on the port connected to AP and dsl router.  look if you see bootp message from client and dhcp server. your client should send discover. your dsl router should send offer.

 

guest ssid is configured for "bridge mode" and "dont use vlan tagging"?

 

if you dsl router is not trunking you could just set the switchport to access with vlan 1

Your assumption is correct.

Guest SSID is set to Bridge mode but yes it DOES have vlan tagging - VLAN 1

network.png

ww
Kind of a big deal
Kind of a big deal

did you also try "dont use vlan tagging" on the guest ssid.

 

maybe its better to just set  your guest vlan to another number then 1. then you can use that vlan tag on the guest ssid. and set Access port with that vlan to the DSL router.

@ww- no I'm afraid that didn't work

Changing VLAN ID didn't work either.

 

However using the inbuilt meraki NAT worked.

Wasn't really what I was wanting to do, and doesn't explain what was wrong with my ideas.

Would really like to learn more, so if someone can advise where to start...

Did you create a DHCP scope for your "management VLAN"?  We have a similar setup, we have a guest VLAN 25, and an internal VLAN of 20.  We created a management VLAN and that VLAN's sole purpose is to hand out DHCP addresses to meraki gear.  So we set all trunk ports to native vlan 175.  In this scenario we would allow vlan 20 and 25 across that port.

 

I can't think of a reason why you would want the ISP to handle DHCP for your devices since you have a MX inline anyways.  There could be a valid reason, but I'm a big believer in simpler is better.

I must be missing something

 

The MX is on a leased line and connected to internal switching. Corporate traffic lives here and the 2 DHCP servers for the LAN.

 

The cheap broadband line is hooked to a cheap router and that's for guests. It handles it's own DHCP

I was wanting to use that for guests rather than the Meraki DHCP, but couldn't get it to work. The Meraki DHCP does work,

 

I dont see that the ISP is handling DHCP for anyone?

Maybe my drawing makes no sense?

 

 

Nope you're good, I was miss reading your diagram. 

 

So with your original setup, your AP's are going to pull an address from your ADSL router because you have ports 3-5 set as native vlan 1.  You are also trying to pass VLAN 1 to your clients for DHCP.  We know this doesn't work because you can't pass tagged traffic of the same vlan as your native, the port will drop the tags.  If you change the native vlan on ports 3-5 to say vlan 5, you would be able to pass vlan 1 traffic over that interface and route the way you would like.  You would need to make sure that you have a DHCP scope tagged to vlan 5 though as the meraki APs still need to pull an internal IP from somewhere.  This is where I was going with the "management" VLAN.

 

TL;DR

The AP's need an IP that is not pulled from the VLAN you are tagging your clients as.

nvrdone
Here to help

Change native VLAN of ports 3-5.  You can't pass VLAN tagged traffic over a port with the same native vlan.  Or change your ssid to NAT mode and let the AP handle DHCP for clients.

kYutobi
Kind of a big deal

@nvrdone makes a point. For simplicity just use NAT mode.

Enthusiast
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels