Can't join domain over WiFi

SOLVED
Phil_SCDS
Getting noticed

Can't join domain over WiFi

Hi All,

 

I have a network setup where there are 2 VLANs. The servers are on 118 and the clients are on 128. The server ports on the MS120 are set to trunk mode and all the other ports are access on 128. Clients connected directly into the switch work fine. I have a single MR20 that is broadcasting an SSID in bridge mode. I can connect to the WiFi network fine and I am even getting an IP address from the server on VLAN 118 (so DHCP is working). However if I try to ping the server address or the domain name I get:

 

REPLY FROM 10.128.128.128: destination net  unreachable.

 

Any ideas as to how I make the wireless clients communicate with the network properly?

 

The router on this network is an MX84 which relays DHCP requests to the server on VLAN 118.

1 ACCEPTED SOLUTION
SoCalRacer
Kind of a big deal

Check the wireless firewall rules. Do you have any rules in there?

View solution in original post

8 REPLIES 8
SoCalRacer
Kind of a big deal

Check the wireless firewall rules. Do you have any rules in there?

SoCalRacer,

 

Thank you that was it, there was a random layer 3 wireless firewall rule blocking access to the local LAN. Must be a default policy because I hadn't set it.

 

Thanks again,

 

Phil

rhbirkelund
Kind of a big deal

Are you using a local DHCP server or Meraki DHCP on the SSID?

 

Is the AP connected to a switchport in trunk mode, or access mode?

 

Is VLAN tagging enabled?

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

Hi rbnielsen,

 

DHCP is running on a windows server, the WiFi clients get an IP address from this server fine. I have tried changing the port the AP is connected to in access of trunk mode. I have tried turning VLAN tagging on but I wasn't too sure which VLAN(s) to add to it - should it be the client VLAN, the server VLAN or both?

 

Many thanks,

 

Phil


@Phil_SCDS wrote:

Hi rbnielsen,

 

DHCP is running on a windows server, the WiFi clients get an IP address from this server fine. I have tried changing the port the AP is connected to in access of trunk mode. I have tried turning VLAN tagging on but I wasn't too sure which VLAN(s) to add to it - should it be the client VLAN, the server VLAN or both?

 

Many thanks,

 

Phil


If you're getting errors from 10.128.128.128, you are still using Meraki DHCP. 

 

You sure it's in Bridge Mode? Did you check the correct SSID?

ssid access.PNG

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
PhilipDAth
Kind of a big deal
Kind of a big deal

You are not using bridge mode, because you are getting a response from 10.128.128.128, which is only used in Meraki NAT mode.

Go back and re-check the settings and change the SSID to bridge mode.

Hi Philip,

 

It is definitely in bridge mode (see below).
bridge mode.PNG

Are you sure the clients are being dropped into the correct VLAN?

 

Have you got some MR firewall rules enabled, such as disable local LAN access?

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels