Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Guess SSID can't communicate with exchange or owa. Think it subnet overlap issue

Solved
mogulsurf
Conversationalist
‎Feb 7 2019 8:59 AM
‎Feb 7 2019 8:59 AM

Guess SSID can't communicate with exchange or owa. Think it subnet overlap issue

Hi i setup a simple guest network for internet acccess only

its getting an ip from the meraki dhcp or 10.x.x.x. /8

 

however when i connect to this network. I can't get to my exchange or owa (myoutlook.mycompany.com) 

its an onprem exchange server. with lan ip of 10.103.145.90

 

the public facing ip 62.132.250.x

 

currently for the Guest Ssid i have a firewall rule that deny === any ===== local lan=====any

 

I think the meraki is seeing  the 10.x.x.x as on the local lan and blocking it..

 

why wouldn't it just see the public ip and route it thru

 

is there a way to make this work  other than allowing the guest network access to my internal lan?

 

can i put a specific meraki firewall rule allowing the internal ip of exchange server.?

 

will the deny any overide that rule?

 

thanks

0 Kudos
Subscribe
1 Accepted Solution
NolanHerring
Kind of a big deal
‎Feb 7 2019 9:01 AM
‎Feb 7 2019 9:01 AM

What DNS servers are your access points pulling? If they are using internal DNS, then you will need to edit the access control page and change the 'content filtering' option to CUSTOM DNS and put google in there. 8.8.8.8/8.8.4.4
Nolan Herring | nolanwifi.com
TwitterLinkedIn

View solution in original post

Subscribe
4 Replies 4
NolanHerring
Kind of a big deal
‎Feb 7 2019 9:01 AM
‎Feb 7 2019 9:01 AM

What DNS servers are your access points pulling? If they are using internal DNS, then you will need to edit the access control page and change the 'content filtering' option to CUSTOM DNS and put google in there. 8.8.8.8/8.8.4.4
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Subscribe
In response to NolanHerring
mogulsurf
Conversationalist
‎Feb 7 2019 10:43 AM
‎Feb 7 2019 10:43 AM

If i connect to the Guest SSID and ipconfig /all

 

it looks like its the dns server points to  10.128.128.128 

 

The ap has 2 SSID

 

1. internal (bridge mode)

2. guest   (nat mode)

 

only the internal SSID is pointing to an internal Dns server

 

 

 

 

0 Kudos
Subscribe
In response to mogulsurf
NolanHerring
Kind of a big deal
‎Feb 7 2019 12:07 PM
‎Feb 7 2019 12:07 PM

@mogulsurf wrote:

If i connect to the Guest SSID and ipconfig /all

 

it looks like its the dns server points to  10.128.128.128 

 

The ap has 2 SSID

 

1. internal (bridge mode)

2. guest   (nat mode)

 

only the internal SSID is pointing to an internal Dns server

 

 

 

 

Yup. So the AP will act as the gateway/DNS/DHCP etc. from the clients perspective. But in reality, he is acting as a proxy. So whatever DNS the actual AP gets assigned (say from your windows domain server for example) is what it will use to do DNS resolutions.

 

For this reason, I tend to make it a habit that my access points always get assigned public DNS. They need it to reach the internet, and also for guest SSID like you just experienced. Plus I like to think that it adds an extra layer of security, as I don't want any internal DNS servers to accidentally get exposed for some unknown reason.

 

The easy way to overcome it is to use custom DNS as I mentioned previously. Downside to this is you kind of lose that 'free feature' of blocking adult content option, but oh well.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
Subscribe
In response to NolanHerring
mogulsurf
Conversationalist
‎Feb 7 2019 11:26 AM
‎Feb 7 2019 11:26 AM

changing the DNS worked...thanks

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.