I have a working 7 AP (MR34) deployment in our HQ. We drop corporate traffic onto a VLAN on the internal network. We tunnel guest wi-fi to our MX100 which is DHCP server for Guest SSID. All is well in HQ.
I'd like to begin deploying APs in our branch locations. I was told I could deploy additional MR34/MR33 APs in our branches, drop corporate traffic on the internal network, AND tunnel guest wi-fi back to our MX100 in HQ for DHCP and internet access. I can't seem to get this to work. Internal corporate traffic works fine. Guest wi-fi is not working. I am using a template to deploy both SSIDs. Guest SSID is set for VPN to "Tunnel to "my appliance" on VLAN xxx" Branch locations are connected via 20Mb MPLS/ELAN services, layer 3, any to any connectivity.
Has anyone successfully deployed guest wi-fi in this manner? Tunneling back to an MX at another location?
This is absolutely something you should be able to easily do, and is a very common deployment technique.
If you press the test connectivity button when you select the VPN options on the Wireless > Access Control page does the test come back okay? -- I'm wondering if the remote AP is having a hard time building the tunnel back to your MX.
The test fails "1 access point failed to connect to the concentrator" SSID is set for VPN: tunnel data to a concentrator. I only have the one MX appliance that is selected as the concentrator. VLAN tagging is set to Concentrate traffic on VLAN XXX - Guest_WiFi. VPN tunnel type is Full Tunnel. All of these settings were suggested by Meraki support.
I have verified that the MX has a route to the network the branch AP lives on. The "Meraki Magic" that happens in the cloud management is supposed to build the tunnel from the remote AP to the MX in my HQ, correct? I've got to be missing something....
Thanks. I've used the Live Tools to verify that the MX can ping the AP LAN IP of 10.xx.15.9, and the AP can ping the MX management IP of 10.XXX.255.223. 3ms average response time, no packet loss. It appears they have connectivity across my WAN. There are no firewalls between the AP and the MX.
This one has me stumped. I'm very appreciative of the suggestions. Got any more?
Today we have the same issue (?) with several sites; two already existing on the internal MX and two moved from a provider MX to the internal MX. The APs are connected to the internal MX but the 'tunnel' test fails. Yet, we have many other site's APs working fine on the internal MX.
A symptom is the Guest SSID is not broadcast.
If we move an AP back to the providers MX the Guest Wifi re-appears and clients get connected.