Meraki AP on VLAN

SOLVED
barth
Comes here often

Meraki AP on VLAN

Last time my network only 1 segment with IP 192.168.0.0/24. and my Meraki AP works fine.

I have 2 SSID : bridge mode & NAT (DHCP Meraki)

 

Then we implement VLAN in our network, now Meraki AP port in switch already change to VLAN Client segment with different IP (10.10....)

Now the problem is my meraki AP status is offline, i change the Meraki AP static IP address to VLAN CLient segment, but still can not ping (offline)

 

Somebody help me ?

1 ACCEPTED SOLUTION
BrechtSchamp
Kind of a big deal


@barth wrote:

With this config, The SSID internal will share IP VLAN Client (11) 192.168.15.0 /24 to user ?


Yes, with that config the packets coming in from the wireless clients will be tagged with VLAN 11 on the trunk, and inversely, the packets coming into the AP via the trunk on VLAN 11 will be sent out to the wireless clients untagged.

 

I think the problem is that you're actually using the native/untagged VLAN. In my setup you'll see that I don't actually use the native VLAN for anything. Try setting VLAN 11 to tagged as well, and use another random untagged VLAN that you're not actually using.

 

Also it might also be interesting to know that in NAT-mode, the packets will be tagged with the AP's native VLAN.

View solution in original post

14 REPLIES 14
Karl
Here to help

What VLAN are you running in the switch as native? Does that match on the accessport?


@barth wrote:

Last time my network only 1 segment with IP 192.168.0.0/24. and my Meraki AP works fine.

I have 2 SSID : bridge mode & NAT (DHCP Meraki)

 

Then we implement VLAN in our network, now Meraki AP port in switch already change to VLAN Client segment with different IP (10.10....)

Now the problem is my meraki AP status is offline, i change the Meraki AP static IP address to VLAN CLient segment, but still can not ping (offline)

 

Somebody help me ?


 

barth
Comes here often

Yes, Native VLAN Client

 

"match on the accessport" what thats means ?  

 

I can not reboot, "unreacable device "

I can not ping

 

any something configuration   ?

 

If the switch is PoE version you can turn off the PoE from port and then turn it on again to reboot the AP

barth
Comes here often

Dear @mtainio 

i know and i already try, but still can not ping the static IP, (offline)


What should i do? reset then setup again ?

 

 

Another question :

Is the all configuration (ssid, policy, etc) is save in cloud ? so when i reset the AP, the configuration will apply automatically again ? 

Hi @barth 

 

All the configuration is saved in Meraki cloud so reseting single AP doesn't affect the SSID's etc.

 

Is your AP configured to use IP from same VLAN that is configured as native VLAN on the switch port the AP is connected? And are all the VLANs in use allowed in the switch port configuration?

Another way is not to use native VLAN and configure the VLAN in APs IP configuration.

 

 

barth
Comes here often

i put AP in same vlan (vlan Client) with my pc. So the ip was change to 10.10.10.0/24
My pc can ping to another pc but the AP still can not ping (even when i change the IP to static follow vlan client segment 10.10.10.0/24) but still can not...

But..

Why the ssid internal (bridge mode) is working. So the AP can share the vlan client segment to user.

SSid with NAT Mode (dhcp meraki) is not show.

I can not unplug or chage to default vlan 192.168.0.0/24.
It will share the old ip segmet to user...

I dont understand ur suggention, can yoy more detail ?

be default, the maraki AP (MRxx) transfers its management traffic over native VLAN (or access port).

 

if you want your SSID(s) in a different network segment:

1) use Meraki NAT: nothing else is required on the switch (access mode/port is enough)

2) use bridge mode:

2a) configure additional VLAN(s) on your meraki AP switch port (trunk mode).

2b) make sure you have a DHCP server within the additional VLAN(s)

2c) setup the additional VLAN(s) in the 'access control' setting, section VLAN tagging / VLAN id

How is everything setup? Do you have a network drawing? This is how I've set it up for example:

Drawing1.png

 

Note that for the switch I set the VLAN both in Switch Settings > Management VLAN and in the IP settings of the individual switch.

Hi, here the simple topology of my new network

 

Capture.JPG

 

Any miss config ?

Hi @barth 

 

Are you using HP Procurve for switches as shown in the drawing?

Have you introduced the new VLAN to the switches and added it to all the necessary ports as untagged?

 

-Mikko

barth
Comes here often

@mtainio 

 

Yes, HP Procurve switch 24 port

 

 

VLAN 11
name "CLIENT"
untagged 2-24
tagged 1
exit

OTHER SOLUTION

 

Capture2.JPG

 

With this config, The SSID internal will share IP VLAN Client (11) 192.168.15.0 /24 to user ?

BrechtSchamp
Kind of a big deal


@barth wrote:

With this config, The SSID internal will share IP VLAN Client (11) 192.168.15.0 /24 to user ?


Yes, with that config the packets coming in from the wireless clients will be tagged with VLAN 11 on the trunk, and inversely, the packets coming into the AP via the trunk on VLAN 11 will be sent out to the wireless clients untagged.

 

I think the problem is that you're actually using the native/untagged VLAN. In my setup you'll see that I don't actually use the native VLAN for anything. Try setting VLAN 11 to tagged as well, and use another random untagged VLAN that you're not actually using.

 

Also it might also be interesting to know that in NAT-mode, the packets will be tagged with the AP's native VLAN.

Its works now, i do line my  other solution

Thank you for response my thread.

 

Bye 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.