Per SSID VLAN Tagging Problem on MR33s. Can I have a VLAN ID that is only present at another site.

SOLVED
Vince_Heether
Conversationalist

Per SSID VLAN Tagging Problem on MR33s. Can I have a VLAN ID that is only present at another site.

I am converting our school district to Meraki from Cisco Controller based. I set up one school fine using this doc.

 

https://documentation.meraki.com/MR/Monitoring_and_Reporting/Using_tags_to_manage_MR_Access_Points

 

On my Staff SSID, I want to tag with a VLAN ID of 76 when in one building. When in a different building, I want that Staff SSID to be tagged with VLAN 4. So my SSID config had VLAN tagging with set up to follow the AP Tags. If the AP has a tag of HS, use VLAN4, if it has LES, use VLAN 76. These VLAN IDs only exist in their respective building. Running 24.8 BTW. No Meraki Firewall.

 

My Dell 3340 laptops that my Staff has would associate with the SSID, (Other Dells did not have this problem) get an address from my DHCP server. Work for 5 minutes. Then the (No Internet Access) yellow exclamation point would pop up on the Wireless icon. The Meraki would log a  WPA Deauthentication. (WPA PSK). I no longer can ping my gateway. I did driver update on the Dell 3340s. No help. Opened ticket with Meraki, they told me to upgrade to the Beta release 25.

 

I thought back to the only thing I had changed recently, which was adding the second VLAN (4) to the SSID. I deleted it. All my problems went away! I think my packets must have started getting tagged with a wrong VLAN after getting the initial DHCP address on the right VLAN. A VLAN ID that doesn't exist in that school. 

 

So my one school works, and I want to use the same SSID and PSK for the entire district, but have it correlate to a different VLAN depending on what access point they connect to. 

 

So now I don't know how to proceed. Does this lengthy explanation of what I am trying to do sound legit and allowable.

 

Any assistance is appreciated.

 

Vince 

 

 

1 ACCEPTED SOLUTION
BowlesCR
Here to help

It sounds like you've got everything set up in one giant "network" (in the Meraki Dashboard sense). Is there any particular reason for this?

 

I've been told (and discovered firsthand) that best practice favors one or more networks per physical site. This should free you up to define the quirks of each building individually, and you can of course define SSIDs with the same name/key in each network. Look in to templating and/or cloning can help you cut down on the management overhead of multiple networks.

Anecdotally, it seems to me that this improves Air Marshal as well.

View solution in original post

4 REPLIES 4
BowlesCR
Here to help

It sounds like you've got everything set up in one giant "network" (in the Meraki Dashboard sense). Is there any particular reason for this?

 

I've been told (and discovered firsthand) that best practice favors one or more networks per physical site. This should free you up to define the quirks of each building individually, and you can of course define SSIDs with the same name/key in each network. Look in to templating and/or cloning can help you cut down on the management overhead of multiple networks.

Anecdotally, it seems to me that this improves Air Marshal as well.

Thanks, Ill try new "networks" in the dashboard.
MRCUR
Kind of a big deal

Two things: are all of your AP's in one big Dashboard network? What do your switch port configs look like for the AP's? 

MRCUR | CMNO #12

Yes, one big network. Ill try breaking it up with a network per site.

Switches are dotq trunks with no vlan restrictions.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels