SSID issues (two different subnets/MX appliances, same SSID, in close proximity)

mducharme
New here

SSID issues (two different subnets/MX appliances, same SSID, in close proximity)

Hello,

 

We have a few instances of where we have two different Meraki MX routers for the same customer in fairly close proximity (buildings beside each other on a campus) with their own MR AP's behind them. This causes problems in that, because the SSID is the same, sometimes the client will roam from one building to the other and of course not realize that its old IP is no longer valid because the SSID is a match. If it roams to the other MX and doesn't request a new IP then the user has issues as they are connected but without a valid IP on that network.

 

Normally I would just create a second SSID for the other building, but the issue here is that most of the users are guests authenticating to a walled garden (Open authentication with sign on method "Billing"), and they should be able to use the same credentials in either building without having to register twice. However it looks to me like Meraki does not allow this and instead stores the guest users on a per SSID basis.

 

I am wondering if anybody has any suggestions as to how this could be resolved?

 

Thanks!

3 REPLIES 3
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @mducharme - maybe an investment in a wireless survey could help here.  Repositioning and reconfiguration of the AP's, channels, signal strengths would help to stop clients roaming between buildings.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
KarstenI
Kind of a big deal
Kind of a big deal

I would think about the following scenario:

  • SSID-Bulding1 is on all APs and uses L3 Roaming to an MX in Building 1
  • SSID-Building2 is on all APs and uses L3 Roaming to an MX in Building 2
PhilipDAth
Kind of a big deal
Kind of a big deal

This is the bit of your message that caught my attention:

 

>they should be able to use the same credentials in either building without having to register twice.

 

I have run into this business case before.  After discussing various options with the customer, I ended up creating an additional single network for only the APs, and moved the APs for both buildings into this one new network.  Now a guest account in one building works in both because it looks like one network.

 

Now we have the fundamental business issue sorted, let's turn to IP addressing.  In this case, I would use NAT mode with DHCP for the SSID.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/NAT_Mode_with_Meraki_DHCP 

When you use this mode, the client's MAC address is used to form the IP address, so the client always gets exactly the same IP address.  Clients will be able to roam from building to building without their IP address changing.

 

 

If you don't like the above you could also consider using a paid guest service like Splash Access.  It has a million times more Meraki's built-in offerings and is very popular.

https://www.splashaccess.com/ 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels