cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Strange wireless issue --clients connect, but no layer-3

Highlighted
Getting noticed

Strange wireless issue --clients connect, but no layer-3

I am putting in a new remote site with a Meraki MS switch stack and wireless APs. 

 

The PCs and wireless clients are to be put on one subnet (172.16.88.0 /22) VLAN 980. So I created the network/vlan on the switch stack, and for DHCP I selected relay and put in the IP address of a DHCP server on another subnet that is reachable from the switch stack (I put in a static route to that remote server)

 

My wired PC clients work fine. They connect to the switch, grab an IP address from the server, are able to ping everything ad connect to the Internet through an upstream MX appliance connected to the switch.

 

But the wireless clients cannot.

 

For the wireless network, I configured the port connecting to the AP as a trunk with the native VLAN set to 980, and selected "bridge-to-LAN" in my SSID setup. The AP itself comes up fine, and clients can associate with it using WPA2, but they never get an IP address from the DHCP server.

 

If I hard-code the wireless adapter with a valid address on that 980 VLAN, the client still cannot ping the switch stack--but strangely enough, the switch can ping the wireless client. The client cannot see the rest of the network or connect to the Internet.

 

I tried changing the port for the AP to an access port on VLAN 980. It didn't fix the issue.

 

Something I am missing here?

3 REPLIES 3
Highlighted
Getting noticed

Re: Strange wireless issue --clients connect, but no layer-3

ah I figured it out lol.

 

I had "block local lan access" on for the the network in the SSID firewall settings for the wrong network (should been on for guest only).

 

be careful of that one!

Highlighted
Kind of a big deal

Re: Strange wireless issue --clients connect, but no layer-3

Good that you made it work and thanks for letting us know too.

 

However, I think it would be better not to use the native VLAN to get them on the correct VLAN. It's probably better to have the native VLAN to be something you don't use and have the SSID set to the 980 VLAN.

Highlighted
Getting noticed

Re: Strange wireless issue --clients connect, but no layer-3

agreed --however, it was a requirement of the client. I couldn't change it
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.