Strange wireless issue --clients connect, but no layer-3

Silas1066
Getting noticed

Strange wireless issue --clients connect, but no layer-3

I am putting in a new remote site with a Meraki MS switch stack and wireless APs. 

 

The PCs and wireless clients are to be put on one subnet (172.16.88.0 /22) VLAN 980. So I created the network/vlan on the switch stack, and for DHCP I selected relay and put in the IP address of a DHCP server on another subnet that is reachable from the switch stack (I put in a static route to that remote server)

 

My wired PC clients work fine. They connect to the switch, grab an IP address from the server, are able to ping everything ad connect to the Internet through an upstream MX appliance connected to the switch.

 

But the wireless clients cannot.

 

For the wireless network, I configured the port connecting to the AP as a trunk with the native VLAN set to 980, and selected "bridge-to-LAN" in my SSID setup. The AP itself comes up fine, and clients can associate with it using WPA2, but they never get an IP address from the DHCP server.

 

If I hard-code the wireless adapter with a valid address on that 980 VLAN, the client still cannot ping the switch stack--but strangely enough, the switch can ping the wireless client. The client cannot see the rest of the network or connect to the Internet.

 

I tried changing the port for the AP to an access port on VLAN 980. It didn't fix the issue.

 

Something I am missing here?

3 REPLIES 3
Silas1066
Getting noticed

ah I figured it out lol.

 

I had "block local lan access" on for the the network in the SSID firewall settings for the wrong network (should been on for guest only).

 

be careful of that one!

Good that you made it work and thanks for letting us know too.

 

However, I think it would be better not to use the native VLAN to get them on the correct VLAN. It's probably better to have the native VLAN to be something you don't use and have the SSID set to the 980 VLAN.

agreed --however, it was a requirement of the client. I couldn't change it
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels