Meraki

cmr · ‎Apr 17 2023

I had some fun today when we had an SSID that could not access multiple resources. It turned out that when we created it, we had forgotten to allow traffic to the LAN. If you see trace routes failing on the first hop at 10.128.128.128 then this is the cause!

Go to Wireless / Firewall & traffic shaping and make sure the below is set if you see this problem:

If my answer solves your problem please click Accept as Solution so others can benefit from it.

thomasthomsen · ‎Feb 12 2024

I think the "deny" has been default on the first SSID created for quite a while, but yeah, it creates problems, and is not really documented anywhere.

View solution in original post

NPL_Jeffrey · ‎Feb 9 2024

Thank you CMR. Your tip was very helpful. I decided that I did not want to open my entire LAN by selecting "Allow" so I was able to create a new rule on this menu to allow traffic to just a specific IP address that our guests need access to. I am so happy it worked!

thomasthomsen · ‎Feb 12 2024

I think the "deny" has been default on the first SSID created for quite a while, but yeah, it creates problems, and is not really documented anywhere.

rwiesmann · ‎Feb 22 2024

Thanks @cmr your post saved me yesterday quite some troubleshooting time! Thanks!

PatrickBorn · ‎Feb 28 2024

@cmr, thanks for posting this.

Maybe these 2 docs, related to 10.128.128.128 where an access point running in NAT-mode uses this address may help others in the future:

Maurice_K · ‎Apr 19 2024

Hi guys,

I tried the above but we're still experiencing this. To note it's only for new users trying to join Wi-Fi. The hops are still dropping at 10.128.128.128.

Any more ideas where to check?