Meraki

Community

All access points KO

TalentBari
New here
‎Jun 21 2024 1:16 AM
‎Jun 21 2024 1:16 AM

All access points KO

Hello,
we have a problem within our infrastructure.
All access points are offline and unreachable from the Meraki dashboard.

I have already rebooted switch and mx but with no results.
We have manually reset from the 1 access point key, to no avail.
Removed power cable to switch and mx, to no avail.

I restarted the vpn tunnel on our firewall, but no result.
I do have these evidences though:
there seems to be a ko tunnel on the mx side, I think this is the reason.
what can i do to restart it ?

many thanks

 

 

MX: MX67

Switch: MS210-48FP

Access point: MR36

 

 

TalentBari_0-1718957474056.png

 

also I notice that the access points come out with the cloudflare address, but no one has set this value for them.
why does this happen?

 

 

TalentBari_2-1718957735861.png

 

0 Kudos
13 Replies 13
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 21 2024 1:44 AM
‎Jun 21 2024 1:44 AM

I would suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 21 2024 3:09 AM
‎Jun 21 2024 3:09 AM

To me you seem to have a DHCP problem. Who is your DHCP server today? I don't believe the tunnel down is the problem. However, without having greater visibility of your network, it is difficult to give an accurate answer.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
TalentBari
New here
‎Jun 21 2024 3:36 AM
‎Jun 21 2024 3:36 AM

THE dhcp role is on a domain controller.
we have other international locations with the same configuration.
only this configuration here, has a ko tunnel, as you see in the image.

 

TalentBari_0-1718966165708.png

 

0 Kudos
In response to TalentBari
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 21 2024 3:48 AM
‎Jun 21 2024 3:48 AM

Haven't you checked with your ISP to make sure you're not having a link problem?
 
Why do you centralize in a single DHC? Wouldn't it be more viable to configure the MX as a DHCP server in the location?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
TalentBari
New here
‎Jun 21 2024 5:11 AM
‎Jun 21 2024 5:11 AM

we have a vodafone router, we tried connecting the laptop with cable and it works.
ce connectivity then.

now i can't think about improving the system, i have to solve the problem because it is serious.
the office is ko

0 Kudos
In response to TalentBari
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 21 2024 5:57 AM
‎Jun 21 2024 5:57 AM

Call Meraki support, they will help you.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
TalentBari
New here
‎Jun 21 2024 3:38 AM
‎Jun 21 2024 3:38 AM

this is another office with the configuration of the 2 tunnels not in error.
that's why i think the problem is in one tunnel

 

TalentBari_1-1718966314517.png

 

 

0 Kudos
In response to TalentBari
ww
Kind of a big deal
Kind of a big deal
‎Jun 21 2024 4:17 AM
‎Jun 21 2024 4:17 AM

Do you have a firewall in front of the spoke or hub?  lf so, Make sure auto vpn traffic is allowed from the public  ip's

0 Kudos
In response to ww
TalentBari
New here
‎Jun 21 2024 5:21 AM
‎Jun 21 2024 5:21 AM

the office is located in Madrid
the firewall is located in France.
it is an international infrastructure.
the meraki uses vpn tunnels as you can see from the pictures.
this is the log from the firewall:

 

TalentBari_0-1718972420065.png

 

0 Kudos
GreenMan
Meraki Employee
Meraki Employee
‎Jun 21 2024 6:41 AM
‎Jun 21 2024 6:41 AM

Assuming your MX is connected via an Internet link or links I would ultimately suggest you configure the network so that the switch(es) and access point(s) break out directly to the Internet from the MX - don't send their management traffic over tunnel.   That may mean provisioning a management VLAN to them, which has VPN  disabled
Bear in mind that you can do a lot in troubleshooting tunnels using Network-wide > packet capture from the MXs at each end, looking at the Internet side;   filter for the destination public IP of the other MX and see what is being sent and received at which end.   This will show if the MXs are sending tunnel initiation packets to the right destinations and whether they are being received.   If the WAN links at both ends are up, my guess is that something upstream is blocking some of the traffic.   Support will help you with this - call them, rather than raising a case via Dashboard.

0 Kudos
Purroy
Meraki Employee
Meraki Employee
‎Jun 21 2024 7:57 AM
‎Jun 21 2024 7:57 AM

Check your native VLANs between all of your devices.  They should ideally all match.

0 Kudos
In response to Purroy
TalentBari
New here
‎Jun 24 2024 2:04 AM
‎Jun 24 2024 2:04 AM

Good morning,

this morning before making the change I found the switch offline. I applied the modification you suggested to no avail.

(changed switch port to 101, all switch ports to 101).

The serious situation Now is that the switch is not possible to reboot, I can't reach it. What can I do ?

I noticed that:

Another configuration for the another office for example, has the VLAN on the MX set as 101, but the switch and the ports on it are all on VLAN1, despite this, everything works fine !

for what reason ?

 thanks again.

0 Kudos
Alejandro_F
Meraki Employee
Meraki Employee
‎Jun 21 2024 5:08 PM
‎Jun 21 2024 5:08 PM

Hi,

   If the tunnel is down and all the traffic on the LAN is down probably the VPN is configured as full tunnel. Try to disable the default route check box if selected.  To check the VPN tunnel connectivity check the ports at the upstream. Rebooting the ISP modem could be a quick attempt to reset the connections.

https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshoo...

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.