Bridged and Guest SSID on same AP not working

Solved
Julian1
Conversationalist

Bridged and Guest SSID on same AP not working

Hi community,

 

Thanks for reading, I hope someone can point me into the right direction.

 

We have an issue with the usage of two SSIDs one the same access point when one is in bridged mode and one in NAT Mode with Meraki DHCP.

 

The hardware is as follows:

Meraki MR42 access points with fixed IPs and no VLAN configured connected to MS225 access switches that are connected to two MS355 core switches.

 

We have used WIFI with our own radius server in bridged mode for a while an everything works as expected. Now we want to use a second SSID with Meraki guest mode. As soon as we configure the second SSID the access point is loosing its fixed IP and changes to a DHCP address. That results in a non working radius authentication on the first SSID as the radius client has a new IP address. The error says „Bad IP assignment“ only. If we change the IP configuration and add VLAN 1 to it the access point is unreachable at all. If we remove the native VLAN 1 from the corresponding switch port (allowed all) the first SSID is working but the user clients does not receive a DHCP address on the bridged lan.

 

What would be the correct configuration for the mentioned devices in order to geht this to work?

 

Thank you!

 

Best regards,

Julian

1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal

@Julian1 we always set APs to use DHCP these days for their management IP.

 

As everything works, other than the MR getting a new (incorrect) IP in the correct subnet, can you not create a DHCP reservation for the previously assigned static IP with the MAC address of the AP?

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

4 Replies 4
ww
Kind of a big deal
Kind of a big deal

Use vlan x (management vlan that can reach your radius) as native vlan on the switchport. And vlan y or vlan all as allowed vlans.

 

Give your AP a IP address in that vlan x, leave  the vlan field empty.

 

Set your bridge ssid to tag with vlan y. Make sure vlan y has a dhcp server

 

 

cmr
Kind of a big deal
Kind of a big deal

@Julian1 we always set APs to use DHCP these days for their management IP.

 

As everything works, other than the MR getting a new (incorrect) IP in the correct subnet, can you not create a DHCP reservation for the previously assigned static IP with the MAC address of the AP?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

We do the same as @cmr , use DHCP.  configure the RADIUS server to authenticate anything from that subnet.  Much easier than the old way of using a static config.

Julian1
Conversationalist

@PhilipDAth @cmr @ww  thanks for your comments. We will try the DHCP way asap.

 

Does someone know why the the APs behave like they do and can explain?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels