Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bridged wireless - iPhone says WiFi does not appear to be connected to the internet

Solved
TinOmen
Here to help
‎May 24 2023 4:07 PM
‎May 24 2023 4:07 PM

Bridged wireless - iPhone says WiFi does not appear to be connected to the internet

I have a bridged SSID with a tagged vlan.  DHCP is configured on the Meraki and it's handing out addresses with a local DNS server that's a Windows DC.  DHCP is configured with option 15 and the text lists our domain name.

Domain joined windows devices don't seem to have any problems.  But iPhones will notify users that the WiFi does not appear to be connected to the internet and asks them if they'd like to keep trying or switch to cellular.  When I select keep trying, I am getting internet on the iPhone.  Apps load, sites, streams, etc.  

 

I keep thinking maybe it's something with the DNS server, but I have network app on my phone and I can query the server for all kinds of domains no issue.  If I switch to an SSID that uses Meraki NAT, no issue.  I don't mind Meraki NAT but this particular SSID has a lot of roaming clients and Meraki's documentation states to use the bridged mode for that to work best.

 

Anyone run into this issue before?

0 Kudos
Subscribe
1 Accepted Solution
TinOmen
Here to help
‎Jul 9 2023 1:09 PM
‎Jul 9 2023 1:09 PM

After some investigation on this issue, turns out the SSID's using the Meraki DHCP are essentially NATd out via the Management VLAN which has no inspection on our firewall which explains, in part, why Apple web based traffic was flowing fine through these SSIDs and the others were being inspected and subject to geoblocking.  Resolution lied with adding an application policy for apple URLs on the firewall.

View solution in original post

0 Kudos
Subscribe
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 25 2023 4:10 AM
‎May 25 2023 4:10 AM

Have you already done a test with configuring an external DNS? Just to confirm if it could be something DNS related (which I find difficult).
 
What type of authentication are you using?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
TinOmen
Here to help
‎May 25 2023 12:53 PM
‎May 25 2023 12:53 PM

I'm using WPA2/3 transition mode shared passphrase on the SSID.  
On my phone I manually set the DNS server to google servers and didn't resolve the issue.

I had traffic shaping enabled on it.  Just tried turning it off.  We'll see if that makes a difference.  The only firewall rules I have on it are Allow to the LAN and blocking "P2P file sharing" and "Gaming".  I may try turning those off if the traffic shaping doesn't fix it.  Perhaps Meraki has a URL blocked in Gaming that would affect iOS from knowing it has internet connection?

0 Kudos
Subscribe
GreenMan
Meraki Employee
Meraki Employee
‎May 25 2023 4:17 AM
‎May 25 2023 4:17 AM

My guess is there's an Internet test that the iOS device is doing that is failing, either cos your DNS can't resolve it (as per @alemabrahao 's suggestion) or maybe there's some traffic being blocked by a firewall upstream?  Run a packet capture to see what's being generated & not correctly responded to..?

0 Kudos
Subscribe
In response to GreenMan
TinOmen
Here to help
‎May 25 2023 12:58 PM
‎May 25 2023 12:58 PM

It's definitely not being blocked up stream on my firewall.  I feel the other SSID that's using Meraki NAT and works rules that out as well.

I do feel you're on to something with the iOS internet test.  I turned off traffic shaping.  I also have a L7 rule to block gaming.  I may remove that as well to rule that out.

0 Kudos
Subscribe
TinOmen
Here to help
‎Jul 9 2023 1:09 PM
‎Jul 9 2023 1:09 PM

After some investigation on this issue, turns out the SSID's using the Meraki DHCP are essentially NATd out via the Management VLAN which has no inspection on our firewall which explains, in part, why Apple web based traffic was flowing fine through these SSIDs and the others were being inspected and subject to geoblocking.  Resolution lied with adding an application policy for apple URLs on the firewall.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.