Meraki

gabbybher · ‎Jun 21 2022

Hi,

It's my first time deploying Meraki and I'm having an issue with a specific SSID as the client is not getting an IP address. I will be replacing aironet with Meraki.

Meraki SSID with issue is on Bridge mode and it's using VLAN 308 for VLAN tagging.

The switchport is on trunk-mode and native VLAN is set to the VLAN for Meraki management IP(NO VLAN filtering on switchport), VLAN 308 is on the VLAN database of the core and access switches but VLAN 308 is behind Cisco ASA firewall.

VLAN 308 is already existing and it's being used by aironet access points. Clients connected to SSID from aironet are able to acquire IP address.

DHCP IPs are not depleted as well.

Kindly guide me if there is something I need to add on Meraki Dashboard or on Cisco ASA.

Thank you.

DarrenOC · ‎Jun 21 2022

Hi @gabbybher go to Wireless > configure > Firewall and Traffic shaping

Are you Allowing or Denying clients access to the LAN? If set to deny then clients won’t get an Ip from your dhcp server

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

gabbybher · ‎Jun 21 2022

Hi Ucert,

I think the SSID is on default settings for Firewall and Traffic Shapping.

DarrenOC · ‎Jun 21 2022

Scroll down on that page. What are your outbound rules? By default Local LAN is blocked

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

DarrenOC · ‎Jun 21 2022

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

gabbybher · ‎Jun 21 2022

it's also on default, allow IPv4 any any.

PhilipDAth · ‎Jun 21 2022

Some part of the information you have supplied is wrong - as the above should work - so you need to double check everything.

Make sure the SSID is set to bridge mode and is definitely bridging to VLAN308.

Make sure the switch port is definitely in trunk mode and definitely allowing VLAN308. Make sure the switch's uplink is able allowed to send and receive VLAN308.

Make sure the client is definitely authenticated to the SSID. They wont get an IP address if they haven't authenticated.

gabbybher · ‎Jun 22 2022

Hi PhilipDAth,

SSID is set to bridge mode.

Switchport is on trunk(no VLAN filtering)

Switch uplink allows all VLANs.

VLAN 308 is on the VLAN database of Core and Access switches.

The tester is able to authenticate and connect to SSID but it's not getting an IP from the DHCP server, just getting APIPA(169.254.x.x).

VLAN 308 is behind Cisco ASA firewall.

Are there configurations that I should add on Dashboard or Cisco ASA side?

Thank you.

DarrenOC · ‎Jun 22 2022

@gabbybher , what are you seeing in the ASA logs? Can you see the dhcp requests from the clients?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

PhilipDAth · ‎Jun 21 2022

If the other WiFi system has security features try turning them off. Perhaps it is seeing a rogue connected AP and is sending dis-association requests to prevent the client from being attached to the Meraki AP.

What does Meraki Wireless Sentry say? Anything in the Meraki wireless event log?

Meraki

Community

Client not getting IP address, VLAN is behind ASA firewall

Client not getting IP address, VLAN is behind ASA firewall