Meraki Community

Hello. I have noticed you are very quick at responding but I don't think you really read the question but rather just the subject line. So most of your answers don't directly address the question. 

My question was how is the Meraki AP able to detect the AP Wired Mac address? If I have 2 different APs on different VLANs configured as Access Ports. How does 1 AP see the Wired MAC of another AP?

I think you who didn't understand my friend, re-read the answer, and the documentation. 😉

So do you mind elaborating then? I don't see anywhere on documentation that explains how AP finds out the wired MAC. I see how it compares between Wired MAC & BSSID to classify as a Rogue. 

Below is a specific scenario I am trying to understand

My question was how is the Meraki AP able to detect the AP Wired Mac address? If I have 2 different APs on different VLANs configured as Access Ports. How does 1 AP see the Wired MAC of another AP?

It is part of the documentation.

I think you want to know this:

When we detect an SSID being broadcast, we compare it to other known MAC addresses on the LAN. The criteria for a match are as follows:

• If a wired MAC and the broadcasted BSSID MAC match on the 3rd and 4th bytes of the MAC (starting with the 0th byte on the left, ending on the 5th byte on the right)
• AND if the rest of the bytes differ by 5 bits or less (except for the 4 least significant [rightmost] bits of the 5th byte, which are masked out), it is classified as a Rogue SSID.

You can see this under Rogue_SSIDs . There is also a calculation example.

Thanks @Greenberet, finally someone who reads the documentation. 😄

lol you were partially right. @Ryan_Miles provided the section I missed on the documentation. But still, you were wayyy off on your answer. Apple & oranges. 

There is a note about using a trunk port connected to the AP to detect rogues on all/other VLANs

LINK

@Ryan_Miles This is exactly what I was looking for. Thank you. It does make sense now. 

However, currently, I have Meraki as a Trunk port with native vlan for Mgmt IP. All VLANs are allowed. I also have other Cisco APs on the environment. Meraki APs can see the BSSID but cannot see the Cisco APs wired mac. Any idea?

They are connected on the same switch for different VLANs. But since Meraki is on a trunk port it should have been able to see all the Wired MACs.

Do the wired MAC and BSSID MAC meet these requirements?

When we detect an SSID being broadcast, we compare it to other known MAC addresses on the LAN. The criteria for a match are as follows:

• If a wired MAC and the broadcasted BSSID MAC match on the 3rd and 4th bytes of the MAC (starting with the 0th byte on the left, ending on the 5th byte on the right)
• AND if the rest of the bytes differ by 5 bits or less (except for the 4 least significant [rightmost] bits of the 5th byte, which are masked out), it is classified as a Rogue SSID.

If it does then you may want to work with Meraki Support to see why it's not being detected. 

@Ryan_Miles So the issue is I see the "wired Mac" section empty on Meraki event alerts. So it can't even match it. Yea, I will probably open a support case to understand more and what I am missing.