IPSK without Radius problems

VanDerTuch
Here to help

IPSK without Radius problems

Hello guys,

i am going here for advice.

I have a project where is planning MX75, 3Meraki switches and 19APs(MR28)....but this will be done in summer.

Now i am trying to configure IPSK without radius and there is still some problems.

My lab is(MR67 + MS120(8port POE)) and 1xMR28. Topology is very simple and links between devices are trunks(with all vlans allowed). My problem is with configuration IPSK. Goal is have one SSID, but with 18-20 different passwords.(per apartments) 

I have done it, but it does work for while. Configuration is not complicated, i cant see any problem. I have done 3 testing groups, with 3 different passwords. Vlans are also created on MX(vlan10,vlan20,vlan30). I have done config with vlan tagging, also without. For a while it was working, but with configuration pain(for example Wi-Fi Personal Network (WPN) enable/disables problems)- if enabled- it should be allowed communication only between devices in same group, but not(it is like client isolation and nobody in groups cant see other, only internet working). If disabled, can communicate devices between every group. But this can be solved in firewall section....

After day, i disabled this ssid and today i wanted to test devices and they couldn't connect....I looks like totally unstable. I have done config with tagging, also without tagging. I have tried tagging in groups(under wifi section), but devices have still problems....Do you have any idea? Or is here somebody,  who has this feature implemented and working reliable?

version of my MX is 18.205 and MR28 is 30.6 , thanks a lot for advices.

 

Juraj.

5 Replies 5
Marvin_
Here to help

Hi Juraj,

have you tried rebooting the MR28?

In documentation there is a note stating: "Note: It might be necessary to reboot your APs to clear Group Policies inherited from respective iPSKs after changing the SSID authentication type from iPSK without RADIUS to a different authentication method.".

https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS

Maybe this is necessary after what you have changed on your SSID.

Greetings,

Marvin

VanDerTuch
Here to help

I didnt, tommorow i will test....it could be problem, but quite strange that i have to reboot....thanks for advice

alemabrahao
Kind of a big deal
Kind of a big deal

I believe the first thing is to leave both MX and MR in the stable version, you are running a stable candidate version, but based on Meraki's history I have seen many problems in stable candidate versions.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
VanDerTuch
Here to help

Hello, i had before stable version, but it looks very similar, therefore i did firmwere upgrade to stable candidate, because there was some bugfixes with IPSK. But my opinion is that is some problem with groups and AP. It should be very simple but something is working like should.

PS: I did similar config also wih tp-link OMADA(IPSK, only for testing purpose), and everything was working extremly fine...so i dont understant where is problem with meraki setup...

CFStevens
Meraki Employee
Meraki Employee

Hi @VanDerTuch

 

I hope you are having a wonderful week and that you have been able to resolve this issue! However, in the event that it is still a problem, I would highly recommend you give the Meraki Support team a call so we can review your configuration and attempt to recreate the issue. 

 

:]

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels