Issue: my MR33 dont get an IP or sometimens they get it properly and afetr 30 sec htey get 1.1.1.1
Topology: Fortigate ---> switch----> AP
Considering that i have a native vlan 3 (configured on my Fortigate L3) and my switch ports configuration are TRUNK,native vlan 3,tagged all. All the vlan are correctly configured everywhere i dont know what the issue is.
But...if i change to config in the switch ....configuring native vlan 1 instead of 3, they get an IP.
ideas?
Solved! Go to solution.
Hi MauroF,
Just clarifying the statements above on this post in relation to VLAN tagging for the management traffic of MR APs.
If setting the VLAN on the MR, ensure that this VLAN does not match the native VLAN on the switch port (this would be a case of double tagging and cause the MR issues).
If setting the management VLAN for the MR via the native VLAN on the switch port, ensure the VLAN section is blank when setting the MR LAN IP to DHCP within dashboard.
Did you try a factory reset of the AP?
I would start with that.
Also check the DHCP setting...is the GW the right one and reachable.
The issue is that the switch Meraki even if i configured the vlan3 as native(management) on the switches..still have the vlan 1 as native bx default.. so the interface connected to a Ap see traffic not-tagged arriving from the fortigate and since the vlan native is 1 (default) it associated as it.What a shenanigan!
On the Switch Settings page, try setting the Management VLAN to 3, keep the switch uplink to Fortigate as native vlan 3, and ensure that on the Fortigate side, the native vlan is set to 3.
Unless configured otherwise, the AP will always pull a management IP address in whatever vlan is configured as native on the switchport that is connects to.
If you want your Meraki Switches to have management in VLAN 3, and the APs in VLAN 1, configure the Fortigate port to be native 3, allowed all.
Switch uplink to Fortigate to be nateive vlan 3 and allowed all.
Switch downlink port to AP,to be native vlan 1, allowed all.
Make sure all ip configuration is cleared from the individual IP address configuration on each device.
As you identified, the management vlan is different from the default vlan (or switch-wide native vlan).
Your original issue sounds like it's because with all of the native tagging, the packets being sent to your AP are having their vlan tag stripped and are therefore arriving untagged whilst the AP is expecting tagged packets.
You'll need to find where is the most logical place to tag traffic (using switch port native vlans or management vlans & SSID tagging).
You are right but....if teh fortigate has a network untugged and the switch interface has a vlan 3 as native...it works....but AP side...if i set nativa vlan 3,trunk all.. doesnt work.
it works when i use vlan 1 as native on the switch interface towards the AP
doesnt make lot of sense to be honest
Hi MauroF,
Just clarifying the statements above on this post in relation to VLAN tagging for the management traffic of MR APs.
If setting the VLAN on the MR, ensure that this VLAN does not match the native VLAN on the switch port (this would be a case of double tagging and cause the MR issues).
If setting the management VLAN for the MR via the native VLAN on the switch port, ensure the VLAN section is blank when setting the MR LAN IP to DHCP within dashboard.
This is the solution!Thanks!