Issue with my MR33

Solved
MauroF
Building a reputation

Issue with my MR33

Issue: my MR33 dont get an IP or sometimens they get it properly and afetr 30 sec htey get 1.1.1.1

 

Topology: Fortigate ---> switch----> AP

 

Considering that i have a native vlan 3 (configured on my Fortigate L3) and my switch ports configuration are TRUNK,native vlan 3,tagged all.  All the vlan are correctly configured everywhere i dont know what the issue is.

 

But...if i change to config in the switch ....configuring native vlan 1 instead of 3, they get an IP.

 

ideas?

1 Accepted Solution
Mark_S
Meraki Employee
Meraki Employee

Hi MauroF,

 

Just clarifying the statements above on this post in relation to VLAN tagging for the management traffic of MR APs.

If setting the VLAN on the MR, ensure that this VLAN does not match the native VLAN on the switch port (this would be a case of double tagging and cause the MR issues).

If setting the management VLAN for the MR via the native VLAN on the switch port, ensure the VLAN section is blank when setting the MR LAN IP to DHCP within dashboard.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging#Management_Traffic_V...

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

View solution in original post

9 Replies 9
rwiesmann
A model citizen

Did you try a factory reset of the AP?

I would start with that.

 

https://documentation.meraki.com/General_Administration/Support/Resetting_Cisco_Meraki_Devices_to_Fa....

 

Also check the DHCP setting...is the GW the right one and reachable.

 

alemabrahao
Kind of a big deal
Kind of a big deal

What about the port on the Fortigate is configured as trunk and native VLAN 3?
 
Remember that on the AP side, the management interface must be without VLAN tagging, that is, you must leave the value as Zero.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
MauroF
Building a reputation

The issue is that the switch Meraki even if i configured the vlan3 as native(management) on the switches..still have the vlan 1 as native bx default.. so the interface connected to a Ap see traffic not-tagged arriving from the fortigate and since the vlan native is 1 (default) it associated as it.What a shenanigan!

rhbirkelund
Kind of a big deal
Kind of a big deal

On the Switch Settings page, try setting the Management VLAN to 3, keep the switch uplink to Fortigate as native vlan 3, and ensure that on the Fortigate side, the native vlan is set to 3.

Unless configured otherwise, the AP will always pull a management IP address in whatever vlan is configured as native on the switchport that is connects to.

 

If you want your Meraki Switches to have management in VLAN 3, and the APs in VLAN 1, configure the Fortigate port to be native 3, allowed all.

Switch uplink to Fortigate to be nateive vlan 3 and allowed all.

Switch downlink port to AP,to be native vlan 1, allowed all.

 

Make sure all ip configuration is cleared from the individual IP address configuration on each device.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Brash
Kind of a big deal
Kind of a big deal

As you identified, the management vlan is different from the default vlan (or switch-wide native vlan).

Your original issue sounds like it's because with all of the native tagging, the packets being sent to your AP are having their vlan tag stripped and are therefore arriving untagged whilst the AP is expecting tagged packets.

 

You'll need to find where is the most logical place to tag traffic (using switch port native vlans or management vlans & SSID tagging).

MauroF
Building a reputation

You are right but....if teh fortigate has a network untugged and the switch interface has a vlan 3 as native...it works....but AP side...if i set nativa vlan 3,trunk all.. doesnt work.

it works when i use vlan 1 as native on the switch interface towards the AP

MauroF
Building a reputation

 doesnt make lot of sense to be honest

 

Mark_S
Meraki Employee
Meraki Employee

Hi MauroF,

 

Just clarifying the statements above on this post in relation to VLAN tagging for the management traffic of MR APs.

If setting the VLAN on the MR, ensure that this VLAN does not match the native VLAN on the switch port (this would be a case of double tagging and cause the MR issues).

If setting the management VLAN for the MR via the native VLAN on the switch port, ensure the VLAN section is blank when setting the MR LAN IP to DHCP within dashboard.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging#Management_Traffic_V...

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
MauroF
Building a reputation

This is the solution!Thanks!

Get notified when there are additional replies to this discussion.