Meraki

Community

MR18 Mesh issue

DHAnderson
Head in the Cloud
‎Apr 23 2019 12:05 PM
‎Apr 23 2019 12:05 PM

MR18 Mesh issue

I have two MR33 access points that are hard wired and one MR18 access point that is setup in Mesh mode.  There are two SSIDs, One uses RADIUS authentication, and the other uses the Meraki Guest network.

 

This setup has been working flawlessly for over a year. But in the last two weeks, clients can connect to the Guest network, but not the one using RADIUS.  If I go to the Meraki website and check RADIUS connectivity, all three Access Points pass the test.

 

The clients on the RADIUS network will either get in a continuous 802.11 association and 802.11 disassociation loop, or when they can associate, they cannot get out to the internet.

 

I have factory reset the MR18, but that did not make any difference.  All access points are running 25.13 which was applied last October.

 

If I drag a network cable to the access point and temporarily wire it, RADIUS clients have no problem connecting or accessing the internet.

 

Any insights to what might be going on, or what other steps I could take to debug or fix this, would be welcome.

Dave Anderson
0 Kudos
12 Replies 12
kYutobi
Kind of a big deal
‎Apr 23 2019 1:29 PM
‎Apr 23 2019 1:29 PM

Would anything need to be updated on your RADIUS server?

Enthusiast
0 Kudos
In response to kYutobi
Nick
Head in the Cloud
‎Apr 23 2019 2:02 PM
‎Apr 23 2019 2:02 PM

My initial thought is the same. Is the RADIUS server filtering via IP etc.

But you say the check passes and you can see the AP's auth correctly. Can you confirm this in the RADIUS server logs?
In response to Nick
DHAnderson
Head in the Cloud
‎Apr 24 2019 7:56 AM
‎Apr 24 2019 7:56 AM

I can't see the RADIUS logs, as the RADIUS is managed by JumpCloud. As I mentioned, RADIUS clients can connect to the wired MR33s, but not the Meshed MR18.

Dave Anderson
0 Kudos
In response to kYutobi
DHAnderson
Head in the Cloud
‎Apr 24 2019 7:53 AM
‎Apr 24 2019 7:53 AM

Thanks for response.  The RADIUS Server managed by JumpCloud, a cloud based replacement for Active Directory.

 

Clients have no issues connecting to the RADIUS network from either of the wired MR33.  As I said before, all 3 AP test fine from the Meraki Web page. It is just the Meshed MR18 that is the problem child.

Dave Anderson
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 23 2019 2:41 PM
‎Apr 23 2019 2:41 PM

It was working until two weeks ago - what changed then?  Firmware change, config change?

In response to PhilipDAth
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Apr 23 2019 2:49 PM
‎Apr 23 2019 2:49 PM

Following on from what Phil said has anything changed on the Radius server i.e. windows updates?

0 Kudos
In response to PhilipDAth
DHAnderson
Head in the Cloud
‎Apr 24 2019 8:24 AM
‎Apr 24 2019 8:24 AM

@PhilipDAth The last firmware change was last October, but I did change the Client IP assignment from Layer 3 Roaming to Bridge Mode recently.

 

I just did some more testing.  If the RADIUS network is in Layer 3 Roaming, Clients can connect successfully to the Meshed MR18.  If I change the Client IP Assignment to Bridge Mode, clients cannot successfully connect.

 

Dave Anderson
0 Kudos
In response to DHAnderson
DHAnderson
Head in the Cloud
‎Apr 26 2019 11:41 AM
‎Apr 26 2019 11:41 AM

Does anyone know why Layer 3 Mode Roaming works, and Bridge Mode does not, for a meshed MR18?

Dave Anderson
0 Kudos
In response to DHAnderson
DHAnderson
Head in the Cloud
‎Apr 26 2019 12:05 PM
‎Apr 26 2019 12:05 PM

More information

 

I had been prototyping a network layout where there is no "Trusted Lan" (See Google's BeyondCorp).  I enabled port isolation on my switches, and then Layer 2 Isolation on the RADIUS lan.  So the Layer 2 isolation is breaking the ability of a client on a Meshed Access Point to connect to the internet.

Dave Anderson
0 Kudos
JessieGomez
Conversationalist
‎Apr 23 2019 4:50 PM
‎Apr 23 2019 4:50 PM

Hello,

 

When checking on the meshed AP, what are  you seeing under "Current Mesh Routes" ?

0 Kudos
In response to JessieGomez
DHAnderson
Head in the Cloud
‎Apr 24 2019 8:17 AM
‎Apr 24 2019 8:17 AM

@JessieGomez The Mesh route is showing 78.8 Mbps, Avg Metric of 1179, and usage of 100% to the correct wired MR33.

Dave Anderson
0 Kudos
MMoss
Building a reputation
‎Apr 23 2019 5:07 PM
‎Apr 23 2019 5:07 PM

Have you factory reset them?

 

Do you have Air Marshall enabled? 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.