Meraki Cloud Authentication not Pinging LAN IP

Solved
emmaozoms
Getting noticed

Meraki Cloud Authentication not Pinging LAN IP

Hello Guys,

I noticed that setting the Meraki Cloud Authentication I cannot ping my LAN IP. Please how can I resolve this issue?

 

emmaozoms_0-1713542913027.png

 

emmaozoms_1-1713542978895.png

emmaozoms_2-1713543015822.png

 

1 Accepted Solution
Purroy
Meraki Employee
Meraki Employee

Sure, if you disable Layer 2 LAN isolation then it should work as you expect it.  You currently have it enabled.

View solution in original post

19 Replies 19
alemabrahao
Kind of a big deal
Kind of a big deal

Have you tried allowing communication with the LAN in the SSID firewall settings?

alemabrahao_0-1713543595033.png

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
emmaozoms
Getting noticed

Yes I did 

 

emmaozoms_0-1713544091506.png

 

 

alemabrahao
Kind of a big deal
Kind of a big deal

If you are trying to ping a Windows machine it is probably the machine's local firewall denying it. Try disabling this.

 

If the rest is working there is nothing to worry about, ping is not a reliable test.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
emmaozoms
Getting noticed

Am pinging the gateway and static IP of the switches connected to the MS120, but I can't Ping them. If I disconnect from the Meraki Cloud Authentication, I noticed I can ping all the LAN IP

alemabrahao
Kind of a big deal
Kind of a big deal

Is the problem just the ping? Is the rest working?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
emmaozoms
Getting noticed

The devices are working but I can't connect to it like the Sophos firewall, cisco catalysis switches, Synology. I cannot log to the devices to manage them. 

alemabrahao
Kind of a big deal
Kind of a big deal

So you have a firewall, have you checked to see if your firewall isn't blocking something?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

I'll be very honest that this doesn't seem to me to be related to authentication itself, but something on your local network. It would be interesting to validate whether the mask and gateway are correct when you receive the IP.

If the problem persists, I suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

Are you dropping the users into the correct VLAN?

emmaozoms
Getting noticed

Yes

PhilipDAth
Kind of a big deal
Kind of a big deal

If you temporarily turn off authentication (or make it PSK) does the same issue happen?

I'm with @alemabrahao - I don't think this is an authentication issue.

emmaozoms
Getting noticed

If I make it just psk I will be able to ping and login to the devices on the network

BlakeRichardson
Kind of a big deal
Kind of a big deal

Can you please show a diagram of how the network is configured, are the wifi client and firewall / synology etc all on the same subnet or over there on different subnets and you are routing via a switch or firewall? 

Without knowing how traffic is supposed to flow its difficult to provide help but I agree with @alemabrahao the authentication type is unlikely to be the issue

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
emmaozoms
Getting noticed

Thank you for the response. Please see the rough diagram below as requested. 

emmaozoms_0-1713773453008.png

 

 

emmaozoms
Getting noticed

From the below. The SSID with OfficeWifi_M, I can ping all the IP and login to them without issue. For the SSID with Office-Wifi, I cannot ping or login to the devices on the network.

emmaozoms_1-1713774015164.png

 

Purroy
Meraki Employee
Meraki Employee

Can you verify that in the Office-Wifi Firewall & traffic shaping you do not have Layer 2 LAN Isolation?

Layer 2 LAN isolation only allows traffic to the default gateway MAC address hence it will disable connectivity to any other devices on the wired LAN if they are in that same VLAN.

emmaozoms
Getting noticed

See the setting configured 

 

emmaozoms_0-1713776774731.pngemmaozoms_1-1713776808611.pngemmaozoms_2-1713776836729.png

 

Purroy
Meraki Employee
Meraki Employee

Sure, if you disable Layer 2 LAN isolation then it should work as you expect it.  You currently have it enabled.

emmaozoms
Getting noticed

Thank you. Solved

Get notified when there are additional replies to this discussion.