Meraki MR WAPs running 28.X code are supposed to have Path MTU Discovery (PMTUD) running on the management interfaces. However, it was not working for me. (There are multiple reasons why PMTUD may not work in all circumstances.) I'm putting this information, and the steps to troubleshoot, out in hopes of saving someone else the time and aggravation.
This is what I was seeing for MR56 WAP connectivity to/from the Meraki cloud running 28.6.1 code. The 27.7.1 code did not show this behavior. The WAPs running 28.6.1 could not stay connected to the cloud for more than 5-10 minutes at a time.
From the Dashboard, this is what we were seeing:
So - What changed from 27.X to 28.X? This did:
Hints at the problem:
- Upstream firewall was showing no long-lived SSL sessions from the WAPs to the Meraki cloud. Sessions were lasting less than 90s. Also, the SSL sessions were being reset by the client, which while legal, is unusual.
- Packet capture in the upstream firewall showed a lot of TCP retransmissions of larger packets with the DF (don't fragment) flag set between the WAPs and the Meraki cloud.
Finding and verifying the issue:
The Fix:
- It turns out that our new Internet link had a configuration problem. The MTU was misconfigured to 1496 bytes. Configuration was corrected to 1500 bytes.
- Once the MTU was corrected, WAP connectivity issues were resolved.
In short, make sure you test your network's MTU size to make sure its 1500 bytes all the way from the WAPs to the Internet.
Related threads: