Meraki WLAN Radius/Group Policy Setup

DominiqueB
Comes here often

Meraki WLAN Radius/Group Policy Setup

Currently, we're in the process of switching to Meraki APs(MR46) from our current setup (Cisco WLC and APs). I'm attempting to incorporate the newly acquired APs into our current radius server. After setting them up in the radius server we can connect with our AD credentials but our DHCP's not giving out an IP address to our clients. We've also created a Group policy within our DC as we did before with our previous wireless setup. The question I have is there a certificate that I would need to add from Meraki into group polic or is there something I need to do on our DHCP server to make sure clients get the an address?

7 Replies 7
ww
Kind of a big deal
Kind of a big deal

Hi

How is your ssid  configured? For bridge  mode? Or tunnel ssid to mx?

If in bridge mode, in what vlan the client is connected?

Where or what vlan is the dhcp server located?

 

DominiqueB
Comes here often

I have the SSID set up in bridged mode with the VLAN tag being 70 which is for our employees. The DHCP is located on one of our DCs.

ww
Kind of a big deal
Kind of a big deal

The gateway/router for vlan 70 is configured to forward the dhcp request  to the datacenter?

 

 

DominiqueB
Comes here often

Yes.

ww
Kind of a big deal
Kind of a big deal

Dashboard Wireless health also report dhcp issues?

 

Can the Layer 3 interface ping the dhcp server?  If possible Can you verify that layer3 interface is receiving and forwarding dhcp packets from a client (f.e. with a packet capture)

Bruce
Kind of a big deal

Is the switch port that the access point is plugged into configured as a trunk and allowing VLAN70?

DominiqueB
Comes here often

I've altered my policy on our radius server and now the DHCP is giving out addresses but I'm still having issues with VLANs being properly tagged. When I add a tag to the SSID internet access is lost. When I remove the tag within the dashboard I'm able to connect successfully with my AD credentials but get an IP designated for our LAN network and not our WLAN network. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels