hey everyone: I'm a new Meraki user who inherited a preconfigured wifi with 5 MR52 APs. We just had our AIPhone screen upgraded by our security company today, but we are unable to configure phone apps to connect to this system via wifi. I suspect connected devices are not allowed to see each other on the same wifi network and I would like to know how/if this can be resolved? Thanks!
Solved! Go to solution.
It could be a firewall rule or layer 2 isolation stoping you from connecting to your AIPhone device.
You can check that in the meraki dashboard. Follow this link and see if you find something that helps 🙂
https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules
It could also be that your SSID is running in NAT mode. That would take a bit more work to solve.
https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/NAT_Mode_with_Meraki_DHCP
It could be a firewall rule or layer 2 isolation stoping you from connecting to your AIPhone device.
You can check that in the meraki dashboard. Follow this link and see if you find something that helps 🙂
https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules
It could also be that your SSID is running in NAT mode. That would take a bit more work to solve.
https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/NAT_Mode_with_Meraki_DHCP
Hey MartinLL:
Definitely running in NAT mode which explains a lot of my roaming issues between APs as well. I setup a test SSID in bridge mode but had to give it access to the LAN so it would use my DHCP. Problem is I would prefer to not open wifi up like that just for a doobell app. Does this sound like something I could solve with VLAN? Thanks!
Maybe you can add a new VLAN and subnet to your site and bridge a new ssid then move the devices there? That way you can keep your old setup and isolate the AIPhone devices instead.
I think this will probably be the best solution, I just need to find the right documents to assist me in the setup
This one is for Meraki MR and VLAN tagging.
https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points
For your downstream switch you need to make it a trunk port.
On your router you create a new SVI or subinterface depending on what you are using today.
which vendor do you use for your switch and router/firewall?
Thank you, I may have to get one of our consultants on the case, most of our infrastructure setup was done for us during a recent relocation. Our switches are Cisco and our firewall is Fortinet and I have beginner knowledge of both!
Undestandable. Good luck to you!
Check "Deny Local LAN" as well.