Hello Everyone
Where having this issue where in once a client/user is connected to our guest wifi ssid they cannot get internet access.
ipconfig details of the client is correct its just that once we ran a traceroute the 1st hop is 10.128.128.128 and were certain that IP address (10.128.128.128) is not within our network.
Other SSID's are working fine.
Meraki details
MR55
Current version: MR 26.4
Thanks
RJAC
Solved! Go to solution.
with regards to 10.128.128.128 IP that only appears when splash page settings is set to Cisco ISE once we point to none (direct access) the path changes and 10.128.128.128 was out of the picture.
its a bit strange, though because that tells us that 10.128.128.128 is somehow caused by ISE but on our end were certaiun that its not our ISE
thank you
Rajesh
ipconfig and traceroute
10.128.128.128 is a meraki AP ip. any fw rules configured?
Hello Ww/Everyone
Yes theirs fw rules configured on meraki (wireless environment) is there any specific rules we need to allow or deny?
it was also working before and the issue started to occur recently.
by the way Addressing and traffic settings is set to bridge mode and no change was made on the meraki
Hi Coesione_srl
All of the AP's were able to connect to the internet via ping and traceroute.
and we have 10 acl rules in place but i can only show the last 2 acl rules. please see below
the 1st 8 acl rules is just to allow traffic from our ISE servers.
thank you
RJAC
Put them all on allow and see if it works. (To check if its a fw issue)
The ise does not push any rules?
Hi WW/Everyone
ISE is only for authentication, we checked the logs on ISE and users are authenticated its just that once they are associated with the guest wifi theres no internet access
thank you
RJAC
Hi @RJAC
When on the guest network can you ping your DNS servers?
Have you done a PING from your core switch from the Guest SSID VLAN SVI out to the Internet?
Do you get the same result when wired?
Hi Uccer/Everyone
ping from core router sourcing svi of guest wifi can reach the internet
wired connection can reach the internet as well
when we connect to other ssid we can reach the internet as well
the issue is just happening on guest wifi ssid. (1st hop is 10.128.128.128)
thank you
RJAC
Hi @RJAC
Have you cHacked your firewall settings for the ssid
Wireless > Configure > Firewalling and Traffic Shaping
Theres a setting there that blocks access to the wired LAN. This could be stopping DNS lookups and therefore internet access
Hi UCcert /Everyone
further troubleshooting results that its an issue on our ISE.
when we change the splash page settings to None (direct access), users were able to browse the internet and the 10.128.128.128 ip was cleared. 1st hop was the ISP public ip.
thank you for all of the suggestions and help
RJAC
Well done @RJAC for sticking with it and resolving the issue.
Hi @RJAC - I seem to running into a similar issue on my end as well today. We also have an ISE splash page for our guest net.
Would you be willing to post what version of ISE you’re running? We’re at 2.3 patch 7.
Whoa @MinnesotaKid, time to upgrade quite quickly then, 2.3 is in End of Support state since last month:
@CptnCrnchi appreciate the note, but we’re all too familiar with that date :). Budgets, approvals, yada yada.
On the issue at hand though, I’m curious to see if this is and issue on the ISE or meraki side. This 10.128.128.128 IP also shows up in the NAT mode documentation.
https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/NAT_Mode_with_Meraki_DHCP
with regards to 10.128.128.128 IP that only appears when splash page settings is set to Cisco ISE once we point to none (direct access) the path changes and 10.128.128.128 was out of the picture.
its a bit strange, though because that tells us that 10.128.128.128 is somehow caused by ISE but on our end were certaiun that its not our ISE
thank you
Rajesh
the problematic version of ISE on our end is version 2.6.0.156 patch 2,6 and we end up rolling it back to version 2.6.0.156 patch 2. that seems to resolve the issue for us 🙂
Cheers
RJAC
It could be an issue with your operating system settings or the router. Unfortunately, there is no single solution to fix this issue. As a first step, restart your networking equipment and device and see if that fixes the problem. As with the router, network and software problems often get fixed automatically with a simple restart. Also, check if the connection line to your ISP is working. All the status lights on your modem should be on (Power, DSL, Data, LAN). If it doesn't help you, then go to the following section.
Hi, I need help to setup my guest wifi.I created a ssid and also created a guest vlan in cisco meraki dashbroad but still there is no internet connection for that ssid. when i used my default vlan 1 that ssid was working. But when i created a new vlan 11 the ssid is not working.