Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to ping Biometric Device from PC of same VLAN

Solved
Bears
Here to help
‎Oct 31 2023 9:15 AM
‎Oct 31 2023 9:15 AM

Unable to ping Biometric Device from PC of same VLAN

Before migrating to Meraki switch (MS120) and access points (MR36), the PC which acts as Time and Attendance Server (IP- 192.168.2.250) can ping the Biometric device (192.168.2.10). They are in the same VLAN.

 

After replacing the switch and AP, said biometric is no longer accessible. Other hosts in same subnet are pingable from said server, only this biometric device is not. I made sure the IP,SM,GW are correct. We're using Palo Alto firewall and again, no changes made in the firewall or network aside from replacing the switch and AP.

DHCP comes from the firewall.

Anything I need to look?

 

MS Switch Firmware 16.6.1

MR AP- Firmware 30.5

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to Bears
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 31 2023 8:57 PM
‎Oct 31 2023 8:57 PM

Under Wireless/Access Control, have you got Mandatory DHCP disabled?

 

PhilipDAth_0-1698811066764.png

 

View solution in original post

Subscribe
11 Replies 11
ww
Kind of a big deal
Kind of a big deal
‎Oct 31 2023 9:22 AM
‎Oct 31 2023 9:22 AM

Can you check the MR firewall settings.

Is L2 isolation disabled? Are there no deny rules?

0 Kudos
Subscribe
In response to ww
Bears
Here to help
‎Oct 31 2023 9:35 AM
‎Oct 31 2023 9:35 AM

Bears_0-1698770116032.png

 

hello, i just changed the status to Allow and still not pingable.

Subscribe
In response to Bears
ww
Kind of a big deal
Kind of a big deal
‎Oct 31 2023 11:23 AM
‎Oct 31 2023 11:23 AM

Did you set that on the correct ssid ?

Any acl on the switch maybe?

Port isolation is disabled on the switch ports?

 

If both devices are in the same vlan and ip range they should be able to ping eachother ( if the client itself allows  te be pinged) if above mentioned setting allow them

0 Kudos
Subscribe
In response to ww
Bears
Here to help
‎Oct 31 2023 8:42 PM
‎Oct 31 2023 8:42 PM

Thanks for reply.

Yes, the rule applied to correct SSID

ACL in switch has policy "Allow" all Any

Port isolation is "Disabled"

 

Biometric has static IP and is connected to WiFi

PC is connected over wired (DHCP client)

0 Kudos
Subscribe
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Oct 31 2023 11:46 AM
‎Oct 31 2023 11:46 AM

Have you checked VLAN settings for both ports?  Can the MS see the biometric device attached to the port? It should be listed under the Current Clients information.

 

Screenshot 2023-11-01 at 7.45.22 AM.png

btr.net.nz
Subscribe
In response to BlakeRichardson
Bears
Here to help
‎Oct 31 2023 8:43 PM
‎Oct 31 2023 8:43 PM

Thanks for reply.

Biometric has static IP and is connected to WiFi

PC is connected over wired (DHCP client) to switch

 

Only the biometric is visible in Current clients table.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 31 2023 1:06 PM
‎Oct 31 2023 1:06 PM

The troubleshooting so far indicates to me the issue is with the biometric device.

 

Does the biometric device attach via WiFi?

 

Because you have replaced your switching, every device would have had to get a DHCP address again.  Is there any chance you have an IP conflict? If your biometric device has a static IP address (is this the case?) - is this address excluded from DHCP?

Subscribe
In response to PhilipDAth
Bears
Here to help
‎Oct 31 2023 8:36 PM
‎Oct 31 2023 8:36 PM

Thanks for your reply.
The biometric is connected over Wifi while the PC is wired. Biometric has static IP settings in the device

0 Kudos
Subscribe
In response to Bears
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 31 2023 8:57 PM
‎Oct 31 2023 8:57 PM

Under Wireless/Access Control, have you got Mandatory DHCP disabled?

 

PhilipDAth_0-1698811066764.png

 

Subscribe
In response to PhilipDAth
Bears
Here to help
‎Oct 31 2023 9:01 PM
‎Oct 31 2023 9:01 PM

You nailed it! Wow! It is now responding to the ping.

What's the effect basically in disabling this?

Subscribe
In response to Bears
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 1 2023 5:05 AM
‎Nov 1 2023 5:05 AM

Enabled: Wireless clients associated to an AP (either new associations or clients that roamed from another AP) that have not requested a DHCP address are placed in a blocked state and are not able to send any traffic on LAN and WAN.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.