Hello,
We have 2 separate customers using the same setup on their wireless APs (MR devices). Basically, one or more SSIDs are configured in bridge mode with VLAN tagging enabled using VLAN IDs from the local connected Firewall (MX device). The issue we are seeing is that one customer has VLAN configs showing up on their wireless APs that are coming from the firewall (VLANs IDs and IPs the same). The other customer does not have these VLAN configs showing up on their wireless APs.
Is this due to the way they have their wireless APs connected? If the wireless APs are directly connected to the Firewall, is this when the VLANs are showing up on the APs?
Thanks in advance,
-Jerome
Solved! Go to solution.
Hi @diablo24 that is correct, those API endpoints are for listing or updating the VLANs in a network with an MX appliance. For setting VLAN parameters on a switch port, those API endpoints are under the "Switch Ports" section, and for wireless APs, check under the "SSIDs" section. There you can find the API calls to update the attributes of an SSID, including the ipAssignmentMode (such as Bridge mode) and useVlanTagging (to toggle on VLAN tags) and the parameters to set the VLAN tags, either by default or by AP tags.
https://dashboard.meraki.com/api_docs/v0#update-the-attributes-of-an-ssid
Hope that helps!
As far as I know, one customer has the APs directly connected to the firewall. The other has it connected to an MS switch (trunking probably - but not sure). As far as pruning, they did not mention they are pruning.
Just wanted to clarify, what do you mean by "VLANs showing up on the APs"? Do you mean that when you are on an individual AP's status page in Dashboard, and click into the "LAN" tab, you are seeing the multiple VLANs listed there?
If so, perhaps that's fine, I'm not sure what the intention or requirement is. Is there something that's not working at all, or not working as expected?
If the APs are connected back directly to a LAN port on the MX, you can have those configured as trunk ports and only allow the VLANs that are necessary and correspond to your wireless SSIDs and subnets, and like you mentioned just have them running in bridge mode with the appropriate VLAN tagging.
If something seems inconsistent and you have a change window to troubleshoot, try disabling and re-enabling VLANs on the MX and see if that changes the behavior of which VLANs are being seen on the LAN tab of the AP, and I'd follow up with Meraki Support with the data points you collect from there.
Sorry I did not clarify that in my post. And now that I after reading your response I think I know what's going here. I was referring to the APIs that returns VLAN information. In looking at the API call it looks like its only returns VLAN information from the MX devices. So looks looks if your Network is setup for "combination hardware", when my code is processing VLAN information its picking up data about the Firewall VLAN and not VLANs actually configured APs.
Can you please verify, can you configure VLANs on the wireless API just like you do on the Firewall? I can't find anyway on the dashboard to do so.
Thanks,
-Jerome
Hi @diablo24 that is correct, those API endpoints are for listing or updating the VLANs in a network with an MX appliance. For setting VLAN parameters on a switch port, those API endpoints are under the "Switch Ports" section, and for wireless APs, check under the "SSIDs" section. There you can find the API calls to update the attributes of an SSID, including the ipAssignmentMode (such as Bridge mode) and useVlanTagging (to toggle on VLAN tags) and the parameters to set the VLAN tags, either by default or by AP tags.
https://dashboard.meraki.com/api_docs/v0#update-the-attributes-of-an-ssid
Hope that helps!
Yes it is possible! The VLANs API endpoint is for the MX only. For MR, you must use the SSIDs API endpoint. Think of the Dashboard API as a mirror of the actual Dashboard. If you configure the VLAN for MR on the SSIDs' Access control page, it's going to be in the SSIDs API as well.
Here is the API call that you will need:
https://dashboard.meraki.com/api_docs/v0#list-the-ssids-in-a-network
curl -L -H 'Authorization: Bearer <key>' -H 'Content-Type: application/json' -X GET 'https://api.meraki.com/api/v1/networks/{networkId}/wireless/ssids'
As @MerakiDave mentions, you can configure the SSID to use a VLAN or use AP Tags with VLANs.