- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Weird problem - Can't connect to internal address, but Internet OK
Hi all,
I'm migrating customer's Aironet to Meraki. Existing Aironet WAP's are managed through WLC integrated on Cat3750G switch. Main SSID, let's call it "MyWifi" is secured via 802.1X and RADIUS (Microsoft NPS).
Since I'm really new to Meraki (and indeed on WiFi as a whole), I created a new SSID on the Meraki called "MyWifi2" to allow me to test things out before full rollout. I created a new policy on the Microsoft NPS server, replicating all the settings from "MyWifi" policy, except for Called-Station-ID. Since Meraki prepend BSSID in the Called-Station-ID, I used wildcard character: .*.MyWifi2$
In the backend, the Meraki WAP is connected to a stacked Cat 3650 via 802.1Q trunk, with the management VLAN configured as native VLAN. Meraki WAP mgmt IP is statically configured, allocated from mgmt VLAN subnet.
I used a customer SOE laptop to connect to the MyWifi2 SSID. At a glance, the laptop appeared to connect OK. I can browse the Internet. BUT, I could not connect to the Intranet. Fired up command prompt, and tried pinging the default gateway, received "Destination host unreachable".
I'm at a loss here. Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm guessing you configured the SSID to do NAT rather than VLAN bridging (and bridging it to the correct VLAN).
https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points
My next guess is you have the MR firewall configured to block access to the local LAN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your 2nd guess is correct. I was sure that I've disabled all firewall rules. Apparently I was wrong. I have just disabled the firewall rules, but haven't tested yet since I'm not at customer site right now. I've asked my customer to test.
BTW, I configured the Meraki to run in Bridged mode, not NAT.