Meraki

Community

Weird problem - Can't connect to internal address, but Internet OK

MikeC
Here to help
‎Jul 9 2018 11:51 PM
‎Jul 9 2018 11:51 PM

Weird problem - Can't connect to internal address, but Internet OK

Hi all,

 

I'm migrating customer's Aironet to Meraki. Existing Aironet WAP's are managed through WLC integrated on Cat3750G switch. Main SSID, let's call it "MyWifi" is secured via 802.1X and RADIUS (Microsoft NPS).

 

Since I'm really new to Meraki (and indeed on WiFi as a whole), I created a new SSID on the Meraki called "MyWifi2" to allow me to test things out before full rollout. I created a new policy on the Microsoft NPS server, replicating all the settings from "MyWifi" policy, except for Called-Station-ID. Since Meraki prepend BSSID in the Called-Station-ID, I used wildcard character: .*.MyWifi2$

 

In the backend, the Meraki WAP is connected to a stacked Cat 3650 via 802.1Q trunk, with the management VLAN configured as native VLAN. Meraki WAP mgmt IP is statically configured, allocated from mgmt VLAN subnet.

 

I used a customer SOE laptop to connect to the MyWifi2 SSID. At a glance, the laptop appeared to connect OK. I can browse the Internet. BUT, I could not connect to the Intranet. Fired up command prompt, and tried pinging the default gateway, received "Destination host unreachable". 

 

I'm at a loss here. Any ideas?

 

 

0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 10 2018 12:38 AM
‎Jul 10 2018 12:38 AM

I'm guessing you configured the SSID to do NAT rather than VLAN bridging (and bridging it to the correct VLAN).

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points

 

My next guess is you have the MR firewall configured to block access to the local LAN.

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_...

In response to PhilipDAth
MikeC
Here to help
‎Jul 10 2018 3:43 PM
‎Jul 10 2018 3:43 PM

Your 2nd guess is correct. I was sure that I've disabled all firewall rules. Apparently I was wrong. I have just disabled the firewall rules, but haven't tested yet since I'm not at customer site right now. I've asked my customer to test.

 

BTW, I configured the Meraki to run in Bridged mode, not NAT.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.