Wifi clients disconnecting from internet but show connected to Wi-Fi ssid

SurajRumpal
Comes here often

Wifi clients disconnecting from internet but show connected to Wi-Fi ssid

Hi,

 

I have recently upgraded our sites Wi-Fi from MR33 to MR36. We have about 20 APs spread out. We have been having on-going issues where clients are getting disconnected from the internet but show connected to the Wi-Fi network. When looking at the logs all I see for the devices is the client successfully roamed from AP to AP. I also some times see in the logs that the DNS and DHCP server was not responding however clients are already connected beforehand and hardwire connections are not affected. 
I am running the latest version from Meraki. I know there is an on-going issue with firmware for Meraki for client balancing. We use radius authentication NPS on our SSID which clients connect to. 

any help would be greatly appreciated as since installing these back in January we have just experienced problems after problems.

10 Replies 10
DarrenOC
Kind of a big deal
Kind of a big deal

Mate, it’s August, installing these back in January is pushing the boundaries of the word recently 😁

 

What other issues have you experienced or is the one described the only ongoing issue?

 

When you look at Wireless Health in your dashboard what is that telling you?  Are clients struggling to Authenticate or are the errors around DHCP and DNS?  Is this SSID specific or across all SSIDs?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
SurajRumpal
Comes here often

Ah should have made it clearer. Was installed back in January but problems started occurring in around April.

See photo of wireless health 

SurajRumpal_0-1692376007576.png

 

 

DHCP and DNS is done by routers on different vlans. All traffic is allowed on trunk ports on our Cisco switches. It seems to be most problematic on the SBC-Occupier SSID mainly.

GreenMan
Meraki Employee
Meraki Employee

AFAIK issues around client balancing relate to how many clients seem to handle 11v in strange ways.   Some client idisyncracies pre-date r29/11v too.  Did you try simply turning client balancing off, when running 29.x?   As Darren said;   staying on old firmware is pretty unsustainable, in the long-term.

SurajRumpal
Comes here often

tried turning of client balancing but never saw any difference 

TBHPTL
A model citizen

WiFi is layer 2, so if clients are connected to wireless AP they are associated  and authenticated plus has an IP, the issue is not the WiFi. They are being filtered somewhere. 

UKDanJones
Building a reputation

THIS

Please feel free to hit that kudos button
SurajRumpal
Comes here often

unsure where else this would get filtered. Meraki connects into a Cisco switch on a VLAN for the customer networks. Our WAN switches have internet facing VLANS. the customer LAN VLAN is trunked across all the switches and allowed on the Meraki uplinks into our switches.

TBHPTL
A model citizen

What type of authentication are the clients using if any?

How are the ports configure trunk or access?

How is the SSID configured, bridged or NAT?

 

Again, if your clients have IP's its not the WiFi...

SurajRumpal
Comes here often

Authentication Method we are using is PEAP (EAP) via NPS role on server 2022 sitting in Azure VM.

Meraki access points uplink ports are configured as trunk ports with all traffic allowed. These are connected into Cisco SG350x 48p

SSID is configured with one Vlan from sonicwall. Then Cisco switches allow the vlans to communicate.

SurajRumpal
Comes here often

Any update guys. Now have discovered that MacBooks are having trouble staying connected to the APs. Keep getting invalid mic, 4 way handshake timeout error and invalid authentication. devices are connecting via the radius authentication on NPS server 2022

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels