Meraki

Dave_B · ‎Nov 7 2023

Hello All,

Not a wireless expert by any means.

I have an ethernet to wireless device (anybus bolt) that I have connected to an SSID. feeding off of that is an IoT device (PLC).

I can see the PLC connected, its IP, its MAC, able to ping the device through the meraki dashboard...it's connected.

However, I can't access this PLC over the network in any way...no ping, no trace route, can't see it as active in my management software.

I can connect a laptop to the SSID and have full network access.

I'm lost here and could really use some advice.

Re-set up an old cisco AP running off my cisco controllers and the PLC works as it should.
This must be something with meraki.

The bolt is not wifi6 capable so I did turn off 802.11x for both 2.4 & 5 Ghz.

Have a radio profile set to only use 2.4 Ghz.

Both devices are using static IP, but I did try with DHCP and both did pull an address.

any help is appreciated.

PhilipDAth · ‎Nov 7 2023

Does the PLC by chance have a static IP address, but the SSID is configured to have mandatory DHCP (which would cause the PLC traffic to be blocked)?

https://documentation.meraki.com/MR/Access_Control#Mandatory_DHCP

This is under Wireless/Access Control (make sure you choose the correct SSID first).

View solution in original post

RaphaelL · ‎Nov 7 2023

Hi ,

On your SSID have you set 'allow local lan' ?

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_...

Dave_B · ‎Nov 7 2023

Yes

PhilipDAth · ‎Nov 7 2023

>I can connect a laptop to the SSID and have full network access

It sounds like the packets are being blocked when moving between the AP and the wired network. Are there any WiFi firewall rules?

Are you on the same VLAN as the WiFi device, or a different VLAN? If on a different VLAN, does the device routing between the VLANs have any ACLs? If on a different VLAN, do all devices have the correct mask and default gateway configured?

Dave_B · ‎Nov 7 2023

I have no firewall ACLs in place for any ssid (except guest wifi).

I have a laptop on a different vlan that has no access or pings to the PLC.

I have a laptop on the same vlan & SSID as the PLC with no access or pings to the PLC but has full network access. I have internet restricted for this SSID but can access network shares, internal sites, printers, etc...

So a computer on this SSID & vlan has no issues, but this ethernet-wireless bridge does

PhilipDAth · ‎Nov 7 2023

Does the PLC by chance have a static IP address, but the SSID is configured to have mandatory DHCP (which would cause the PLC traffic to be blocked)?

https://documentation.meraki.com/MR/Access_Control#Mandatory_DHCP

This is under Wireless/Access Control (make sure you choose the correct SSID first).

Dave_B · ‎Nov 8 2023

mandatory DHCP was enabled. I disabled it and my PLCs started pinging.

Thanks for the pointing that out.

I'm curious how this works...the AP is only accepting traffic from a DHCP response?

If there is no DHCP response for an IP, no traffic passes over the AP?

PhilipDAth · ‎Nov 8 2023

Yes. Most WiFi networks shouldn't have clients with static IP addresses, and this reduces a whole lot of potential problems by not allowing machines with a manually configured address.