cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8918
Views
75
Helpful
20
Replies

Ask the Expert- Meraki MR Series: Configuration and Troubleshooting

Cisco Moderador
Community Manager
Community Manager

This topic is a chance to discuss more about the best practices, considerations and proved guidelines to configure, monitor and troubleshoot 802.11 wireless services under Meraki Cloud-Based architecture. The session focuses in the following topics:

  • Configuration topics include SSID definition, authentication types, client IP assignments, service distributing, availability, firewall, traffic shaping, and radio settings.
  • Monitoring topics cover the understanding of the Access Points status information, client details and RF status.
  • Troubleshooting tools provided by the Meraki Dashboard such as Wireless Health and Packet Captures.

To participate in this event, please use theJoin the Discussion : Cisco Ask the Expertbutton below to ask your questions

Ask questions from Monday 6 to May 17th, 2019

 

Featured Expert

edgarM.jpgEdgar Monroy is a Support Engineer for Cisco Meraki Products, he covers MX, MS, MR, MV and SM. Before joining Meraki’s team he worked as a Cisco Customer Support Engineer for Cisco’s TAC for 4 years. He specializes in 802.11 technology and he has experience in the entire Cisco Wireless Portfolio, including CUWN, Mobility Express, Prime Infrastructure, MSE, CMX and Meraki MR Products. Edgar holds a Bachelor’s Degree in Electronics Engineering from the UDFJC University in Colombia. He holds a CWNA and a CCNP R&S certification.

Remember that you can continue the conversation on the Wireless and Mobility community.

Find other events https://community.cisco.com/t5/custom/page/page-id/Events?categoryId=technology-support  

 

**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions

20 Replies 20

Dani Ma
Level 1
Level 1

Hey Edgar

I've two questions:

First- Before Implementing, is here any software or steps to follow in order to set the necessary Aps (quantity) you need to implement on the location?
Second- Which are the features that remarks Meraki technology against other competitors?

Hello @Daniel Martinez,

 

1.

The success of any wireless implementation is proper design and analysis of the RF conditions before the deployment. Meraki solution provides a way to get the necessary information to understand the AP cell propagation so you can use that information to determine the position of the APs, then confirm proper coverage and an appropriate cell overlapping between APs. Meraki Access Points can work in Site Survey mode, this mode creates a test SSID that you can use to perform passive or active site surveys. Details on how to convert a Meraki AP into site survey mode can be found at:

https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Conducting_Site_Surveys_with_MR_Access_Points

 

 

There are multiple factors to take into account at the moment of designing a wireless network and choose the appropriate number of APs, depending if you need to provide service for a high number of clients on "small" areas (high density), or have few clients but with the maximum throughput, you may want to use different approaches. Take a look at the following link that describes some key considerations for specific wireless network scenarios:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/Enterprise-Mobility-8-5-Design-Guide/Enterprise_Mobility_8-5_Deployment_Guide/wlanrf.html#pgfId-1178832

 

 

2.

The most important factor that differentiates Meraki against other vendors (and not only for wireless applications but for the entire Meraki portfolio) is simplicity. Meraki provides one of the most simple ways to deploy a powerful wireless network with the least required effort, this differentiator does not only apply for the implementation but also for the management and monitoring of the Network:

 

 

 

  • All Meraki devices are Plug&Play, a valid internet connection (with DHCP) is enough to make the devices to grab the configuration from the Meraki Cloud and start to provide service. APs configuration also resides on the cloud, this is particularly convenient when you need to replace APs.

 

  • Wireless client traffic is kept locally at the APs LAN by default, there is no requirement of an additional controller to analyze the traffic and perform services that commonly require high processing such as Access Control and content filtering, each Meraki AP is capable to perform those task, so traffic rules can be enforced to the wireless traffic even before the traffic reaches to the wired LAN.

 

  • Meraki 'Wireless Health' feature is a powerful monitoring tool that takes advantage of the packet inspection capabilities on the APs, this tool is capable to report issues at any of the Wireless connection stages that a client needs to pass before getting proper network access: 802.11 association, authentication, DHCP and DNS resolution. The information provided by this tool will help you determine in a faster way where is the point of failure and expedite the corrective actions. Details of this feature at: https://documentation.meraki.com/MR/Wireless_Health

 

The best way to understand how simple and powerful Meraki products are is by hands-on experience, I invite you to apply for a free trial so you can try all the features that Meraki wireless can offer. go to https://meraki.cisco.com/lp/free-demo 

 

Cheers Edgar

c09371
Level 1
Level 1

Hello,

 

Thank you for this event.  I have two questions:

 

1. How do I enable site survey mode using 5ghz only?

2. I have an android device that will associate with the AP but is unable to view the splash screen to accept and authorize.  What steps can I take to troubleshoot a device like this from the Meraki side since I don't have access to clients?

Hello @chrisatclovis 

 

1.

When converting a Meraki AP to Site Survey mode, you have the option to define the power that will be used by each radio, including the option to keep the radio OFF. The following image will show how to make the AP broadcast the Site survey SSID on 5GHz only:sitesurvey.PNG

Details at: 

https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Conducting_Site_Surveys_with_MR_Access_Points#Configuring_a_Survey_SSID

 

 

 

2.

Here is the expected traffic flow between the wireless device and the Access Point that allows the redirection to the login page:splash flow.PNG

Full details of the splash redirect flow at: https://documentation.meraki.com/MR/Splash_Page/Splash_Page_Traffic_Flow_and_Troubleshooting#Splash_Flow_Breakdown

 

Remember that before a client can initiate an HTTP request, it should have already been able to get a valid IP address, get proper connectivity to its gateway (ARP resolution), and resolve DNS. Once DNS provides the IP address to the web resource, the client should then send the HTTP GET which is intercepted by the AP who replies with an HTTP 307 'temporary redirect'.

 

In order to verify the proper traffic flow between the device and the Access Point, we have 2 options:

 

  • Dashboard Wireless packet capture: This method provides a way to observe the wireless traffic from the wireless device coming into the AP (upstream), this will help us to detect if the client is sending HTTP gets that will be intercepted by the AP. The easiest way to set up the wireless capture for the particular client is by going to the client details page (Network-Wide - Monitor - Clients) and click on the option 'packet capture'. The Dashboard will automatically select the AP where the client is reported to be associated and will define the capture filter to only capture traffic generated by the client wireless MAC address. It is also recommended to always use the output as a PCAP file:Capture.PNG

Full details on how to set up a packet capture, not only for wireless but for any other interface of any of the Meraki appliances, at:

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Packet_Capture_Overview

 

 

 

NOTE: Over-the-air packet captures won't display the Layer 3 traffic information if the data payload is encrypted. In order to get the necessary information (DHCP, ARP, DNS, HTTP), the SSID must be configured without any encryption method (Association Requirements: Open, No encryption). 

Great information, thanks so much for the detailed reply, very helpful.

ringo3999
Level 1
Level 1

Hello,

We currently have Meraki deployed and want to use Traffic Shaping to help with UDP Loss Rate for Webex.  We use this page to do our testing - https://mediatest.ciscospark.com/#/main On wireless we still get 2% to 4% loss sometimes - seems random.

 

We have enabled the default rules (which include Webex, Skype).  We also "Shape traffic on this SSID" enabled.

We have "mls qos trust dscp" setup on the switchports that the AP are connected to.

 

Is there anything else we can configure/setup to help us with this?

Hello @ringo3999 

 

Wireless QoS relies on the DSCP marking of the packets done by the wireless client to assign the packet into the proper priority queue so the upstream traffic can have better chances to avoid losses over the air. As long as the packets are not marked properly before they are sent to the air, you will be susceptible to delays and potential drops.

 

Meraki Access Points can identify the traffic based on the application type, and they can override the DSCP marking of the packets in the case that the packets are not marked properly by the end device.

 

This is an example of the Webex meeting traffic using UDP 9000 (Webex UDP test seems to use UDP port 5004), the wireless client did not mark the packet with QoS priority going to the air. Without Meraki QoS traffic shaping, the traffic is not enforced with the appropriate DSCP when it goes to the switch:without qos2.PNG

 

When Meraki QoS is enabled, you will notice that the DSCP vlaue is modified and the upstream traffic is now passing to the switch with the proper DSCP value:with qos2.PNG

 

As you are trusting the DSCP value, the switch will effectively manage the upstream traffic accordingly.

 

In order to enable the default QoS markings, go to 'Wireless - Configure - Firewall and Traffic Shaping. Make sure that the Traffic Shaping rules are enabled.

 

UDP port 5004 is not currently considered as Webex traffic, so you may need to also setup a custom QoS rule. See the image below that will describe the proper QoS configuration:

config.PNG

 

Besides QoS marking, there are other considerations to mitigate issues that can impact the performance when the packets travel over wireless. Meraki has a really nice configuration guide to provide the best experience for real-time applications. Please refer to the following link:

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MR_Wireless/Wireless_VoIP_QoS_Best_Practices#Wireless_Voice_Best_Practices

 

In summary, make sure that the SSID provides the best conditions to reduce frame loss (proper site survey, use of 5GHz-only, proper bitrate limit to non-media applications).

 

vijha
Cisco Employee
Cisco Employee

Hi,

I have a question about integration of Meraki and Cisco DNA Center.

Which is: what information/capabilities we should expect to have from this integration?

 

Regards,

Vibha

Hello @vijha 

 

As DNAC Integration with Meraki is accomplished via the use of API key, it is expected that the supported capabilities implemented by DNAC will rely on the available Meraki API calls. The complete list can be found at http://postman.meraki.com/

 

 

Hi Edgar,

I would like to know if Meraki offers custom application detectors, something like what Firepower offers for FMC+FTD.

 

if not what do you suggest to be the best option to classify traffic for voice via softphones at the APs? simply destination IP ranges?

 

Thanks.

Hello @giovanni.augusto 

 

Meraki Access Points are capable to perform traffic analysis to determine the application used by the wireless clients, this information can be used to enforce layer 7 Firewall rules and Traffic shaping (Bandwidth Limitation and QoS Marking).

 

Meraki provides pre-defined application categories for the most popular services, but you can also define custom signatures that detect the attributes of HTTP hostname, port number, and IP range:

 

shaping.PNG

 

For voice applications, the current pre-defined applications are for Dropcam, SCCP, SIP, Skype, Vocera and WebEx.

 

Details for traffic shaping over wireless at:

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Traffic_and_Bandwidth_Shaping#Traffic_Shaping

ajc
Level 7
Level 7

Hi Edgar, I have 2 questions:

 

1.-Does Meraki support Bonjour like Cisco WLC?

2.-Why the dashboard does not work properly when the AP renew its IP?. my AP renewed the IP from the one registered initially on the dashboard, now the dashboard is unable to manage the AP. Unclaiming, removing from the network the AP, etc did not help. Any clues?

edmonroy
Cisco Employee
Cisco Employee

Hello @ajc 

 

1.

Yes, Meraki SSIDs can forward the mDNS requests from the wireless devices to the specified VLAN where the Servers are located, you can also select which services will be forwarded. Many rules can be created if different services are located on different VLANs.

The Bonjour gateway configuration is applied by SSID. It is supported if Bridge mode (client traffic is placed to a VLAN existent at the AP trunk) or Layer 3 roaming mode are used. Details at:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/Bonjour_Forwarding 

 

 

2.

Assuming that the new IP address on the AP allows it to reach back to the Meraki cloud, the dashboard should report the AP as connected regardless of the previous IP configuration. 

I suggest the following steps to try to recover the IP connectivity to the Dashboard:

  1. Validate that the ethernet connection provides proper DHCP and Internet access. Test by connecting a laptop and confirm internet connectivity. If no DHCP is available, configure the computer with the expected static IP configuration and validate connectivity.
  2. For sanity purposes, perform a factory reset of the AP. The process consists of keeping the reset button pressed for about 30 seconds while the AP is powered ON. After the process, AP will look for DHCP to get to the Internet. Details at: https://documentation.meraki.com/zGeneral_Administration/Support/Resetting_Cisco_Meraki_Devices_to_Factory_Defaults#Indoor_Access_Points_(MR1X.2F2X.2F3X)
  3. (Optional) If DHCP is not available, set up the static IP configuration at the AP as per the following guide: https://documentation.meraki.com/MR/Monitoring_and_Reporting/Static_IP_Assignment_on_a_Cisco_Meraki_Access_Point#Local_IP_Assignment

If the issue persists, feel free to reach to the Meraki Technical Support Service, which is available for every Meraki Customer. I recommend calling the phone numbers as this is the fastest way to get an expert and get the AP connected back in minutes: https://meraki.cisco.com/support

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: