Re: All access points KO

TalentBari · ‎06-21-2024

Hello,
we have a problem within our infrastructure.
All access points are offline and unreachable from the Meraki dashboard.

I have already rebooted switch and mx but with no results.
We have manually reset from the 1 access point key, to no avail.
Removed power cable to switch and mx, to no avail.

I restarted the vpn tunnel on our firewall, but no result.
I do have these evidences though:
there seems to be a ko tunnel on the mx side, I think this is the reason.
what can i do to restart it ?

many thanks

MX: MX67

Switch: MS210-48FP

Access point: MR36

also I notice that the access points come out with the cloudflare address, but no one has set this value for them.
why does this happen?

aleabrahao · ‎06-21-2024

I would suggest you open a support case.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

aleabrahao · ‎06-21-2024

To me you seem to have a DHCP problem. Who is your DHCP server today? I don't believe the tunnel down is the problem. However, without having greater visibility of your network, it is difficult to give an accurate answer.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

TalentBari · ‎06-21-2024

THE dhcp role is on a domain controller.
we have other international locations with the same configuration.
only this configuration here, has a ko tunnel, as you see in the image.

aleabrahao · ‎06-21-2024

Haven't you checked with your ISP to make sure you're not having a link problem?

Why do you centralize in a single DHC? Wouldn't it be more viable to configure the MX as a DHCP server in the location?

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

TalentBari · ‎06-21-2024

we have a vodafone router, we tried connecting the laptop with cable and it works.
ce connectivity then.

now i can't think about improving the system, i have to solve the problem because it is serious.
the office is ko

aleabrahao · ‎06-21-2024

Call Meraki support, they will help you.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

TalentBari · ‎06-21-2024

this is another office with the configuration of the 2 tunnels not in error.
that's why i think the problem is in one tunnel

ww^ · ‎06-21-2024

Do you have a firewall in front of the spoke or hub? lf so, Make sure auto vpn traffic is allowed from the public ip's

TalentBari · ‎06-21-2024

the office is located in Madrid
the firewall is located in France.
it is an international infrastructure.
the meraki uses vpn tunnels as you can see from the pictures.
this is the log from the firewall:

GreenMan · ‎06-21-2024

Assuming your MX is connected via an Internet link or links I would ultimately suggest you configure the network so that the switch(es) and access point(s) break out directly to the Internet from the MX - don't send their management traffic over tunnel. That may mean provisioning a management VLAN to them, which has VPN disabled
Bear in mind that you can do a lot in troubleshooting tunnels using Network-wide > packet capture from the MXs at each end, looking at the Internet side; filter for the destination public IP of the other MX and see what is being sent and received at which end. This will show if the MXs are sending tunnel initiation packets to the right destinations and whether they are being received. If the WAN links at both ends are up, my guess is that something upstream is blocking some of the traffic. Support will help you with this - call them, rather than raising a case via Dashboard.

ppurroy · ‎06-21-2024

Check your native VLANs between all of your devices. They should ideally all match.

TalentBari · ‎06-24-2024

Good morning,

this morning before making the change I found the switch offline. I applied the modification you suggested to no avail.

(changed switch port to 101, all switch ports to 101).

The serious situation Now is that the switch is not possible to reboot, I can't reach it. What can I do ?

I noticed that:

Another configuration for the another office for example, has the VLAN on the MX set as 101, but the switch and the ports on it are all on VLAN1, despite this, everything works fine !

for what reason ?

thanks again.

Alejandro Flores · ‎06-21-2024

Hi,

If the tunnel is down and all the traffic on the LAN is down probably the VPN is configured as full tunnel. Try to disable the default route check box if selected. To check the VPN tunnel connectivity check the ports at the upstream. Rebooting the ISP modem could be a quick attempt to reset the connections.

https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshooting#Auto_VPN_Configuration_Details

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.