Content found in this wiki may not reflect official Church information. See Terms of Use for more information.

Troubleshooting Meraki Wireless Access Points

From TechWiki
Jump to navigationJump to search

Only Meraki APs added through the Church Network Manager (CNM) portal are supported by the GSD, Network Operations, and Network Engineering.

Access Points are offline, wireless is unavailable, or wireless users are unable to access the internet

  1. Verify that the Meraki Firewall is powered up and indicates that it is online.
    1. Check the Firewall status indicator light and verify that it is solid white or blinking white.
    2. If the Meraki firewall is not online, follow the process outlined in the Meraki firewall troubleshooting guide.
  2. Verify that the Meraki Switch(es) is(are) powered up and indicate that they are online.
    1. Check the status indicator light and verify that it is solid white or blinking white.
    2. If the Meraki switch is not on-line, please follow the process outlined in the Meraki switch troubleshooting guide.
  3. Verify that Meraki APs are connected directly to a Meraki PoE switch (Meraki MR3x APs are the only supported wireless solutions for meetinghouses).

Check the AP status light (follow this process for each Meraki AP in question):

  1. ORANGE indicates that the device is booting. The orange light comes on as soon as the AP is powered up and may remain orange for a few minutes while it is booting.
    1. Normal condition immediately after booting.
    2. From orange the next state is normally the Rainbow.
  2. RAINBOW (in this state the light will transition through several colors) indicates that the device is initializing its configuration and pulling information from Meraki’s cloud controllers.
    1. Under normal operation, once the AP has initialized and downloaded its configuration the next state is solid Green.
  3. BLINKING BLUE indicates that the device is updating it's firmware.
    1. This is not a normal circumstance but does indicate that the AP is able to communicate with the internet and the Meraki cloud.
    2. Once the update is complete the AP will reboot and return to normal operation.
  4. SOLID GREEN indicates that the AP is operational, but no devices are connected to it.
  5. SOLID BLUE indicates that the AP is operational and has devices connected to it.

Status lights indicating error or problems with the AP:

  1. ORANGE - An indicator light that is permanently orange indicates that the device is not booting properly.
    1. Power cycle the device by disconnecting the power from the Meraki switch and reconnect it.
      1. If the error persists, contact the GSD
  2. ORANGE and RAINBOW - An indicator light that is continuously cycling between orange and rainbow indicates a problem with internet connectivity.
    1. Verify that the device is connected directly to the Meraki switch. APs must be directly to the Meraki switch for proper functionality.
    2. Make sure that the port on the Meraki switch is properly configured for as an AP port in the CNM switch management tool.
    3. If the AP is connected to a properly configured port on a Meraki switch and still cycling between Orange and Rainbow status lights, perform a factory reset on the AP.
      1. If the error persists, contact the GSD.

Status lights on the AP indicate normal operation (Solid Blue), but users are not able to reach the splash page or access the internet:

  1. Verify that users are joined to “Liahona” and not another SSID. Liahona is the only supported SSID for public access using Meraki APs.
  2. Verify that the user’s IP address is properly configured:
    1. All devices connecting to meetinghouse networks should be set up for dynamic (DHCP) addressing.
      1. When connected to “Liahona” user ip addresses should be in the range 192.168.108.2-255, 192.168.109.0-255, 192.168.110.0-255, or 192.168.111.0-254.
      2. The default gateway on user devices should be 192.168.108.1.
      3. The subnet mask should be 255.255.252.0.
      4. DNS Servers must be set to 8.34.34.91, 8.34.34.92, 8.34.34.93, 8.35.35.91, 8.35.35.92, or 8.35.35.93.
      5. Other DNS servers are not permitted.
    2. Use the IP Address Reservation Tool in CNM any time that a static reservation is needed.
    3. If the IP address is static and the above IP address requirements are not true for the client device(s), there is likely a rogue DHCP server on your network.
    4. Only one DHCP server can serve a network at any given time. You will need to find any devices acting as DHCP servers and remove or disable them.
  3. Incorrect IP addresses may also indicate that the meetinghouse network is being “spoofed”. This occurs when someone else creates a wireless network nearby using the same SSID and password hoping to get users to join unknowingly so that their experience can be impacted, or personal data compromised.
  4. Power off all APs in the meetinghouse and see if the SSID is still present.
  5. Verify that the AP is connected to the Meraki switch, and that the switch port is set to “AP” in the CNM switch management tool.
    1. Power injectors and in line switches are not permitted. Meraki APs must connect to Meraki switches to function properly.
  6. APs connected to switch ports configured for “Public”, “Special”, “Facility”, or “Workforce” may have normal status lights, but client traffic will not pass properly through the switch.


Users connect to the network and are unable to communicate on the network:

  1. Verify that all Meraki hardware is online (white indicator lights on firewalls and switches, green or blue indicator lights on wireless access points)
  2. Check the IP address settings on the devices that are unable to access the internet.
    1. For devices connected to the Public zone:
      1. IP Address – 192.168.X.Y
        1. X is some number ranging from 108 to 111
        2. Y is some number between 1 and 255.
        3. If X is equal to 108, Y cannot be equal to 1
        4. If X is equal to 111, Y cannot be equal to 255
      2. Subnet Mask – 255.255.252.0
      3. Default Gateway – 192.168.108.1
      4. DNS Servers – Vary depending
  3. If devices are unable to reach a DHCP server they will usually show an IP address beginning with 169
    1. Verify that Meraki APs are connected only to the Meraki switch(es), most switches found in meetinghouses cannot support the type of connection required for the Meraki APs in our current meetinghouse network design
    2. Verify that the ports on the Meraki switch used for wireless access points are configured for “AP” in CNM
  4. For devices connected to Facility zones and Workforce zones:
    1. IP addresses will vary from site to site, refer to CNM to determine what IP address range your devices should use.
  5. Rogue DHCP servers are the most common cause of invalid IP addresses:
    1. Most wireless routers and access points purchased from retail providers have a built in DHCP server built in which is enabled by default
    2. It is only permissible to have one DHCP server running on a given network
    3. Locate any other potential DHCP servers (i.e. wireless extender/repeater, 3rd party router installed downstream from firewall)
  6. If Public zone users are getting IP addresses in the ranges that are indicated for Workforce or Facility zone, you have a wireless access point connected to the wrong zone
    1. Remove all wireless access points that are not managed by CNM (i.e. wireless extender/repeater, 3rd party router installed downstream from firewall) from the network
    2. Meraki APs should not have this problem
    3. Contact the Global Service Desk once you have verified that there are no wireless access points other than those indicated in CNM
  7. The pool of IP addresses is much smaller in these zones than in the public zone, allowing wireless users to connect to any of these may cause the pools to become exhausted and prevent wireless users from accessing the network
Retrieved from "https://tech.churchofjesuschrist.org/wiki/index.php?title=Troubleshooting_Meraki_Wireless_Access_Points&oldid=76485"