Skip to main content
Cisco Meraki

Common Dashboard Alerts for Device Connectivity

If a Cisco Meraki device has issues with connectivity to the dashboard, the dashboard should show an alert. These alerts can be viewed by the device in question from your devices list or adding the Alerts column to your list of devices. Reviewing and correcting any alerts will help your network's stability.

Some of the most common alerts are explained below, as well as ways to troubleshoot and correct issues a device may be experiencing.

Device Has Never Connected to the Meraki Cloud

Notification the device has never checked into dashboard

This device has been added to a network but has not successfully contacted the Meraki dashboard to pull its configuration. There are a few things we want to confirm.

The device is receiving power from its power source.

  • via AC adapter or from a device supplying PoE

Confirm the device is establishing a link with the upstream device through its Ethernet port.

Confirm the color of the status light on the device.

  • Keep in mind if the network is configured for devices to run in dark mode

Connect to a known working network connection with access to the internet.

Confirm the device is receiving an IP address from the DHCP server or has a valid static IP assigned.

Take a packet capture on an upstream device to see what traffic the device is sending and receiving.

  • Filtering for the IP address or MAC address of the device and downloading the .pcap file is recommended for larger networks

Perform a factory reset.

A newly added device may take a few minutes to check into the dashboard. If a device has been moved from a different dashboard organization or network recently, it may take longer for the device to check into the dashboard.

If a device has not checked into the dashboard after several minutes since being powered on, but it is associated with a dashboard network and there is other Meraki equipment checking into the dashboard, refer to the device's local status page for the next steps in troubleshooting.

Please reach out to Meraki Support to confirm these findings and work through any potential next steps.

Device is Unreachable

Device unreachable banner

The device reports the last time there was a successful connection to the dashboard. There are a few reasons why a device is unable to establish communication with the dashboard: 

  • Check if the device is receiving power from its power source
    • AC adapter or from a device supplying PoE
  • Confirm the device is establishing a link with the upstream device
  • Confirm the color of the status light on the device
    • Keep in mind if the network is configured for devices to run in dark mode
  • Check if the device is connected to a working internet connection
    • A working internet connection will have access to the IPs, ports, and protocols defined under Help > Firewall info in the dashboard and would be able to successfully pass the connection monitoring test
    • If multiple VLANs are in use upstream, test connectivity on the same VLAN
  • The device is receiving an IP address from the DHCP server or has a valid static IP properly assigned
  • Take a packet capture on an upstream device to see what traffic the device is sending and receiving
    • Filtering for the IP address or MAC address of the device and downloading the .pcap file is recommended for larger networks
  • Perform a factory reset

If a device has not checked into the dashboard after several minutes since being powered on, but it is associated with a dashboard network and there is other Meraki equipment checking into the dashboard, refer to the device's local status page for the next steps in troubleshooting.

Please reach out to Meraki support to confirm these findings and work through any potential next steps.

Bad Internet Connection

bad_internet_connection.png

If a Meraki device is having problems contacting the Meraki cloud through your firewall, content filter, or proxy server, you will experience the following issues and alerts on your Meraki network and dashboard:

  • Yellow connectivity icon on the devices list page and individual device detail page. 
  • Orange bars on the connectivity graph.
  • "This device has poor connectivity to the Meraki controller, possibly due to an asymmetric firewall or NAT issue." is reported on the device details page in dashboard.
  • Devices cannot connect to your network
  • For MR Devices
    • "Gateway warning (bad connectivity to controller, possible firewall or NAT issue)" appears when you place your pointer over the connectivity graph on the AP detail page.
    • You see your wireless network appended with "bad-gateway".
    • The radio light on your AP is solid orange and the green signal lights are flashing on and off.
    • Wireless clients cannot connect to your wireless network.

This is generally caused by an upstream firewall not using stateful packet inspection. In this instance, the Meraki device's TCP SYN packet is reaching the cloud. When the cloud responds to the Meraki device with a TCP SYN/ACK, it is dropped by the firewall. The Meraki device waiting on the TCP SYN/ACK never receives it. Therefore an acknowledgement TCP ACK from the Meraki device is never sent back to the controller to establish the TCP connection. This is called one-way traffic. 

This issue can also be caused when you have two different routers connected to your LAN segment to route traffic to different networks. In this instance traffic from remote network enters the LAN from one router's interface and is sent to a LAN device. When the LAN device replies, it sends the reply to the other router's interface. The router receiving the frame discards the packet because it only sees half of the connection.

To isolate and potentially remedy these issues and alerts please try the following: 

  1. Move your Meraki device to a different network segment where other devices are working and then analyze the difference in the path to the internet. 
  2. Verify that your firewall or any other security devices within your network are not modifying the Meraki device's traffic.
  3. Allow your Meraki devices to bypass your firewall, content filter, proxy server or any other security devices. 
  4. Make sure your firewall is performing stateful packet inspection which allows incoming packets if they are part of an ESTABLISHED connection.
  5. Make sure you only have a single entry and exit interface on your LAN segment.

For more information on configuring your firewall to support the Meraki Cloud, please review this KB:
Firewall Rules for Cloud Connectivity

DNS is Misconfigured

Notification the device is not getting DNS responses

As with almost every device used on the internet, Meraki devices rely on DNS to resolve the dashboard URLs. If a device is reporting issues with its DNS configuration, typically the device is not receiving responses to DNS requests. There are a few things to check to try and find the source of the issue:

  • Firewall rules blocking traffic to or from the DNS servers being used or traffic to UDP port 53
  • Routing traffic to or from the DNS servers
  • Invalid responses back from the DNS server
    • Take a packet capture on an upstream device to see what traffic the device is sending and receiving
      • Filtering for the IP address or MAC address of the device and downloading the .pcap file is recommended for larger networks

If there are no firewall rules blocking DNS traffic and there aren't issues with routing traffic, a way to work around this issue is to change the DNS servers to a working public resolver on the DHCP server. Have the Meraki devices request another IP or set the IP manually, and set the DNS servers to a known working public resolver.

Device is Unable to Find a Gateway to the Internet

Alert the device is unable to find its gateway

The Meraki device is powered on but is not able to use its Ethernet connection or an MR is unable to mesh to another MR in the same dashboard network.

If the device is expected to use its Ethernet port for connectivity to the internet:

  • Confirm the device is establishing a link with the upstream device through its Ethernet port
  • Confirm the device is receiving an IP address from the DHCP server or has a valid static IP assigned
  • Connect to a known working network connection with access to the internet

If the network's design is expected to have an MR functioning as a mesh repeater:

  • Confirm there is an MR in the same dashboard network that is within wireless range and strong enough of a signal

Configuration is Out of Date

Configuration fetch issues for a device banner

A device will download its latest configuration every ten minutes. This alert will be displayed if a device is currently checking into dashboard but hasn't downloaded its configuration in the last hour. If this happens, the status icon under the device on its status page will change color to yellow, but you would expect the historical connectivity data for the device to show a green color.

If this is happening, please check the following areas: 

  • The device's traffic to the dashboard is not being blocked or incorrectly routed by an upstream device
  • Take a packet capture on an upstream device to see what traffic the device is sending and receiving
    • Filtering for the IP address or MAC address of the device and downloading the .pcap file is recommended for larger networks

 

Poor connectivity to the Meraki cloud

poor-connectivity-cloud.png

This is generally caused by a recognized routing asymmetry. An asymmetric firewall means that traffic is generally leaving the network through one firewall or router, and is returning through another. When NAT is being used, this can cause return traffic issues.

If this is happening, please check the following areas:

  • Ensure that any upstream firewalls are configured as both the entry and exit point for networking devices on your network
  • Take a packet capture on an upstream device to see whether traffic bound to/from a given address is both sending and receiving
    • Filtering for the IP address or MAC address of the device and downloading the .pcap file is recommended for larger networks

 

The Cisco Meraki Cloud is having difficulty communicating with this device

difficulty-communicating.png

This error is caused when a firewall test fails. This means that the Meraki device attempted to communicate with the Meraki cloud, but its communication was blocked by an upstream firewall.

If this is happening, please check the following areas:

  • The device's traffic to the dashboard is not being blocked or incorrectly routed by an upstream device
  • Take a packet capture on an upstream device to see what traffic the device is sending and receiving
    • Filtering for the IP address or MAC address of the device and downloading the .pcap file is recommended for larger networks

 

Bad IP assignment configuration

bad-ip-assignment.png

After configuring a Cisco Meraki device's static IP address either from the dashboard or via the my.meraki.com Uplink configuration page, the device may report "Bad IP assignment configuration" in the dashboard.

In the case that the device cannot get an ARP reply from its default gateway, it will revert back to using DHCP for its IP configuration. This is an intended function to bring the device online; if the device can't reach its default gateway, it will never report to the dashboard.

The static IP will still be configured on the device if you go to the Uplink configuration page on the Local Status Page or, for MS switches and MR access points, on the device's details page in the dashboard under "set IP address." Even though the device will have a different IP via DHCP, it will continue to ARP for the gateway configured statically. As soon as the device receives an ARP reply from that gateway, the AP will switch to its static configuration:

bad_ip_capture.png

In the above packet capture, the Meraki AP has already obtained an IP via DHCP because it has received no ARP reply from its gateway 192.168.15.1. However, the AP will continuously send out ARP requests for its statically configured gateway. Until it receives an ARP reply from the statically configured gateway, the dashboard will continue to report "Bad IP assignment configuration".

Actions to Take

  • Check that your device has the correct configuration. Ensure that:
    • The Gateway you have entered is correct and online.
    • The VLAN is correct, or is blank if not using VLANs. This should also be left blank if the VLAN desired is the native VLAN on the switch port.
    • The IPSubnet mask, and Gateway are correct for the subnet to which this AP is attached.
    • The Primary DNS is valid and reachable (we recommend using Google Public DNS at 8.8.8.8 or 8.8.4.4).
    • There are no extra spaces in your settings (including leading, trailing, or between characters).
  • Check the local status page - often times the local status page gives more detailed error output to help resolve problems during troubleshooting.
  • Wait 5 minutes - the Bad IP assignment error often reflects a lack of data. After a few minutes, a more precise error is likely to be presented to help troubleshoot.
  • Reboot the hardware - sometimes the MAC address for the internet port can get stuck on network hardware and clear out after a set period of time. Rebooting network equipment helps speed up this process.
  • Use a new cable - a bad network cable can cause this error to be presented.

 

Uplink IP address in conflict with another device

uplink-in-conflict.png

When a Meraki device detects it has the same IP address as another host on the LAN you will be alerted in 2 places.

  1. The icon for the device will turn yellow and an alert will report:
    • For MR APs: "This gateway is disabled. It is experiencing an IP address conflict with another device on its local LAN".
    • For other devices: "Uplink IP address in conflict with another device"
  2. The connectivity graph will turn yellow/gold. When you place your mouse over the connectivity graph on the device detail page a warning will appear: 
    • "Gateway warning (IP address conflict on local LAN)"

You must resolve this IP address conflict for the device to be able to operate correctly. Here are some actions you can take to remedy the issue.

Find the IP address of the device

  1. Log into the dashboard
  2. Navigate to the device status page of the device reporting the conflict
  3. Locate the LAN IP address value on the detail page
  4. Notice the IP address of the device and whether it was assigned statically or dynamically (DHCP)

Verify DHCP service 

  1. Locate and disconnect any unauthorized DHCP servers from your LAN
  2. Verify non-overlapping address pools are being used if you LAN contains multiple DHCP servers for fault tolerance

Resolve IP address conflict 

  1. If the Meraki device received its IP address via DHCP, try adding the IP address it received to the DHCP reservations list and then reboot the device. This will force the device to obtain a new IP address from the DHCP server.
  2. If the Meraki device is configured with a static IP address, look in your DHCP logs to see if another host on the LAN obtained the same IP address from DHCP. If this is case exclude the IP address from the DHCP scope and reboot the host with the duplicate IP address.
  3. If the Meraki device is configured with a static IP address, and you cannot locate another host using the same IP address in the DHCP logs, you may need to power off the device and physically locate the host. In this situation, ping and ARP can be useful in finding the host's MAC address.
  4. When the Meraki device is powered off, ping the IP address. Once you've pinged the address, use ARP to locate the MAC address of the client.
  5. Once you have the MAC address of the client you can block it from your switch port or use the information to physically locate the port the device is connected to and subsequently remove it.

Note: Some DHCP servers have the ability to perform Conflict detection by performing a ping test of the IP address before assigning it to a DHCP client.

 

The device is using a DHCP IP address from VLAN X instead of using configured VLAN Y

wrong-dhcp-vlan.png

This error is caused when a device's DHCP-assigned IP address does not match the device's configured VLAN. This can often occur when a management VLAN is assigned to the device manually.

Configuration

On many Meraki devices, a VLAN tag can be assigned to the device for its own management traffic. This can either be done in the dashboard on the device's status page near the device's LAN IP address, by clicking the Edit icon  or on the Local Status Page of the device.

 

This tells the device to tag that specific VLAN for management and cloud traffic in order for it to be correctly passed on the LAN.

Note: Tagging egress per SSID on an Access Point requires that the AP be plugged into a trunk port. To see an article describing more about IEEE 802.1Q and VLAN tagging, please refer to our documentation on Meraki Gateway Access Points, IEEE 802.1Q, and VLAN Tagging

Troubleshooting

To resolve this error, check the following:

  • Check that the device IP address matches the IP range + VLAN for other devices on the same VLAN
  • Check that your DHCP server has a reserved assignement for the MAC address matching your Meraki device
  • Try removing the manually-assigned VLAN ID for the device, if it has been set, and see if this resolves the issue. If so, your VLAN ID assignment may be incorrect and will need to be modified to suit your LAN configuration.