Meraki Community

That still no luck. I think this is a very simple setup but some how, I cannot get it to work.

On the MX, I have configured as below (this is the configuration I want)

On the Cisco 9200L

show run int vlan 1
Building configuration...

Current configuration : 61 bytes
!
interface Vlan1
ip address 10.38.0.252 255.255.255.0
end

And here is the uplink port

show run int g1/0/48
Building configuration...

Current configuration : 100 bytes
!
interface GigabitEthernet1/0/48
switchport trunk allowed vlan 1,4,10
switchport mode trunk
end

What does sh int statu give you for the VLAN and port?

show int status vlan 1

Port Name Status Vlan Duplex Speed Type
Gi1/0/5 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/6 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/7 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/8 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/9 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/10 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/11 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/12 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/13 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/14 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/15 notconnect 1 auto auto 10/100/1000BaseTX

Port Name Status Vlan Duplex Speed Type
Gi1/0/16 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/17 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/19 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/20 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/21 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/22 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/23 notconnect 1 auto auto 10/100/1000BaseTX
Gi1/0/24 Uplink connected trunk a-full a-1000 10/100/1000BaseTX

The status shows uplink port g1/0/24 connected in trunk mode

The config you showed was for port 48, is this another switch?

Yes, I tried this switch with a 24 port, same Cisco 9200L.

The config is the same.

Have you created all the VLANs on the 9200L?

You could try setting the 9200L to single mode spanning tree.

What does sh CDP nei show

Does the Meraki topology see the 9200L?

I have created VLANs 4 and 10 on the 9200L to match with the Meraki.

1 default active Gi1/0/5, Gi1/0/6, Gi1/0/7
Gi1/0/8, Gi1/0/9, Gi1/0/10
Gi1/0/11, Gi1/0/12, Gi1/0/13
Gi1/0/14, Gi1/0/15, Gi1/0/16
Gi1/0/17, Gi1/0/19, Gi1/0/20
Gi1/0/21, Gi1/0/22, Gi1/0/23
Gi1/1/1, Gi1/1/2, Gi1/1/3
Gi1/1/4
4 NVR active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/18
10 Mitel active

show cdp nei
KCSW#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID

Total cdp entries displayed : 0

spanning-tree mode pvst
spanning-tree extend system-id

Changing spanning-tree mode to pvst doesn't make a difference either.

Meraki Topology doesn't see the 9200L

Yes, I have created VLANs 4 and 10 to match with the VLANs in the Meraki.

I have configured spanning-tree mode to pvst

cdp nei doesn't show any

Meraki Topology doesn't see the 9200L either.

Thanks

It is strange a directly connected device cannot ping /reach its peer. Normally, two devices on the same LAN can see each other.

From a remote PC over VPN, I can ping the VLAN interface's IP of the Meraki, but a cisco switch directly connected is not able to.

If you plug a PC into MX port 3 and set the IP to match the one set on the 9200 can you ping the MX?

Equally if you connect to port 24 of the switch and set the IP to that of VLAN1 on the MX, can you ping the 9200 VLAN interface?

I plugged my laptop into port3 on the MX and set the IP to the 9200, still couldn't ping the MX.

I connected my laptop to port 24 on the 9200, set my IP in the same network range, and was able to ping the VLAN interface of the 9200.

I don't know if it matters or not but I already have a Cisco IR829 connected to the MX port 4, configured for Access mode to allow only VLAN 2.

That IR829 is working fine. 

Does the MX allow different router/switches connected to different ports for different purposes?

If you change the MX port 3 to access VLAN 1 and set the laptop to the 9200 IP, can you ping the MX?

The MX allows multiple devices as long as they don't create a loop, so MX - IR - 9200 - MX wouldn't work, but otherwise there shouldn't be an issue.

The 9200 is obviously behaving as expected, however if the test above works, change both trunks to have no native VLAN as reconnect switch to MX.

Changed MX port 3 to access VLAN 1, set IP on the laptop, no go.

I changed VLAN 1 to VLAN 100, set to access on port 12 on the MX, set dhcp, and was able to get an IP address when I plugged my laptop in and was able to browse out.

With the same MX setup, plugged the switch in, no difference, even when I change the uplink port to trunk and created vlan 100 interface, assigned static IP.

Or when I set the uplink port to no switchport and assigned a static IP to the uplink port, enabled ip routing on the switch, no luck.

VLAN 1 is default, it is already created on all Cisco switches.

VLAN 4 and 10 are active.

Sorry, it's a very simple configuration, you're probably forgetting to inform something.

Can you please review everything, if there is no ACL or firewall rule in the MX?

Things like that. If you can send the complete running show.

show run
Building configuration...

Current configuration : 10862 bytes
!
! Last configuration change at 13:40:11 CST Thu Jun 6 2024 by 
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform punt-keepalive disable-kernel-core
!
hostname KCSW
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
aaa new-model
!
!
aaa group server radius RADIUS_AUTH
server name 
deadtime 60
!
aaa authentication login default local
aaa authentication login <removed> group RADIUS_AUTH enable
aaa authorization exec default group RADIUS_AUTH if-authenticated
aaa authorization exec console group RADIUS_AUTH local if-authenticated
aaa authorization network default group RADIUS_AUTH local if-authenticated
!
!
aaa session-id common
!
!
!
clock timezone CST -6 0
clock summer-time CST recurring 1 Sun Mar 2:00 1 Sun Nov 2:00
switch 1 provision c9200l-24p-4g
!
!
!
!
ip routing
!
ip name-server 10.3.104.248 10.3.104.247
ip domain lookup recursive
ip domain name <removed>
!
!
!
no ip igmp snooping
login on-success log
vtp domain KC
vtp mode transparent
vtp version 1
!
!
!
!
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint TP-self-signed-4152475292
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4152475292
revocation-check none
rsakeypair TP-self-signed-4152475292
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
crypto pki certificate chain TP-self-signed-4152475292
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313532 34373532 3932301E 170D3234 30363035 31363331
30365A17 0D333430 36303531 36333130 365A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31353234
37353239 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100B00C FBC8E82E 4E495B62 B149AF3E 70DC27CE 1F1B807E ECFF5EE1
8B847BE3 C734760E 546CA504 423B1654 2EB08EFA 5D20864B 8FEED070 91428392
5774C747 587517C2 046B3C14 C9298354 31245AED C3C1612C 610122C5 00463FD5
8197589C 020CFE47 A6FDCCF0 8870BCCD 965A8B51 2F563265 9A7F60C8 2E78049B
D282CC0C 4E3234D1 192F2F1C 469FEB37 5B6A3D9F BAD3B154 2B44A8C2 5AB6938B
136F0388 874E9710 394BD918 09B60F1C 11C27CE6 99560A8A 5C7C1C33 D0D41324
DD6948E4 B0AC64ED C9C9E964 41BF4AC7 6024854A 6693F1A0 D750B20D 0975C3D8
0DCE59A6 1C574506 B0CB1310 886833F4 A84E4373 4E9EE82C C70B6DB1 A50CC3FF
2A796DAE 347D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 147C5715 606E09B0 0233EFBA E8516613 DB7655A0
29301D06 03551D0E 04160414 7C571560 6E09B002 33EFBAE8 516613DB 7655A029
300D0609 2A864886 F70D0101 05050003 82010100 999D8CF5 F6EA723A 0589DCC7
B4016F35 6B1D5E4B B380A747 29A42C58 F0729F43 54468835 15912E20 5D9482BB
91B8A5E4 D3F13470 20C69552 7BDB2412 53EBACF6 59B973EF 9582B09D DFF3C200
E468659C 1605D20E B3968167 220FAD89 EEF46BAF 40374CA0 47C78258 FDEC9511
1062D051 3057CEB7 B6995011 72F20602 B55599B9 43A58334 2897064E 269DE7A2
05F0D6AC 54F9C6A5 16BA0CE0 2D1689A3 9479B8BC BE23FC05 E95A54B0 16E4652A
C8048F50 9F7B2C7D E2D76D1D 1C674A69 9DE6DB52 5ACD4AF9 FBE29C58 1C592421
F6CADE83 74D372B5 EE4EC7C4 5A279AA0 9349CE43 18998865 5A65B61A F793BCBE
835BEE91 3B59639D 569EAA19 18327825 7FA93971
quit
!
license boot level network-advantage addon dna-advantage
memory free low-watermark processor 10298
!
diagnostic bootup level minimal
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
enable secret 9 <removed>
!
username <removed> privilege 15 secret 9 <removed>
!
redundancy
mode sso
crypto engine compliance shield disable
!
!
!
!
!
transceiver type all
monitoring
!
vlan 4
name NVR
!
vlan 10
name Mitel
!
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
description EWLC data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
!
interface GigabitEthernet1/0/1
description Cameras
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/2
description Cameras
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/3
description Cameras
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/4
description Cameras
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
description NVR
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
description Uplink
switchport trunk allowed vlan 1,4,10
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
ip address 10.38.0.252 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
ip default-gateway 10.38.0.250
no ip http server
ip http authentication local
no ip http secure-server
ip forward-protocol nd
ip ssh version 2
!
!
logging facility local6
logging host 10.3.44.241
logging host 10.3.43.241
ip access-list standard 88
10 permit 172.27.0.241
30 permit 10.7.1.224 0.0.0.31
40 permit 10.8.0.0 0.0.255.255
ip access-list standard 99
20 permit 172.27.0.241
!
snmp-server group KANSASCITY v3 priv read ALL_ACCESS
snmp-server view ALL_ACCESS iso included
!
radius server DPNPS01
address ipv4 10.3.104.245 auth-port 1812 acct-port 1813
retransmit 5
key 7 <removed>
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
stopbits 1
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
end

I'd ditch the spanning tree portfast on the trunk (alongside my previous suggestions).

Done that, no difference.

No Firewall Rules on the MX.

Are you receiving arp on port 24 of the switch?

Can you also try removing these commands from the VLAN 1 interface?

no ip redirects
no ip unreachables
no ip proxy-arp

No arps showing on the g1/0/24

I have done all that before too, just did again with the same results.

I also tried to set a different VLAN on the MX, let's say 30 and set port 3 as Access, and connected my laptop to it, but still couldn't ping it either.

I have tried a lot of stuff already.

It doesn't work in any combination for some reason.

I can ping the MX from other hosts on the networks, just not the switch or laptop directly connected to it.

I created a different VLAN, 100 on the MX and set that to Access, enabled DHCP and I was to connect my laptop to it, got a dhcp address and was able to communicate.

I also tried to set the MX port to Trunk, allowed all VLANs, that also works.

Just when I connect the Cisco Switch to the MX, it doesn't work.

There is probably some requirements that I am not aware of to make this work.