Meraki

Community

Help with vlan configuration

Solved
GoranP
Here to help
‎Apr 27 2022 5:49 AM
‎Apr 27 2022 5:49 AM

Help with vlan configuration

Hello to everyone, 

 

Im engaged from my employ to do some advanced configuration on existing network. Im completely new to Meraki but have some expirience doing network administration.

I have problem with vlan configuration.

 

network:

Palo Alto firewall

2 x MS425-16 in stack

5 x MS225-48

10 x MR56

 

Admins before me configured entire network in vlan 1 (servers, clients, meraki management IP...)

and that is work fine.

 

On stack is created switch vlan interface in default vlan 1 192.168.0.29 and global default route is 0.0.0.0/0 -> 192.168.0.1 (that is address of palo alto interface)

 

The idea is to make more separate vlans like Guest, Users, Servers, Device Management with different subnets 

I created Guest switch vlan 20 interface on stack 192.168.20.1/24 with dhcp relay in 192.168.0.0 network where is server, and that is work fine.

I wonted to make Management vlan for all Meraki devices in subnet 192.168.3.0 and i created switch vlan 3 interface  on stack 192.168.3.1/24 after i change the ip address of all Meraki devices to appropriate IP address for examle 192.168.3.10 with default gateway 192.168.3.1 and put it in vlan 3

After i do that 15 of my devices resume working just fine but i lose connectivity with my core switches. (2 x MS425-16 in stack)

I tried changing management vlan to vlan 3 in /switch/switch settings/vlan configuration option and did not help..

both switches are pingable from devices in the new vlan 3 but they are unreachable from dashboard and from any other device. After 2 hours they come back online with old configuration. (have some different trials where i again lose connectivity for 2h)

 

I hope i provide enough information about the problem, if there is any information that i can provide i would do it.

 

Thanx in advance.

 

0 Kudos
1 Accepted Solution
In response to GoranP
cmr
Kind of a big deal
Kind of a big deal
‎Apr 27 2022 7:02 AM
‎Apr 27 2022 7:02 AM

@GoranP yes, all VLANs are on the Meraki switches by default.  By deleting the interface you will achieve what you are wanting.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

5 Replies 5
ww
Kind of a big deal
Kind of a big deal
‎Apr 27 2022 5:56 AM
‎Apr 27 2022 5:56 AM

The routing stack should not have management ip address/gateway pointing to its self owned vlan interface .

 

I would create the management layer3/vlan on the firewall  and run that management vlan at layer2 down all device.

GoranP
Here to help
‎Apr 27 2022 6:10 AM
‎Apr 27 2022 6:10 AM

Hello,

 

I also tried something similar, created subinterfaces on Palo Alto interface for networks 192.168.0.0 and 192.168.3.0

but i left switch vlan interface up. How to dawngrade to vlan 2, dont have option to just create vlan on layer 2 ? 

Is it enough to just delete switch vlan interface on stack and provide IP address form subnet 192.168.3.0 with default gate 192.168.3.1 and vlan 3 to Meraki devices? (in that case i would set subinterface on the firewall IP 192.168.3.1)

0 Kudos
In response to GoranP
cmr
Kind of a big deal
Kind of a big deal
‎Apr 27 2022 7:02 AM
‎Apr 27 2022 7:02 AM

@GoranP yes, all VLANs are on the Meraki switches by default.  By deleting the interface you will achieve what you are wanting.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
GoranP
Here to help
‎Apr 27 2022 7:06 AM
‎Apr 27 2022 7:06 AM

Thank you for fast response 🙂 

I will try that after working hours. 

 

I will report the end results 🙂

0 Kudos
GoranP
Here to help
‎Apr 27 2022 1:14 PM
‎Apr 27 2022 1:14 PM

Hello !

I did it successfully. (i make vlan on the firewall and delete switch vlan interface on stack, after that i regain connection with my devices)

Thank you for your help.

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.