cancel
Showing results for 
Search instead for 
Did you mean: 

Changing the Meraki native VLAN

SOLVED
Here to help

Changing the Meraki native VLAN

I need some advice on the correct process order to change my native VLAN and need some advice from anyone who has done it before.  At the moment we are using a predominantly flat network and all devices are connected to VLAN1 (the Meraki default VLAN).  I do have a couple of other VLAN's but they do not need to change and can be ignored for the purposes of this question.  I want to change the VLAN numbering of all connected device ports from 1 to 10. Also every device within the VLAN needs to retain their existing IP addressing (I'm not changing IP addressing just the VLAN number).  I'm not using devices that use VLAN tagging so am hoping this will reduce the complexity of the process.

 

  • The switches I am using are MS225's
  • The IP subnet assigned to VLAN1 is 10.222.20.0/22
  • All devices including the internal interface of my internet Firewall
  • DHCP addresses are assigned from a DHCP server, not by the network switches
  • All switches and AP's have a management interface address in VLAN1 (10.222.20.0/22) and ideally I would like to retain this if possible, but can opt for a management VLAN if I have to 

I am familiar with the Meraki VLAN management interface and have set up the whole network, but my main concern around this is that if I do the tasks in the wrong order I may lose connectivity to the switches from the Meraki portal.

 

The process I would expect to use is:

  1. Create the new VLAN "10" with a dummy IP subnet, e.g. 192.168.1.0/24
  2. Change the existing VLAN 1 IP subnet from 10.222.20.0/22 to 192.168.2.0/24
  3. Change VLAN 10 subnet from 192.168.1.0/24 to 10.222.20.0/22
  4. Modify all device ports on the switches to be in VLAN 10

Would my Meraki devices and my local PC lose connectivity to the Internet and prevent some of these changes happening?  I am assuming that if I set my computer to have a default gateway of the firewall itself I should be OK.  The switch stack itself has the firewall as it's default gateway.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Here to help

Re: Changing the Meraki native VLAN

After some further testing today I have confirmed that the VLAN1 Bonjour forwarding is the cause of my issue.  I created another VLAN, VLAN5 to go with my existing VLAN3 and VLAN1.  I placed my Airplay device in VLAN5.  I set up Bonjour forwarding from both WIFI networks associated with VLAN1 and VLAN3.  I could see my Airplay device which was connected to VLAN5 from VLAN3 but not from VLAN1. The conclusion is that Bonjour forwarding doesn't work to or from VLAN1, as per the advisory from Meraki.

 

My original post was requesting advise about changing my network so that I move most devices to another VLAN so thanks to everyone for their advice on how to achieve that.  Despite my initial scepticism I now know that making these VLAN changes will fix my problem.

7 REPLIES 7
Kind of a big deal

Re: Changing the Meraki native VLAN

Why do you want to change the native VLAN?

 

Assumptions:

  1. You have physical access to all the devices
  2. The firewall (or device that provides Internet access) is configured to use a trunk port to the switch.
  3. All switches are configured to use trunk ports between themselves.
  4. You can have down time until the process is complete.

 

Change the firewall first to using VLAN10.  Then connect to the Meraki switch that it connects to via the local status page and change the management VLAN to 10.  Repeat for the other Meraki switches.

 

All switches should now be online.  Change all the access ports from VLAN1 to VLAN10.

 

Everything should now be back online.

 

 

Note you don't actually change the native VLAN at any point.  You leave VLAN1 alone, it just ends up unused, and everything is migrated into VLAN10.

Here to help

Re: Changing the Meraki native VLAN

Thanks for your response.  The reason behind changing from using VLAN 1 is in response to an issue with Bonjour forwarding between VLANs.  I have some Crestron AirMedia devices that provide AirPlay functionality.  They work within VLAN but do not across VLANs.  I have been advised by Meraki support that Bonjour forwarding does not work if VLAN 1 is involved.  I have to admit, I am a little sceptical about this but it is mentioned in a KB article.  Your assumptions about my environment are all correct, subject to your confirmation about the stack ports below.
 
In terms of the process, I have a few follow up questions.  The six MS225 switches I have are connected in a single stack using the dedicated stack ports, so should I assume that these are automatically allowing all VLANs across the whole stack?  You have said that I don’t need to change anything in relation to VLAN 1, but I assume that within the subnet settings I need to make a change to the IP addressing (i.e. subnet and interface IP) otherwise it will clash with the new VLAN I am creating.  Please confirm.
 
I appreciate your help.

 

Getting noticed

Re: Changing the Meraki native VLAN

Meraki equipment uses an out of band connection to connect to the portal, so changing default LANs or VLANs should no impact that connectivity.

 

I have ChromeCasts on a VLAN (3) and setup my MX65 to use Bonjour forwarding so the devices on the LAN (VLAN 1) can cast to the ChromeCasts.

 

One of the ChromeCast devices is wired, the other two are wireless.  I have a group called Google IOT that all ChromeCast and Google Home devices are in.  The Group assigns the VLAN 3 to the wireless devices, and the port that the wired ChromeCast has the VLan 3 assigned.

 

 

Here to help

Re: Changing the Meraki native VLAN

Thanks for your reply DHAnderson, that's really useful to know that you are getting Bonjour forwarding working from VLAN3 => VLAN1.  My issue is the opposite way around, i.e. My devices are on VLAN1 and I need them to go to VLAN3 (or VLAN50 to be precise).  They are not forwarding from VLAN1=>VLAN3 but I don't know whether it's working the other way around, so will connect something to VLAN3 and give it a try.  I notice that you are using a MX65 as opposed to my MS225, I makes me wonder if there's a functionality difference between the two device types.  When I've tested I'll re-post.  Thanks for your help. 

Getting noticed

Re: Changing the Meraki native VLAN

Under the Firewall section of Security & SD WAN,  there is a Bonjiur Forwarding setting.  Add a rule where the Service VLANs (in your case) is 1,  and the Client VLANs is 3 or 50.

 

Here to help

Re: Changing the Meraki native VLAN

On the MS225's the options are a bit different, you don't have the ability to set the client VLAN but the changes get made to the SSID properties, so effectively it's the same thing.  Yes, the Bonjour forwarding settings for VLAN1 (as the service VLAN) are in there but it's not working.  I raised this with Meraki support and then they pointed me towards this article which says not to use VLAN1 https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/Bonjour_Forwarding. 

 

I'm going to test tomorrow with two other VLAN's so hopefully will determine from that whether VLAN1 is the issue.

 

Here to help

Re: Changing the Meraki native VLAN

After some further testing today I have confirmed that the VLAN1 Bonjour forwarding is the cause of my issue.  I created another VLAN, VLAN5 to go with my existing VLAN3 and VLAN1.  I placed my Airplay device in VLAN5.  I set up Bonjour forwarding from both WIFI networks associated with VLAN1 and VLAN3.  I could see my Airplay device which was connected to VLAN5 from VLAN3 but not from VLAN1. The conclusion is that Bonjour forwarding doesn't work to or from VLAN1, as per the advisory from Meraki.

 

My original post was requesting advise about changing my network so that I move most devices to another VLAN so thanks to everyone for their advice on how to achieve that.  Despite my initial scepticism I now know that making these VLAN changes will fix my problem.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.