Migrate Catalyst to MS120 but the Firewall its ASA5508

Comes here often

Migrate Catalyst to MS120 but the Firewall its ASA5508

Hi guys

Im looking some suggestion.

On a costumer network I had firewall ASA5508 and this is connected to Catalyst and works, the point is because I need to replace this Catalyst for one Meraki MS120.

From ASA5508 I use the next config with sub interfaces.

GigabitEthernet1/4.226    YES manual up                    u

GigabitEthernet1/4.228    YES manual up                    u


Vlan 226 its for internet Data and vlan 228 its for device administration so the point its manage this MS120 with some ip for vlan 228.

I don’t know how config this MX120 or what physical connection I need because this MS has Manage Port.

Kind of a big deal
Kind of a big deal

you go to the dashboard.meraki.com where your added your ms120. then you set your switchport to trunk with your allowed vlans(or just all).

if your switch (virtual management interface) does not get ip from dhcp you have to connect the eth management port and set it yourself


*the management eth port is just for local connecting the switch. the management interface of the switch that connect the dashboard is like a svi on catalyst.





Kind of a big deal
Kind of a big deal

To add to @ww 's comment, you only need the management port for initial configuration.  Once the switch is up and running and connected to the Internet you don't need to use it anymore.  In fact if you can plug in the switch to somewhere where it can get a DHCP address you wont need to use it at all.  It just needs to connect to the Internet once to be able to download its config.


You can get the MS120 to use vlan 228 for its access to the cloud via the local status page and configuring the "uplink configuration":



Or once the switch has connected to the Internet once you can do it via the dashboard:



Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.