Per-port VLAN with Type 'Access' Sent out Packet with 802.1Q Tag

newnovice
Conversationalist

Per-port VLAN with Type 'Access' Sent out Packet with 802.1Q Tag

Hi there,

 

We have MX250 with firmware 17.10.2, and find out even though we set per-port vlan with Lan port type 'Access', the meraki still send out packet with 802.1Q tag, is it normal? thank you guys.

 

10.60.34.254 is MX VLAN IP

MX_AccessPort_with_Tag.jpg

9 REPLIES 9
alemabrahao
Kind of a big deal
Kind of a big deal

Have you checked on local status page if the configuration was applied?

 

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Me...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Yes, local status page shows:

Internet->This security appliance is connected to the Internet.

Cisco Meraki cloud->this security appliance is successfully connected to the Cisco Meraki cloud.

 

The dashboard shows config 'Up to date'

Not this part, on configure tab.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

On local status page, configure tab, there is uplink(internet) configuration which is don't use vlan tagging, but we capture the packet from Lan Interface.

I,m talking abou this part.

Screenshot_20230329-061539.png

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

On ethernet tab, what configuration was applied? Enable status? Link negotiation? All of them are enable and auto.

RaphaelL
Kind of a big deal
Kind of a big deal

Pretty sure that normal. Was your packet capture done directly from the dashboard ?

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Packet_Capture_Overvi...

 

Note that packet captures on access ports may show an 802.1q VLAN tag on ingress traffic. This behavior is a consequence of how packet captures are performed on MS switches.

 

So I would expect the same for a MX.

Yes,it was done by dashboard. So even on egress traffic may show an 802.1q VLAN tag?

RaphaelL
Kind of a big deal
Kind of a big deal

I would suggest to take a packet capture on the device that is receiving the traffic from that MX.

 

Like a computer or anything else that is not Meraki , you won't see any tags.

 

Also you can reach support to confirm this behavior. It is not documented ( to my knowlege ).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels