Setting Meraki mx64 up for vlan tagging issues

SOLVED
Pbelanger
Just browsing

Setting Meraki mx64 up for vlan tagging issues

Hello,

 

I have a cisco catalyst 2960 switch, routing disabled, just being setup as a layer 2 switch. Port 1 is connect to the Meraki MX64 Port 1, Port 2 is connected to the Meraki MR20 AP. Both switch ports 1 and 2 are setup as Trunk ports all VLANS allowed. Both devices are connected to meraki cloud with static IPs and functioning. I want the MX to handle all VLAN tagging and routing. I have setup VLANS 1,2,3,4 on the MX.I also have DHCP setup on all VLANS.

 

With that said, what should my layer 2 switch configuration be in order for the MX to do all the VLAN tagging and such? I talked with Meraki for a few hours today and i kept hearing conflicting setups. One person would tell me NO i do NOT need to setup ANY VLANS on the switch since the MX will be tagging VLANS then minutes later say the complete opposite. I also had a person yesterday tell me i didnt need to setup ANY VLANS on the switch at all as well. I FINALLY figured out that when i tag SSID with VLAN 3, i had to configure the switch with VLAN 3. So i was then able to connect to the SSID and obtain a VLAN 3 IP address. The AP works now yay. However, how do i configure the switch for all LAN devices? Do i need to configure VLAN 1,2,3,4 on the switch as well (even though the meraki is supposed to be tagging) and then assign the access ports on the switch to the whatever VLAN i want? So assign port 4 to VLAN 2, connect a laptop to port 4, and should then be able to get a VLAN 4 IP from the MX? If so, this isn't working for me.

 

1. ) To reiterate, I think my switch config is just wrong. How do i set the switch and MX device up so that the MX is doing all the VLAN tagging and handing out the correct DHCP address according to the port the device is connected to on the switch?

 

2.) If the MX is handling all the VLAN tagging, and i have devices connecting to a layer 2 switch, how does the MX know what to tag each device as? I assume this is why VLANS are necessary on the switch?

 

Networking is not my strong suit so i am sure there is just something simple i am missing.

1 ACCEPTED SOLUTION
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Pbelanger 

 

So, create all your vlan interfaces on the MX. Assign each an IP address and setup DHCP as per your requirements on the MX. The port that connects to the 2960 should be a trunk port with a native vlan.

 

On your 2960 you need to create each vlan required in its VLAN database.

 

conf t

>vlan 2 

>name xyz

!

>vlan 3

> name xzy 

 

etc etc

 

The uplink port on the 2960 should also be set as a trunk with the corresponding native vlan.

 

Ill eat my hat if that setup doesn’t work. 😁

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

8 REPLIES 8
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Pbelanger 

 

So, create all your vlan interfaces on the MX. Assign each an IP address and setup DHCP as per your requirements on the MX. The port that connects to the 2960 should be a trunk port with a native vlan.

 

On your 2960 you need to create each vlan required in its VLAN database.

 

conf t

>vlan 2 

>name xyz

!

>vlan 3

> name xzy 

 

etc etc

 

The uplink port on the 2960 should also be set as a trunk with the corresponding native vlan.

 

Ill eat my hat if that setup doesn’t work. 😁

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

This was my original configuration. It got the AP working correctly, however still when i go to connect a device to the switch on VLAN 3 (with VLAN 3 configured and the port set to access port and a member of VLAN 3), the device grabs an IP in the VLAN1 DHCP scope somehow. My guess, of course after getting home, is that perhaps i need to add ip helper-addresses to each vlan? So VLAN 3 shoudl have ip helper-adddress 10.1.3.1 if this were the INT IP on the MX. I made the changes but i cant test it out just yet.

DarrenOC
Kind of a big deal
Kind of a big deal

Probably best that you upload your switch config on here.  You won’t need to add ip-helpers. You shouldn’t have any Vlan Interfaces configured on the 2960 except maybe a mgmt ip.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Here is my config - obviously omitted certain things. I am probably doing something wrong, but i still am getting a VLAN 1 IP when i connect a device to port 3 or 5 etc

 

 

Current configuration : 4343 bytes
!
version 15.2

no aaa new-model
switch 1 provision ws-c2960xr-48fpd-i
system mtu routing 1500
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0
ip address 192.168.168.168 255.255.255.0
!
interface GigabitEthernet1/0/1
description Trunk to MX - all vlans allowed
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/2
description Trunk to MR - all vlans allowed
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 3
switchport trunk allowed vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/4
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 3
spanning-tree portfast
!
interface GigabitEthernet1/0/6
spanning-tree portfast
!
interface GigabitEthernet1/0/7
spanning-tree portfast
!
interface GigabitEthernet1/0/8
spanning-tree portfast
!
interface GigabitEthernet1/0/9
spanning-tree portfast
!
interface GigabitEthernet1/0/10
spanning-tree portfast
!
interface GigabitEthernet1/0/11
spanning-tree portfast
!
interface GigabitEthernet1/0/12
spanning-tree portfast
!
interface GigabitEthernet1/0/13
spanning-tree portfast
!
interface GigabitEthernet1/0/14
spanning-tree portfast
!
interface GigabitEthernet1/0/15
spanning-tree portfast
!
interface GigabitEthernet1/0/16
spanning-tree portfast
!
interface GigabitEthernet1/0/17
spanning-tree portfast
!
interface GigabitEthernet1/0/18
spanning-tree portfast
!
interface GigabitEthernet1/0/19
spanning-tree portfast
!
interface GigabitEthernet1/0/20
spanning-tree portfast
!
interface GigabitEthernet1/0/21
spanning-tree portfast
!
interface GigabitEthernet1/0/22
spanning-tree portfast
!
interface GigabitEthernet1/0/23
spanning-tree portfast
!
interface GigabitEthernet1/0/24
spanning-tree portfast
!
interface GigabitEthernet1/0/25
spanning-tree portfast
!
interface GigabitEthernet1/0/26
spanning-tree portfast
!
interface GigabitEthernet1/0/27
spanning-tree portfast
!
interface GigabitEthernet1/0/28
spanning-tree portfast
!
interface GigabitEthernet1/0/29
spanning-tree portfast
!
interface GigabitEthernet1/0/30
spanning-tree portfast
!
interface GigabitEthernet1/0/31
spanning-tree portfast
!
interface GigabitEthernet1/0/32
spanning-tree portfast
!
interface GigabitEthernet1/0/33
spanning-tree portfast
!
interface GigabitEthernet1/0/34
spanning-tree portfast
!
interface GigabitEthernet1/0/35
spanning-tree portfast
!
interface GigabitEthernet1/0/36
spanning-tree portfast
!
interface GigabitEthernet1/0/37
spanning-tree portfast
!
interface GigabitEthernet1/0/38
spanning-tree portfast
!
interface GigabitEthernet1/0/39
spanning-tree portfast
!
interface GigabitEthernet1/0/40
spanning-tree portfast
!
interface GigabitEthernet1/0/41
spanning-tree portfast
!
interface GigabitEthernet1/0/42
spanning-tree portfast
!
interface GigabitEthernet1/0/43
spanning-tree portfast
!
interface GigabitEthernet1/0/44
spanning-tree portfast
!
interface GigabitEthernet1/0/45
spanning-tree portfast
!
interface GigabitEthernet1/0/46
spanning-tree portfast
!
interface GigabitEthernet1/0/47
spanning-tree portfast
!
interface GigabitEthernet1/0/48
spanning-tree portfast
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
ip address 10.1.1.2 255.255.255.0
!
interface Vlan2
no ip address
!
interface Vlan3
no ip address
ip helper-address 10.1.3.1
!
ip default-gateway 10.1.1.1
ip forward-protocol nd
ip http server
ip http secure-server

DarrenOC
Kind of a big deal
Kind of a big deal

You shouldn't need the vlan interfaces on your 2960 especially if these are configured on the MX.  I assume VLAN 1 is your management IP so you can leave that in situ:


I would shut and delete vlans 2 and 3:

 

conf t

no int vlan 2

!

no int vlan 3

 

What output do you get from a show vlan?  Are Vlans 2 and 3 in your vlan db?

 

On the Uplink from the MX to the switch what do you have set as your native vlan?  There's no native vlan set on the uplink on gig 1/0/1 so its probably using vlan 1

 

interface GigabitEthernet1/0/1
description Trunk to MX - all vlans allowed
switchport mode trunk
spanning-tree portfast

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Hello!

 

I had put those vlan int in to test out the ip helper address, i will remove though since they are not needed! Also, indeed both trunks have native vlan 1.

 

 

Pbelanger_0-1588605247545.png

 

 


Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Gi1/0/2 on 802.1q trunking 1

 

 

It is working now! You had the original solution, it just so happened i am an idiot and left port mirroring on for when i was troubleshooting with wireshark and i was plugged into the same port this morning. In any case, it was simply the VLANs that needed to be created and assigned to the switchports, contrary to what Meraki told me. Thank you!

DarrenOC
Kind of a big deal
Kind of a big deal

Awesome 🎉🎉 glad its up and running for you now. Nothing worse than chasing your tail with conflicting information.

 

I don’t have to eat my hat now as well. 😁

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels