Meraki

Community

VLAN and DHCP Issue

Stephen88
Comes here often
‎Jun 3 2018 8:01 PM
‎Jun 3 2018 8:01 PM

VLAN and DHCP Issue

So I have messed with this for over 4 hours and cant figure it  out.

 

I have a MX64 with all ports configured as Trunk with All VLANS. This is plugged into a Cisco 3750x POE switch. The issue is I have multi SSIDS on a MR33 and none of them will connect. Looks like the DHCP isn't being passed. But it is because any access vlan tagged port on the 3750x works. 

 

Port 24 is my uplink to my MX and ports 11&12 are my APS. I have included my 1 AP IP settings as well and MX port settings. 

 

Please help me out I am at a loss of whats wrong.

 

 

pic1.PNG

 

 

 

 

pic2.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Here is my switch config.........

 

 

Building configuration...

Current configuration : 4488 bytes
!
! Last configuration change at 14:24:16 UTC Sun Apr 3 2011 by root
! NVRAM config last updated at 14:24:17 UTC Sun Apr 3 2011 by root
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname c01-switch-core-01
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c3750x-24p
system mtu routing 1500
!
!
ip domain-name name
ip device tracking
!

!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
interface GigabitEthernet1/0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/24
description UPLINK
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description Managment
ip address dhcp
!
interface Vlan20
description Wired Network
no ip address
!
interface Vlan30
description Guest
no ip address
!
interface Vlan40
description IOT
no ip address
!
ip http server
ip http secure-server
!
!
!
line con 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login
!
end

 

0 Kudos
10 Replies 10
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 3 2018 8:06 PM
‎Jun 3 2018 8:06 PM

Change the native VLAN back to "1" on everything (MX and switch).

 

You can leave the AP using a tagged VLAN of 10.

0 Kudos
In response to PhilipDAth
Stephen88
Comes here often
‎Jun 3 2018 8:16 PM
‎Jun 3 2018 8:16 PM

My management network is VLAN 10 though. Why would I need to do this? A trunk should pass all VLANS unless specified.
0 Kudos
In response to Stephen88
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 4 2018 1:05 AM
‎Jun 4 2018 1:05 AM

You have specified on the MX that you want it to be the "native" vlan - which means it will be untagged.  You really want to preserve the vlag tag so that everything knows you mean vlan10.

0 Kudos
In response to PhilipDAth
Adam
Kind of a big deal
‎Jun 4 2018 7:24 AM
‎Jun 4 2018 7:24 AM

And if you have SSIDs for different VLANs you'll set up that tagging on the SSID and not the wireless interface.  Any SSID that is untagged will automatically be put on the same VLAN as the APs interface. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
Stephen88
Comes here often
‎Jun 4 2018 7:33 AM
‎Jun 4 2018 7:33 AM

Yes, I have VLANs setup on the SSID's. The VLAN tag in the picture is just for management of the AP.

0 Kudos
In response to PhilipDAth
Stephen88
Comes here often
‎Jun 4 2018 7:45 AM
‎Jun 4 2018 7:45 AM

So what do I change this too in the MX config? Or you just saying I need to remove the native from the trunk port on the switch? I just dont understand why that would matter.

 

I have access ports on the switch working just fine. I also have a server that is using a trunk and bringing in the different VLANS just fine. Just the AP's arent working......

 

pic3.JPG

 

 

0 Kudos
In response to Stephen88
Adam
Kind of a big deal
‎Jun 4 2018 8:19 AM
‎Jun 4 2018 8:19 AM

I'd set the port on the MX as Native 10 then specify the allowed VLANs instead of doing all

The trunk port on the Cisco switch like the following.  Obviously change the interface and allowed VLANs to match your environment and the allowed VLANs specified above

interface GigabitEthernet1/0/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 1,10,20,30

 

Ref: https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Recommended_Configuration_for_Trunk_...

 

Port going to the AP configured as Trunk, Native 10, allowed VLANs same as above

You should be above to configure the AP as static on VLAN 10 if you want but keep in mind any SSID that isn't tagged will put traffic on VLAN 10.  Also VLAN 10 needs to be able to access the internet so the AP can check-in to the dashboard.   

 

At that point, you should be fine to create your SSIDs tagged appropriately.  

 

I think @PhilipDAth was just saying use native VLAN 1 everywhere instead of 10 and just put 10 in the allowed VLANs.  This is a good practice to basically have any untagged traffic in a VLAN you don't use.  This is basically what we do but I may have misinterpreted his suggestion. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
Stephen88
Comes here often
‎Jun 5 2018 8:32 AM
‎Jun 5 2018 8:32 AM

I followed that link before I even posted and I tried it again last night. Still not working. I just don't understand why all my other trunks on the switch work just fine but when it comes to the AP it doesn't work. This isn't that complex.......

 

VLAN 10 can access the internet and all ssids have assigned VLANS so yes if they didnt they would get 10. Thats fine. 

0 Kudos
In response to Stephen88
Stephen88
Comes here often
‎Jun 8 2018 2:05 PM
‎Jun 8 2018 2:05 PM

So no other ideas???
0 Kudos
In response to Stephen88
Adam
Kind of a big deal
‎Jun 8 2018 2:23 PM
‎Jun 8 2018 2:23 PM

@Stephen88 wrote:
So no other ideas???

If the port you have the AP connected to has a native VLAN of 10 set then try removing the VLAN from the static IP configuration you have on the AP.  I had an environment where that helped.  

 

Capture.PNG

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.