VLANs from Meraki MX84 to Cisco SG350X Switch

SOLVED
CBCAV
Here to help

VLANs from Meraki MX84 to Cisco SG350X Switch

Hello all,

 

I need help assigning VLANs from my Meraki MX84 to our SG350X switches. Here is what I have setup:

 

VLAN 1: 172.30.0.0/21 MX IP 172.30.7.254

VLAN 3: 10.0.8.0/24 MX IP 10.0.8.254

 

Per-Port VLAN Settings: Port 3 (Trunk) Native VLAN1 (Default) w/ All VLANS allowed. Port 6 (trunk) is setup for VLAN3, when I connect my computer to it directly everything works and I get an IP under the 10.0.8.x range.

 

Next I went to my Cisco SG350X and created a new VLAN:

Screen Shot 2021-06-05 at 6.48.45 AM.png

 

 

And an additional static IP for VLAN 3 (10.0.8.1 w/ mask 255.255.255.0).

 

Screen Shot 2021-06-05 at 6.48.37 AM.png

 

I then went to the Port to VLAN settings and set Port 5 to Untagged.

 

Screen Shot 2021-06-05 at 6.51.32 AM.png

 

After doing all of that I connected directly to that port and after about a minute I get an APIPA IP. I can't figure out what's going wrong. I can ping my MX gateway 10.0.8.254, but I get 100% packet failure when I ping the VLAN static IP on the switch 10.0.8.1.

 

I'm new at the networking side of things (currently working on A+, Networks + certs). Any insight would be greatly appreciated!

1 ACCEPTED SOLUTION
KarstenI
Kind of a big deal
Kind of a big deal

If VLAN 3 is configured on the Link to the MX and is also the VLAN configured on Port 5, you can transparently communicate from the Port5-systems to the MX. You could assign your IPs statically, but you could also use the DHCP on the MX. If you want to configure your Lab-devices statically, then configure a range of reserved addresses on the MX DHCP-server to avoid any conflicts.

View solution in original post

9 REPLIES 9
KarstenI
Kind of a big deal
Kind of a big deal

A couple of things to question here:

  1. Why do you put an IP on the Switch-VLANs? It should be either on the MX *or* on the Switch. You only have IPs on both for the transfer-VLAN between them.
  2. You show that you have configured Port 5 as Access, but not for which VLAN.
  3. You say you get an APIPA-address but can ping the MX-IP. Probably something happened in between these two events as that can not happen.
DarrenOC
Kind of a big deal
Kind of a big deal

Why the need to create the VLAN interfaces on your SG?  Simply connect a single trunk from the MX (add the Native VLAN) and allow all VLANs through.

 

On the SG configure a trunk and create your L2 VLANs.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Yeah makes sense now that I don't need to create the VLANs through the SG since I made them through Meraki.

 

So if I understand everything correctly. VLAN 3 is created on Meraki and since the single cable from Meraki to the SG is setup with the native VLAN and allows access to the other VLANs I just need to change Port 5, on the SG, to trunk mode And then I set a static IP on my device that's hardlined to Port 5?

 

Screen Shot 2021-06-05 at 7.20.23 AM.png

KarstenI
Kind of a big deal
Kind of a big deal

Is it your PC on port 5? Then it should be Access in your User-VLAN (probably 3).

The Link between MX and SG is trunk on both sides with the same native VLAN and the same allows VLANs. And if you enable the DHCP-server on the MX, your client should get a DHCP-address from the MX.

Port 5 is connected to the patch panel which runs to my office. I have two RJ45 ports in my office. I want Port 5 to be VLAN3 so I can run my "home lab" equipment and have it separate from our default VLAN.

KarstenI
Kind of a big deal
Kind of a big deal

Ok, if all devices behind port5 should be in VLAN3, then configure the port as Access with VLAN 3.

Gotcha! So this is where I'm still puzzled. Since VLAN 3 is configured through MX and I have Port 5 setup as trunk, do I just assign static IPs to the devices connected via Port 5 since Meraki acts as my DHCP? Or are there settings I need to do in SG?

 

 

KarstenI
Kind of a big deal
Kind of a big deal

If VLAN 3 is configured on the Link to the MX and is also the VLAN configured on Port 5, you can transparently communicate from the Port5-systems to the MX. You could assign your IPs statically, but you could also use the DHCP on the MX. If you want to configure your Lab-devices statically, then configure a range of reserved addresses on the MX DHCP-server to avoid any conflicts.

Gotcha! I just configured everything via VPN will be in the office later today to test it out. Thanks for your help!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels