Meraki

Community

Cisco ASA 5508 in combination with a Meraki 225

Solved
MichaelvanBal
Comes here often
‎Apr 14 2018 1:24 PM
‎Apr 14 2018 1:24 PM

Cisco ASA 5508 in combination with a Meraki 225

Hi Guys,

 

I need some help im configuring a Cisco ASA in combination with Meraki Switch

 

On the ASA i have configured some vlan interfaces for example vlan 4 (no dhcp)

 

now i connect the interface vlan 4 to the switch port 1 in trunk mode native vlan 1 and allowed vlan 4.

the switch is in static mode on the subnet of vlan 4 but i got no connection to the switch (switch down)

 

what im i doing wrong?

0 Kudos
1 Accepted Solution
In response to PhilipDAth
Adam
Kind of a big deal
‎Apr 16 2018 7:32 AM
‎Apr 16 2018 7:32 AM

This mostly spells it out.  

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Recommended_Configuration_for_Trunk_...

 

Just make sure the physical interface you are configuring at the trunk is the actual interface connected to your switch trunk and not a sub interface. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

View solution in original post

9 Replies 9
MRCUR
Kind of a big deal
‎Apr 14 2018 1:47 PM
‎Apr 14 2018 1:47 PM

Is the interface on the ASA configured as a trunk port? It sounds like you may have it as an access port on the ASA side but trunk on the MS side. 

 

In general, MS switches want to tag their management traffic. 

MRCUR | CMNO #12
0 Kudos
In response to MRCUR
MichaelvanBal
Comes here often
‎Apr 14 2018 1:56 PM
‎Apr 14 2018 1:56 PM

Hi MRCUR thanks for your reply

 

below asa interface (i have vlan 4 this is another vlan as example) and the meraki switch port
asa int.JPGmeraki.JPG

 

0 Kudos
In response to MichaelvanBal
ww
Kind of a big deal
Kind of a big deal
‎Apr 14 2018 2:28 PM
‎Apr 14 2018 2:28 PM

so you setup the meraki switch on the local status page with gw to the asa?  can you ping the meraki management ip from the asa? 

0 Kudos
In response to ww
MichaelvanBal
Comes here often
‎Apr 14 2018 2:35 PM
‎Apr 14 2018 2:35 PM

I have enter in the LAN IP

 

the ip address XXX.XXX.4.XXX

vlan to 4

subnet 255.255.255.0

Gateway XXX.XXX.4.1 (ip address of the interface of the asa with vlan 4 setup)

DNS XXX.XXX.4.XXX

 

0 Kudos
In response to MichaelvanBal
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 14 2018 2:47 PM
‎Apr 14 2018 2:47 PM

In the ASA screenshot the VLAN ID is 46 - not 4.
0 Kudos
In response to PhilipDAth
MichaelvanBal
Comes here often
‎Apr 14 2018 2:49 PM
‎Apr 14 2018 2:49 PM

Correct is an example of an other asa

0 Kudos
In response to MichaelvanBal
MichaelvanBal
Comes here often
‎Apr 14 2018 2:52 PM
‎Apr 14 2018 2:52 PM

Does anyone has an example of connecting asa to merak with asa has the vlan interfaces?

0 Kudos
In response to MichaelvanBal
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 14 2018 3:02 PM
‎Apr 14 2018 3:02 PM

Do you have a notebook or desktop with a NIC that supports VLAN tags?  If so, I would plug a notebook directly into the ASA with a VLAN tag of 4 and machine sure you can access the Internet.  This will verify the NAT and access-rules on the ASA allow that VLAN to get to the Internet.

 

I believe your tagging and trunking configuration are correct. I am more suspicious that the ASA is now allowing the traffic out.

 

 

On the MS does the local status page give any reason?  For example, does it say it has a DNS problem, or a default gateway problem, etc?

0 Kudos
In response to PhilipDAth
Adam
Kind of a big deal
‎Apr 16 2018 7:32 AM
‎Apr 16 2018 7:32 AM

This mostly spells it out.  

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Recommended_Configuration_for_Trunk_...

 

Just make sure the physical interface you are configuring at the trunk is the actual interface connected to your switch trunk and not a sub interface. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.