Confusion on Native VLAN, Uplink VLAN and MAnagement VLAN - Initial setup of MS 350

DBesa
Here to help

Confusion on Native VLAN, Uplink VLAN and MAnagement VLAN - Initial setup of MS 350

Hi Guys,

 

I am setting up a new Core Switch for our branch site. It's a MS-350. I have finished connecting the switch to DHCP, updated the firmware and stacked it. I am just confused about the Native VLAN, Management VLAN and Uplink VLAN. I have a Sophos XG as a firewall, we wanted to go for the MX but it doesn't support SSL VPN. Anyway, I created a Uplink VLAN 201, this VLAN interface will be used to connect to the Sophos Firewall.  So the default route should be going to this VLAN interface. I also want to change the native vlan from 1 to 500. I have also created a Management VLAN 202. My question / confusion is, do I need these core switches IP Address to be on the Uplink VLAN or Management? Because when I set the Core Switch IPs to Management VLAN, connectvity to the internet and dashboard drops. But when I set the IPs  to ones that belong to the Uplink VLAN, connectivity goes up. I just want to know what the best practice is for Meraki. For Cisco IOS, we typically just change the Native VLAN, enable l3 routing. Configure one interface as an uplink, then just point the default route to the interface that goes to the FW and it's all good. I tried to call support but I was on hold for 30 mins. I will try to call them back again tomorrow.

 

Thanks!

 

Desmond

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

That is quite a big question.

 

Enable layer 3 routing on your MS350.  Create a VLAN201 on the MS350.  Put an IP address on it in the same subnet as your firewall.  Put a port into access mode, assign it to VLAN201, and plug your firewall into it.  Add a static default route to your firewall IP address.

 

Your firewall will also need routes for all subnets no the MS350 via the VLAN201 IP address on the MS350.

 

All ports that will machine machines attached should be put into access mode.

 

You can change the native VLAN on any port that is going to be a trunk port.  From the sound of your configuration, there wont be any need for trunk ports.

 

Each VLAN should have an IP address on it.

 

 

You might find it much easier to just have a single VLAN and put everything on it.

PhilipDAth
Kind of a big deal
Kind of a big deal

I found this great article that matches what you are describing reasonably well.

https://documentation.meraki.com/MS/Layer_3_Switching/Layer_3_Switch_Example?utm_source=community&ut...

DBesa
Here to help

Thanks, Phil. I was able to talk to support and they cleared out everything for me. Every Meraki device has to be on the Uplink VLAN. I also asked about the best practices. Again, thanks for the help.

 

D

Nagaskdn
New here

Should i configure host IP on same network for all network, or i have to choose different network for each vlan.

 

Here, all vlans are in same network in example given in this link.

 

https://www.chennaicisco.com/2020/02/vlan-in-different-switches-and-trunk.html

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels