Meraki

Community

Core Stack issue, maybe?

johnjutte
Here to help
‎Apr 7 2022 6:59 AM
‎Apr 7 2022 6:59 AM

Core Stack issue, maybe?

I have 2 MS425-16s stacked and setup as "core' switches. They handle layer 3 and handoff to a Sophos firewall. I tried to setup redundant uplinks from my MS125 switches to the core using LACP. However, it seems to break my network when Core 2 gets involved. I'm not great at breaking this down, so bare with me a little.

 

Here's a simple version of what I want:

johnjutte_0-1649337692979.png

 

Currently the blue uplinks are in place and everything works. The Cores are stacked, but I only have single server on Core 2 right now. There are 3 routed vLANs (interfaces on the MS with a static route) and a couple DHCP relays all working. We have a couple layer 2 vLANs that are working too. Then I setup LACP and  aggregated ports on stack (1 on each Core) and 2 ports on each building switch. A few minutes after adding the red uplinks to Core2 things stop working. DHCP relays aren't working as wifi vLAN can't hand out IPs anymore. I can ping wifi vLAN interface, but not known devices on it. When I pull the red uplinks things normalize again.  During this time, L2 vLANs seem unaffected.

 

No switches complain about LACP or showed any issues. Trunk ports all match, no ACLs to hinder flow, etc., but it's like Core 2 is unable to route the layer 3 that is setup on the stack. Core1 has our VM hosts and couple other servers hanging off it, so Core 2 load is lower. I feel like the LACP is updating traffic to pass through Core 2 but it's not doing L3. The server on Core 2 does not have issues ping devices on different vLANs right now (I didn't check during my issues).

 

When this was happening, my PC was plugged into Building 2 switch with a LACP to both cores. I was connected to vLAN20 and was able to see devices inside that vLAN, but I couldn't ping vLAN30. However, I code remote into a server connected to vLAN20 and it had no issue pinging vLAN30. I remove Core 2 LACP and then my laptop pings across vLAN30 normally again. 

 

I know this should work, but it keeps giving me fits and I feel a bit defeated/nervous to play around. 

Labels:
0 Kudos
4 Replies 4
DarrenOC
Kind of a big deal
Kind of a big deal
‎Apr 7 2022 9:51 AM
‎Apr 7 2022 9:51 AM

Hi @johnjutte , this is a standard design for us especially within schools.  We have MS425’s at the core (stacked) with dual uplinks to the edge.  Not had a single issue with this setup.

 

I suspect a faulty MS425 stack perhaps?  Within an outage window maybe break the stack and re-build ensuring your stack cables are secured.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
In response to DarrenOC
johnjutte
Here to help
‎Apr 12 2022 12:35 PM
‎Apr 12 2022 12:35 PM

I feel like it's a stack issue, but I need to test or would like to verify that before rebuilding the stack. I just haven't had the time to do it yet. Thanks!

0 Kudos
JonP
Getting noticed
‎Apr 12 2022 8:41 AM
‎Apr 12 2022 8:41 AM

We have a similar setup. An MS Core, with two legs going to each of our access layer. The core has LACP links across the switches so in the event that one switch fails, the other can keep chugging.

 

Can you describe your LACP setup switch by switch?

In response to JonP
johnjutte
Here to help
‎Apr 12 2022 12:34 PM
‎Apr 12 2022 12:34 PM

I tried to build it in the same fashion. 2 ports on building switches, 2 ports on the stack (1 on each switch in the stack). Aggregate groups were:


1. Building 1 Ports 49/50 
2. Building 2 Ports 49/50 

3. Building 3 Ports 49/50 
4. Stack 1 Port 7/Stack 2 Port 7 

5. Stack 1 Port 8/Stack 2 Port 8 
6. Stack 1 Port 9/Stack 2 Port 9 

Group 1 to Group 4
Group 2 to Group 5
Group 3 to Group 6

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.