Difference between management port and uplink port

SOLVED
Silas1066
Getting noticed

Difference between management port and uplink port

I am still confused about the difference between the management port on a Meraki switch (MS350) and the "uplink" port.

 

Which interface connects to the Internet/cloud/dashboard? I thought it was the uplink, but then I read on the Meraki site

 

"Note: Keep in mind that the management interface (whose IP can be found on the switch's details page) and this uplink interface are separate. Both interfaces can exist on the same VLAN/subnet, but the management interface must have a different IP configuration that allows it to communicate with the Internet"

 

Is the management interface a layer-3 routed interface, aka, not a vlan interface? For instance, an interface that you would find on a router? 

 

My situation is this:

 

I have three Meraki switches that I ultimately want to stack. I want to create a network management network that is used for connecting to the cloud/dashboard, and switch management. let's call this VLAN11 192.168.11.0 /24. I want to statically assign the addresses on the switches. 

 

I have an upstream AT&T router with one interface on it that is in a different subnet: VLAN1 172.16.1.0 /24

 

so can I do this? (through the management port initially)

 

1. Create two layer 3 interfaces on switch one for vlan11 192.168.11.2 and vlan1 172.16.1.3

2. Specify the VLAN11 interface as the uplink

3. Set the default route to 172.16.1.1 (the AT&T router)

4. Connect the other two switches via Ethernet copper to the first switch on VLAN11, and create layer-3 VLAN11 interfaces to be used for uplinks.

 

after all three switches are registered with the cloud and the firmware is upgrade, I then power them down, stack them, and disconnect the Ethernet copper interfaces to switch one. I then go into dashboard and configure the stack.

 

Does this sound correct?

 

 

 

 

1 ACCEPTED SOLUTION
Asavoy
Building a reputation

Does the MS350 have a dedicated management port?  From what I see of the specifications, it doesn't.... not like a MS410 has.

 

But anyhow, like I've said in my post about my MS320s, Meraki has got to fix their terminology in this regard.  They use the terms Management, LAN IP, and Uplink interchangebly, and if you're not familiar with Meraki equipment you can get very confused.

 

It's also confusing that you can set Management VLAN in the Configure>Switches section, but then bypass that by specifying a different VLAN ID in the LAN IP, AKA, 'Uplink configuration', AKA, 'Uplink Internet Connection'.

 

The actual Uplink Interface is located in the Configure>Routing and DHCP section.  That's where you specify the Uplink Interface, it's gateway, and VLAN.  That CAN absolutely be in the same address range as your Management VLAN.

 

For instance, my MS320s are configured like this- Uplink Interface= subnet xxx.xxx.xxx.136/29, IP of xxx.xxx.xxx.138, a VLAN ID, and then the gateway/next hop is xxx.xxx.xxx.137.  After that, I set my Management/Lan IP as xxx.xxx.xxx.139, same VLAN ID, and xxx.xxx.xxx.137 as the gateway.  My situation is a little different, because I don't have a direct route to the internet, or even the final hop router just downstream of the internet gateway.

 

In your case, if you're connecting directly to the AT&T and you're capable of administering it, adding VLANs to it, etc... then you should have an easy task of creating a VLAN11 on your desired subnet.  Even if you have a L3 in between, it would be the same.  The first interface you create in the Meraki dashboard should be the VLAN1 information, because it will automatically creat the route for you.  Then, create a second interface with your VLAN11 information as that is going to be your way to the cloud.  Here's where it gets tricky.... you CAN use the same IP of the VLAN11 interface as your management/LAN IP/Uplink configuration, but it would probably be better to use a 3rd IP for it in case they change it down the road (as it seems to be unintended to work with just 2 IPs).  Connect your uplink and you should go green and pull down all the dashboard configs.

 

Confused?  You'll get used to it!

View solution in original post

11 REPLIES 11
PhilipDAth
Kind of a big deal
Kind of a big deal

The physical management port is only used when you plug your notebook into it to give it an initial configuration.  Other than that it should not be plugged into anything.

 

While plugged in and connected to the local status page you configure the management IP - which has nothing to do with the management interface.  This IP address is used to talk to the cloud via one of the ports on the front of the switch.  If you don't configure anything the switch will get an IP address via DHCP from the native VLAN.

 

I would not personally use the VLAN plan you have given.  You don't talk to the management IP addresses with you might with a Cisco Enterprise switch (when doing telnet/ssh/https).  The IP is used mainly as a "client" talking to the Meraki cloud.

 

Your stacking plan sounds fine.

As @PhilipDAth mentioned the management port is for the initial setup of a device and is there as a fail safe in case you do something silly and cannot access your device using its normal ports.

 

 

Asavoy
Building a reputation

Does the MS350 have a dedicated management port?  From what I see of the specifications, it doesn't.... not like a MS410 has.

 

But anyhow, like I've said in my post about my MS320s, Meraki has got to fix their terminology in this regard.  They use the terms Management, LAN IP, and Uplink interchangebly, and if you're not familiar with Meraki equipment you can get very confused.

 

It's also confusing that you can set Management VLAN in the Configure>Switches section, but then bypass that by specifying a different VLAN ID in the LAN IP, AKA, 'Uplink configuration', AKA, 'Uplink Internet Connection'.

 

The actual Uplink Interface is located in the Configure>Routing and DHCP section.  That's where you specify the Uplink Interface, it's gateway, and VLAN.  That CAN absolutely be in the same address range as your Management VLAN.

 

For instance, my MS320s are configured like this- Uplink Interface= subnet xxx.xxx.xxx.136/29, IP of xxx.xxx.xxx.138, a VLAN ID, and then the gateway/next hop is xxx.xxx.xxx.137.  After that, I set my Management/Lan IP as xxx.xxx.xxx.139, same VLAN ID, and xxx.xxx.xxx.137 as the gateway.  My situation is a little different, because I don't have a direct route to the internet, or even the final hop router just downstream of the internet gateway.

 

In your case, if you're connecting directly to the AT&T and you're capable of administering it, adding VLANs to it, etc... then you should have an easy task of creating a VLAN11 on your desired subnet.  Even if you have a L3 in between, it would be the same.  The first interface you create in the Meraki dashboard should be the VLAN1 information, because it will automatically creat the route for you.  Then, create a second interface with your VLAN11 information as that is going to be your way to the cloud.  Here's where it gets tricky.... you CAN use the same IP of the VLAN11 interface as your management/LAN IP/Uplink configuration, but it would probably be better to use a 3rd IP for it in case they change it down the road (as it seems to be unintended to work with just 2 IPs).  Connect your uplink and you should go green and pull down all the dashboard configs.

 

Confused?  You'll get used to it!

MRCUR
Kind of a big deal


@Asavoy wrote:

Does the MS350 have a dedicated management port?  From what I see of the specifications, it doesn't.... not like a MS410 has.

 

Yes, the MS350 has a dedicated management port. It's important to keep in mind that MS devices with a dedicated management port cannot use this port for Dashboard connectivity. The port is ONLY used for access to the local UI when the switch doesn't have an Internet connection. You cannot set an IP on this physical interface. 

 

But anyhow, like I've said in my post about my MS320s, Meraki has got to fix their terminology in this regard.  They use the terms Management, LAN IP, and Uplink interchangebly, and if you're not familiar with Meraki equipment you can get very confused.

 

The management port is the physical port on the switch (if it's equipped with one). The LAN IP and Uplink are references to Dashboard uplink. The LAN IP you set for the switch is what's going to be used for Dashboard connectivity. By default all MS devices will try DHCP to get Dashboard connectivity. The management VLAN setting at the network level (more below) is also describing the VLAN the MS device will use to get Internet/Dashboard connectivity. 

 

It's also confusing that you can set Management VLAN in the Configure>Switches section, but then bypass that by specifying a different VLAN ID in the LAN IP, AKA, 'Uplink configuration', AKA, 'Uplink Internet Connection'.

 

The management VLAN is a network level default. You can override this setting on an individual switch basis if you need it to be different on a specific switch. If all the switches in a Dashboard network are meant to use the same management VLAN for Dashboard connectivity, then you should change the Management VLAN option and not set this on each individual switch. 

 

The actual Uplink Interface is located in the Configure>Routing and DHCP section.  That's where you specify the Uplink Interface, it's gateway, and VLAN.  That CAN absolutely be in the same address range as your Management VLAN.

 

These are layer 3 interfaces. I'm not sure that "uplink" is mentioned anywhere on these pages. You don't need to create a L3 interface for an MS device to get Internet connectivity/Dashboard connectivity. You only need to create L3 interfaces if you want the MS device to do routing. 

 

Also it's important to note that it is NOT currently supported for an MS device to use a L3 configured interface as its own management (Dashboard uplink) interface. It sometimes works, but it's not supported. 

 


 

MRCUR | CMNO #12
Asavoy
Building a reputation

@MRCUR. Hmm, Meraki specifications for that model don't show a dedicated mgmt port.  I can't find pics of the rear, either.

 

And 'uplink' might not be mentioned, except when you look at ports to see the arrow that denotes Uplink.  I've always called anything that leads from a switch to whatever gives it access to the outside world as uplink- and I think most techs think that way.  Access to the cloud and access to routing tables and OSPF and all those fun things is not the same thing, even though it can be.

MRCUR
Kind of a big deal

@Asavoy You can see the dedicated management port here: https://documentation.meraki.com/MS/Installation_Guides/MS350_Series_Installation_Guide

 

The up arrow in Dashboard on a port indicates it's the port that is being used for Dashboard traffic. I agree with you it's reasonable to call this the uplink, my previous point was that Meraki does not ask you to configure an "uplink" interface anywhere in the UI. 

MRCUR | CMNO #12
Asavoy
Building a reputation

It certainly does say 'Uplink' in the local UI (using 1.1.1.100 on MS or switch.meraki.com).
MRCUR
Kind of a big deal

@Asavoy Good point. Didn't remember that one. Clearly there's some need for naming convention standards on the MS team (I'm guessing it's called uplink on all the local UI's across product lines actually). 

MRCUR | CMNO #12

This is an older thread and my question is a bit off-topic, but I don't think it's worth opening a new thread for my question:

In case of inital configuring a new meraki MS within your network, is it recommended to set up the management IP configuration by locally plugging in your device to the management port or is it simply possible to set up the (emergency) management IP by the meraki dashboard itself for the device?

 

Do you guys initial set up the configuration at all or just leave it blank and use it with the default meraki IP settings in case of an emergency network issue?


Thank you,

Chriz

MRCUR
Kind of a big deal

@Chriz_J I'm not sure what you mean by "emergency" management IP. If you set an IP through Dashboard or the local UI for a switch, that is the IP the switch will use for its Dashboard (Internet) connection. There isn't a concept of a "backup" or "emergency" IP on Meraki devices (they will automatically revert to a previous IP however if you incorrectly configure the management IP). 

MRCUR | CMNO #12

Ok, got it. Thanks for the reply MRCUR.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels