Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to change the Allowed VLANs on a Uplink Trunk between switches?

Solved
Slagohu
Conversationalist
2 weeks ago
2 weeks ago

How to change the Allowed VLANs on a Uplink Trunk between switches?

Hi,

I want to limit the number of allowed VLANs on a trunk between two of my MS-125-1 and MS-125-2 Meraki switches.

Today the configuration on the trunk port between the switches is:

Management VLAN: 153

Native VLAN: 153

Allowed VLANs: All

 

The management internet is connected to MS-125-1, and the trunk I want to modify is the uplink trunk for management between MS-125-2 and MS-125-1.

I would only allow VLAN 20, 30 and 40 to pass the trunk between the switches.

  • So, If I want to change the Allowed VLANs to 20, 30, and 40, should I also include the native VLAN and management VLAN 153 in the Allowed VLANs list?
  • Is there any risk of losing the management connection to MS-125-2 when restricting the Allowed VLANs on the uplink trunk? ( If yes, is there a specific order to make this change so we do not lose the connection to MS-125-2 when changing the Allowed VLANs?)

 

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to Slagohu
alemabrahao
Kind of a big deal
Kind of a big deal
Monday
Monday

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Behavior_during_Conne...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

Subscribe
6 Replies 6
cmr
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

I would include 153, though I must admit to not having tried not including the native VLAN before...  If it is not included and is required, the switch will lose connection, but then attempt to get out via the other three VLANs.  If any offer DHCP and allow Meraki cloud access then it will fix itself and change to a warning state.  You can then fix it!

Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Yes, you must include the management VLAN. There is always a risk, but Meraki is intelligent enough to reverse the settings in case of a possible loss of communication.

My suggestion is to do this in a maintenance window.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Slagohu
Conversationalist
Monday
Monday

"......... Meraki is intelligent enough to reverse the settings in case of a possible loss of communication" @alemabrahao do you know if this feature described some where ?

0 Kudos
Subscribe
In response to Slagohu
alemabrahao
Kind of a big deal
Kind of a big deal
Monday
Monday

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Behavior_during_Conne...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

You need to allow the untagged VLAN (native 153 in this case) or many things will break (like spanning tree).

Subscribe
Slagohu
Conversationalist
Monday
Monday

It seems that all agree the VLAN 153, has to be included so that is answer to one of my questions.  But what happens after that is more unclear. I will plan for a service window and try to add the Allow VLANS on the downside of the management up-link side  first, and then on the management up-link side to see what happens. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.