Issues with VLAN UniFi US-8->Cisco SG300->Meraki MX64

SOLVED
NickKova
Getting noticed

Issues with VLAN UniFi US-8->Cisco SG300->Meraki MX64

Hello,

 

I am hoping someone with enough time and patience will be able to help me with this problem I am having.

My topology is as follows:

Have UniFi AP connected to UniFi switch -> also from that switch (US-8-150W) I have connection to Cisco SG300 switch, -> and from that switch connection goes to Meraki MX64 firtewall appliance.

Now on UniFi controller, I have configured VLAN 55 Guest network with VLAN ID 55 (192.168.55.0/24), and assigne this network to WiFi Guest Public network. All ports on all UniFi devices are set to "ALL" profile, passing packets for all VLANS (I have default VLAN 192.168.1.0/24). On SG300 I have 2 VLANs created VLAN 1 and VLAN 55. All ports on Cisco switch are set as "trunk", untagged for default VLAN and tagged for VLAN55. On Meraki I have 2 VLANS set, 1 and 55, and all ports set to "ALL" profile. I have DHCP enabled for VLAN 55 on Meraki, and problem is when user connects to public guest WiFi, connected device resolves to APIPA IP, not getting IP from DHCP. Cisco SG300 is in Layer2 mode. Additional screenshots attached, so I hope someone can help. Thank you!cisco 2.pngcisco 3.pngcisco 4.pngcisco 5.pngcisco1.pngmeraki 1.pngmeraki 2.pngunf1.pngunf2.png

1 ACCEPTED SOLUTION
NickKova
Getting noticed

Guys, sorry for a bit late reply. I eventually resolved the issue once I got onsite. Problem was that I was misinformed and there were 2 Unifi US-48 switches onsite, and I saw only one adopted in UnifiController. Meraki appliance was directly connected to that non-provisioned Unifi switch. Once readopted and reprovisioned, all started working again. You have been very helpful as always, take care guys. 

View solution in original post

8 REPLIES 8
alemabrahao
Kind of a big deal
Kind of a big deal

Can you share a simple topology? It will help us understand better.  I suggest starting reviewing the configuration of your switch Unifi, specifically the ports that you connect with SG300 switch and access point.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

By the way, have you tried connecting a notebook to a port configured in access mode on VLAN 55? If it worked plugging a notebook into the access port It's probably a setting on your controller.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
NickKova
Getting noticed

Thank you very much for your response. Topology consist of multiple APs connected to Unifi switch, and that Unifi switch is connected to SG300, and SG300 switch to Meraki MX 64 firewall appliance. I did not try connecting laptop directly to SG300, will try that, but to note all ports on SG300 are "trunk" ports not "access" ports. Also I would like to note that for default VLAN 192.168.1.0/24 I have disabled DHCP on Meraki, as I am using DC with DHCP role for this, and devices are getting proper IP from DHCP pool, from that DC server. It is just that somehow WiFI clients connected to AP's to Public WiFi are not getting DHCP IPs from Meraki for VLAN 55 (192.168.55.0/24).

I know, but are you able to change one port for access just for a test?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
NickKova
Getting noticed

Ok I can do that, will let you know. Have to go onsite to test with laptop. Thank you very much.

cmr
Kind of a big deal
Kind of a big deal

Or on the test laptop set the VLAN to 55 in the network card properties.  That would better test that the tagged VLAN 55 is getting across the SG300 to the MX64.  Something else to check is the spanning tree type on the switches.  Both should be the same (i.e. PVST or MST).

NickKova
Getting noticed

Thank you very much for all your advices. I am supposed to go on site in few days and will test. I really appreciate your help guys! 

NickKova
Getting noticed

Guys, sorry for a bit late reply. I eventually resolved the issue once I got onsite. Problem was that I was misinformed and there were 2 Unifi US-48 switches onsite, and I saw only one adopted in UnifiController. Meraki appliance was directly connected to that non-provisioned Unifi switch. Once readopted and reprovisioned, all started working again. You have been very helpful as always, take care guys. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels