Hi all,
I am trying to setup a MS-3550 in one of our office.
There is a Cisco ISR router that acts as a DHCP server and a C2960 switch connected to it.
We have a VLAN for LAN traffic, a VLAN for Voice and a VLAN for Wi-Fi (MR33 AP connected to the C2960).
The router has ACLs to prevent Wi-Fi clients from accessing the LAN. Wi-Fi client gets an IP on the 192.168.0.0/24 network, our LAN segment is on 10.0.0.0/8
Here is the ACL on the router
access-list 150 remark WLAN pool to internet
access-list 150 deny ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 150 permit ip any any
I have received a MS-350 and connected it to the C2960, I have set the port on the C2960 as a trunk and I was able to access the MS-350. But we started encountering 2 issues:
As soon as I put the uplink between the Meraki and the C2960, all traffic from the Wi-Fi clients was able to access our internal network, which is normally blocked by ACLs on the router.
As soon as I shutdown the Meraki Switch, then traffic stops as intended (Wi-Fi clients can only browse Internet but not access our LAN segment).
I am bit puzzled by the behavior. I could only think that the uplink is putting all traffic on the Native VLAN 1 then nothing get filtered anymore by the ACLs, but the C2960 is the only switch that has an uplink to ISR router which is the default gateway for all clients
The second issue is that the switch keeps going offline, I have reset it to factory defaults but now it fails to connect to Meraki cloud and I get a feeling there might be an issue with STP s I can see the uplink port generating a lot of messages:
Sep 15 14:22:08 | | Port STP change | Port 1 designated→root |
Sep 15 14:22:06 | | Port STP change | Port 1 disabled→designated |
Sep 15 14:22:06 | | Port status change | port: 1, old: down, new: 1Gfdx |
Sep 15 14:22:02 | | Port STP change | Port 1 root→disabled |
Sep 15 14:22:02 | | Port status change | port: 1, old: 1Gfdx, new: down |
Sep 15 12:22:02 | | Port STP change | Port 1 designated→root |
Sep 15 12:22:02 | | Port STP change | Port 1 disabled→designated |
Sep 15 12:22:02 | | Port status change | port: 1, old: down, new: 1Gfdx |
Sep 15 12:21:56 | | Port STP change | Port 1 root→disabled |
Sep 15 12:21:56 | | Port status change | port: 1, old: 1Gfdx, new: down |
Any help is greatly appreciated, let me know if you need more info.