Meraki

Community

L3 9300-M not wanting to have static MGMT IP

MrMarco
Comes here often
‎Aug 21 2024 2:50 AM
‎Aug 21 2024 2:50 AM

L3 9300-M not wanting to have static MGMT IP

Hi.

 

I have an issue that one of my 9300-M does not want to have a statically assigned IP address in my management VLAN. This unit is the Primary in a warm spare and has L3 interfaces configured with also the management VLAN gateway (VLAN140).

 

It is a test setup.

 

I have a firewall interface in VLAN100 where both my 9300-M are connected to.

 

The 9300-M has an interface in that VLAN with a default route pointing to the firewall for all networks.

 

The secondary 9300-M accepts the Management VLAN IP address, but the primary 9300-M refuses to get it statically assigned IP and stays on DHCP in VLAN100.

 

Anyone got any pointers on to why the device refuses to get an IP address in VLAN140? Is it because the switch itself is the gateway for that management network?

Labels:
0 Kudos
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 21 2024 3:03 AM
‎Aug 21 2024 3:03 AM

If it is not able to use the statically assigned IP address to talk to the Meraki cloud it will try reverting to DHCP.

 

Watch your firewall as you assign it the static IP address and see if anything is blocked.

0 Kudos
MrMarco
Comes here often
‎Aug 21 2024 4:09 AM
‎Aug 21 2024 4:09 AM

I checked the firewalls, no blockades there.

 

Maybe because I try to assign the switch an IP address as management IP where the switch itself is the gateway for?

 

When I go to to Tools page and use the Management Gateway IP for the ping to dashboard.meraki.com I can reach it.

 

The second switch is connected to this primary switch, using it as a gateway on the Mnagement VLAN and connecting to Meraki Dashboard withouth issues.

0 Kudos
In response to MrMarco
cmr
Kind of a big deal
Kind of a big deal
‎Aug 21 2024 1:31 PM
‎Aug 21 2024 1:31 PM

As @CoreyDavoll1 said, this is the problem.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
CoreyDavoll1
Getting noticed
‎Aug 21 2024 6:53 AM
‎Aug 21 2024 6:53 AM

It's a caveat that the management IP needs to be independent of its own layer 3 routing.

 

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Layer_3_Switching_and_Routing

 

Layer 3 Interface (SVI) Caveats

Switch Management IP and Layer 3 Interfaces (SVIs)

The management IP is treated entirely different from the SVIs and must be a different IP address. It can be placed on a routed or non-routed VLAN (e.g.: a management VLAN independent from client traffic). Traffic from the management IP address to the Cisco Meraki Cloud Controller will not use the layer 3 routing settings; instead, it will be using its configured default gateway. Therefore, it is important that the IP address, VLAN, and default gateway configured in your switch management IP can still provide connectivity to the internet independently from the switche's own L3 routing settings.

The Switch (or Stack) management IP configuration cannot have Gateway address defined as one of its own SVI address when it is performing Layer 3 routing. It will not be able to check in using the assigned management IP when the gateway is pointed to itself. For example, if 192.168.1.1 is one of the L3 interfaces (SVI) on a switch (or stack), you cannot have 192.168.1.1 as the gateway for its management IP (Switching > Switches > LAN IP).

For switch stacks performing L3 routing, ensure that the management IP subnet does not overlap with the subnet of any of it's own configured L3 interfaces. Overlapping subnets on the management IP and L3 interfaces can result in packet loss when pinging or polling (via SNMP) the management IP of stack members.

Note: The overlapping subnet limitation does not apply to the MS390 series switches.

GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 21 2024 11:46 PM
‎Aug 21 2024 11:46 PM

As @CoreyDavoll1 already mentioned.  In Meraki you cannot use a management IP on a switch that uses it's own routing table to reach the cloud.

You have to see that management IP as being on another VRF.

 

So basically you have two choices.

You can widen your uplink VLAN subnet to the upstream router/firewall to accomodate the extra IP's needed for MGMT.  For example: your L3 switch uses 10.0.0.0/29 as uplink subnet pointing to 10.0.0.1 for it's 0.0.0.0/0 route. and using 10.0.0.2 as routing IP but using 10.0.0.3, or 4 or 5 as MGMT IP.

The other option is to have a separate VLAN subnet between your uplink device and your switch to get your MGMT IP's on.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.