Meraki

Community

L3 Troubleshooting Assistance

Solved
pBrain
Here to help
2 weeks ago
2 weeks ago

L3 Troubleshooting Assistance

I am setting up L3 Routing on our core switches.

 

  • Created a transit VLAN on MX
  • MX has VLAN 1 Configured as well 10.1.0.0/24 
    • MX IP .1
  • Added SVI to L3 Switch in Transit VLAN 10.9.0.2 
    • GW .1 and set as Default Uplink
  • Added VLAN 222 10.2.0.0/24 
    • SVI .1 to Switch and set the switch as the GW
  • Added Static Route on MX to 10.2.0.0/24 

 

I am on VLAN 1 10.1.0.6 trying to ping 10.2.0.1 with no success. But I can ping 10.9.0.2 and the MX 10.9.0.1.

Am I missing something?

Labels:
0 Kudos
1 Accepted Solution
pBrain
Here to help
2 weeks ago
2 weeks ago

This has been resolved.  Oversight on my part.  The issue was that the VLAN's had to be allowed on the Uplink and Downlink connections of each of the switches.

 

Also, Catalyst switches do not allow for the "All" entry in the Allowed VLAN's, they have to be enumerated.

View solution in original post

0 Kudos
10 Replies 10
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

The device you are using for test, 10.1.0.6 - what is its default gateway (it should be 10.1.0.1)?  Does this device have a subnet mask of 255.255.255.0?

If I understand correctly, 10.1.0.0/24 only exists on the MX at L3, correct?

 

On the layer 3 switch - what is your default gateway (it should be the MX, 10.9.0.1)?

 

If the switch is a Catalyst switch, has routing been enabled with "ip routing"?

0 Kudos
In response to PhilipDAth
pBrain
Here to help
2 weeks ago
2 weeks ago

The device you are using for test, 10.1.0.6 - what is its default gateway (it should be 10.1.0.1)?  Does this device have a subnet mask of 255.255.255.0?

 

  YES to both.

 

If I understand correctly, 10.1.0.0/24 only exists on the MX at L3, correct?

 

  YES.

If the switch is a Catalyst switch, has routing been enabled with "ip routing"?

 

   It's a Catalyst Switch in "Meraki Mode", so fully managed on the Dashboard.  But if I try to run the command in the terminal via the dashboard, it doesn't like the command.

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Does the switch have a route to the VLAN 1 network, pointing the MX as the next hop?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
pBrain
Here to help
2 weeks ago
2 weeks ago

There is a default route to the Transit interface 0.0.0.0/0 next hop 10.9.0.1

0 Kudos
In response to pBrain
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

So everything is okay, just because the ICMP isn't responding doesn't mean the routing isn't working.

 

My suggestion is to put a host on each of the networks and test the communication between them.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
pBrain
Here to help
2 weeks ago
2 weeks ago

I think I know why it wouldn't ping.  The VLAN for 10.2.0.1 was not in the "Allowed VLAN's" field in the switch I was connected to.

But I thought that the default route would handle that.  As soon as I added the VLAN to the Allowed VLAN's field on the uplink port on the switch, it responded.  And since the switch is a Catalyst Switch, I can't use, "All", I have to enumerate ALL the VLAN's I want to allow.

0 Kudos
In response to pBrain
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

That will depend on your network configuration.

 

Since I don't know how you configured your network, I can't say for sure.

 

Any other comment would be just speculation.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
pBrain
Here to help
2 weeks ago
2 weeks ago

I had to manually add the VLAN to the "Allowed VLAN's" field in order to be able to ping it, since Catalyst switches do not allow the "All" entry.  But ...

 

  • Shouldn't the Default Route handle that? 
  • Why did I not have to do the same thing on the MS350 Switch?
0 Kudos
In response to pBrain
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

I don't know your network, but you probably have some firewall rule restricting that.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
pBrain
Here to help
2 weeks ago
2 weeks ago

This has been resolved.  Oversight on my part.  The issue was that the VLAN's had to be allowed on the Uplink and Downlink connections of each of the switches.

 

Also, Catalyst switches do not allow for the "All" entry in the Allowed VLAN's, they have to be enumerated.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.