Meraki

Community

MS390 switch ACL rules with VLAN

chiatt
Here to help
‎Nov 3 2023 10:03 AM
‎Nov 3 2023 10:03 AM

MS390 switch ACL rules with VLAN

I was about to plan an install for a customer and came across this gem. This customer has probably 950+ individual rules (which is a different issue to deal with) and this creates a hurdle. Has this been noted anywhere as a fix in future firmware releases?

 

MS390Sucks.png

0 Kudos
9 Replies 9
Brash
Kind of a big deal
Kind of a big deal
‎Nov 3 2023 2:36 PM
‎Nov 3 2023 2:36 PM

It is noted in the configuration guide.

 

Note: The VLAN qualifier is not supported on the MS390. For the MS390, ACL rules with non-empty VLAN fields will be ignored.

 

https://documentation.meraki.com/MS/Layer_3_Switching/Configuring_ACLs#Add_a_Rule

 

MS390's have the most defects/limitations of the switch product family due to its design. I'm not sure if named VLAN's will ever be implemented on MS390

In response to Brash
chiatt
Here to help
‎Nov 3 2023 2:54 PM
‎Nov 3 2023 2:54 PM

Yes I'm hating these MS390s more and more. This is another blind install. The client probably never saw that info or thought they had a reason to look for it. The spec sheets and comparison matrix details that purchasers land on lack these gotchas.

 

I'm just hoping there is a planned fix for this so I can give some long term guidance to the client.

0 Kudos
In response to chiatt
alemabrahao
Kind of a big deal
‎Nov 3 2023 3:36 PM
‎Nov 3 2023 3:36 PM

I personally still prefer the Catalyst line for switches.

 

I love Meraki's proposal, but there are still many things to be improved.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to chiatt
Brash
Kind of a big deal
Kind of a big deal
‎Nov 3 2023 3:47 PM
‎Nov 3 2023 3:47 PM

If I remember correctly, the MS390 was a rebadged catalyst. It seems the integration never quite got there. It's definitely better than it was but still has issues and limitations.

I wouldn't hold breath for fixes on this.

0 Kudos
In response to Brash
cmr
Kind of a big deal
Kind of a big deal
‎Nov 3 2023 3:55 PM
‎Nov 3 2023 3:55 PM

These days isn't a 9300 with Meraki exactly an MS390 and if not, why not as the hardware is, as far as I know, exactly the same...?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
Brash
Kind of a big deal
Kind of a big deal
‎Nov 3 2023 4:00 PM
‎Nov 3 2023 4:00 PM

In theory yep, I think the MS390 is a cat9300.

But I do wonder whether the way the software stack sits on top is different to how Meraki managed Catalysts operate.

In response to Brash
chiatt
Here to help
‎Nov 3 2023 4:03 PM
‎Nov 3 2023 4:03 PM

If they want to take a Catalyst and skin it, I wish they would at least offer CLI access via the dashboard like some of the other vendors. I could make the config changes needed that the dashboard side isn't capable of handling yet.

0 Kudos
In response to chiatt
cmr
Kind of a big deal
Kind of a big deal
‎Nov 3 2023 4:15 PM
‎Nov 3 2023 4:15 PM

@chiatt that isn't the Meraki way, the whole point of Meraki is to be simple and not need to know lots of technical commands.  You can however do that with Meraki monitoring on a 9300 and that works pretty well 😎

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Brash
cmr
Kind of a big deal
Kind of a big deal
‎Nov 3 2023 4:13 PM
‎Nov 3 2023 4:13 PM

I fear you might be right, managing two software stacks on the same hardware must be... interesting...

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.