MS390 switch ACL rules with VLAN

chiatt
Here to help

MS390 switch ACL rules with VLAN

I was about to plan an install for a customer and came across this gem. This customer has probably 950+ individual rules (which is a different issue to deal with) and this creates a hurdle. Has this been noted anywhere as a fix in future firmware releases?

 

MS390Sucks.png

9 Replies 9
Brash
Kind of a big deal
Kind of a big deal

It is noted in the configuration guide.

 

Note: The VLAN qualifier is not supported on the MS390. For the MS390, ACL rules with non-empty VLAN fields will be ignored.

 

https://documentation.meraki.com/MS/Layer_3_Switching/Configuring_ACLs#Add_a_Rule

 

MS390's have the most defects/limitations of the switch product family due to its design. I'm not sure if named VLAN's will ever be implemented on MS390

chiatt
Here to help

Yes I'm hating these MS390s more and more. This is another blind install. The client probably never saw that info or thought they had a reason to look for it. The spec sheets and comparison matrix details that purchasers land on lack these gotchas.

 

I'm just hoping there is a planned fix for this so I can give some long term guidance to the client.

alemabrahao
Kind of a big deal
Kind of a big deal

I personally still prefer the Catalyst line for switches.

 

I love Meraki's proposal, but there are still many things to be improved.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Brash
Kind of a big deal
Kind of a big deal

If I remember correctly, the MS390 was a rebadged catalyst. It seems the integration never quite got there. It's definitely better than it was but still has issues and limitations.

I wouldn't hold breath for fixes on this.

cmr
Kind of a big deal
Kind of a big deal

These days isn't a 9300 with Meraki exactly an MS390 and if not, why not as the hardware is, as far as I know, exactly the same...?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Brash
Kind of a big deal
Kind of a big deal

In theory yep, I think the MS390 is a cat9300.

But I do wonder whether the way the software stack sits on top is different to how Meraki managed Catalysts operate.

chiatt
Here to help

If they want to take a Catalyst and skin it, I wish they would at least offer CLI access via the dashboard like some of the other vendors. I could make the config changes needed that the dashboard side isn't capable of handling yet.

cmr
Kind of a big deal
Kind of a big deal

@chiatt that isn't the Meraki way, the whole point of Meraki is to be simple and not need to know lots of technical commands.  You can however do that with Meraki monitoring on a 9300 and that works pretty well 😎

If my answer solves your problem please click Accept as Solution so others can benefit from it.
cmr
Kind of a big deal
Kind of a big deal

I fear you might be right, managing two software stacks on the same hardware must be... interesting...

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels