Meraki

Community

Management VLAN

Solved
Slobs2
Getting noticed
‎May 10 2018 3:48 PM
‎May 10 2018 3:48 PM

Management VLAN

New admin to meraki so just trying to figure something out. I will be getting two 425s for my core, stacked together. What I am trying to grasp is the management network. I know each switch in the stack will need an IP for manament but how will this work at the core?  If my management subnet is 10.95.0.0/24 and VLAN is 95 does that mean that setting the management VLAN to 95 and setting one of the switches as the 10.95.0.1 gateway mean it will route? Would the stack layer 3 interface need to be the .1 address and the other switches be .2 and .3? Or does the management network need to be part of the inside firewall network?

Labels:
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 10 2018 8:53 PM
‎May 10 2018 8:53 PM

The first thing to note for the core switches (which will shape a lot of the rest of the answer) is the management IP (which is primary only used by the switch to talk to the cloud) must be in the subnet to the uplink to the Internet.  The management network can not use the switch as the default gateway.  The management network does not use the routing table in the switch.

 

The default gateway of the management interface must point to the IP address of your firewall/router providing Internet access.

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 10 2018 8:53 PM
‎May 10 2018 8:53 PM

The first thing to note for the core switches (which will shape a lot of the rest of the answer) is the management IP (which is primary only used by the switch to talk to the cloud) must be in the subnet to the uplink to the Internet.  The management network can not use the switch as the default gateway.  The management network does not use the routing table in the switch.

 

The default gateway of the management interface must point to the IP address of your firewall/router providing Internet access.

MRCUR
Kind of a big deal
‎May 11 2018 7:33 AM
‎May 11 2018 7:33 AM

This is definitely an oddity of Meraki MS devices currently. As @PhilipDAth points out, you cannot use a L3 interface you've created on the stack as the stack's Dashboard uplink (management). While some people have reported this works, it is NOT supported so you're better off using the link between the stack and your firewall as the management interface. 

MRCUR | CMNO #12
In response to MRCUR
AlexL
Comes here often
‎Jun 5 2022 1:16 PM
‎Jun 5 2022 1:16 PM

Sorry to resurrect an old thread, but what are you saying is to create an L3 mgmt interface on say an MX and trunk that vlan down to the core switch? Would I also need to enable DHCP for the L3 mgmt interface on the mx?

 

Thanks

0 Kudos
In response to AlexL
Dunky
Head in the Cloud
‎Jun 10 2022 4:50 AM
‎Jun 10 2022 4:50 AM

Yes, create the VLAN on the MX, and then include that in Allowed VLANs on the uplink port to the MX on your MS.

You only need to enable DHCP if anything in your Mgmnt VLAN is configured for DHCP. Personally, I assign all Meraki devices static IP's in the mgmnt VLAN.

The only other reason you would enable DHCP was if you wanted to use the MX as the DNS server in that VLAN or any reason, in which case you just configure the DNS nameservers to "Proxy to upstream DNS" and reserve the entire IP range covered by the subnet.  Again, I don't use the MX for DNS on the management VLAN, I configure the devices to use Google (8.8.8.8) and OpenDNS (208.67.222.222).

 

Hope that helps.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.