cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Management VLAN

SOLVED
Go to solution
Slobs2
Getting noticed
‎05-10-2018 03:48 PM
‎05-10-2018 03:48 PM

Management VLAN

New admin to meraki so just trying to figure something out. I will be getting two 425s for my core, stacked together. What I am trying to grasp is the management network. I know each switch in the stack will need an IP for manament but how will this work at the core?  If my management subnet is 10.95.0.0/24 and VLAN is 95 does that mean that setting the management VLAN to 95 and setting one of the switches as the 10.95.0.1 gateway mean it will route? Would the stack layer 3 interface need to be the .1 address and the other switches be .2 and .3? Or does the management network need to be part of the inside firewall network?

Labels:
0 Kudos
Subscribe
1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal
‎05-10-2018 08:53 PM
‎05-10-2018 08:53 PM

The first thing to note for the core switches (which will shape a lot of the rest of the answer) is the management IP (which is primary only used by the switch to talk to the cloud) must be in the subnet to the uplink to the Internet.  The management network can not use the switch as the default gateway.  The management network does not use the routing table in the switch.

 

The default gateway of the management interface must point to the IP address of your firewall/router providing Internet access.

View solution in original post

Subscribe
4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎05-10-2018 08:53 PM
‎05-10-2018 08:53 PM

The first thing to note for the core switches (which will shape a lot of the rest of the answer) is the management IP (which is primary only used by the switch to talk to the cloud) must be in the subnet to the uplink to the Internet.  The management network can not use the switch as the default gateway.  The management network does not use the routing table in the switch.

 

The default gateway of the management interface must point to the IP address of your firewall/router providing Internet access.

Subscribe
MRCUR
Kind of a big deal
‎05-11-2018 07:33 AM
‎05-11-2018 07:33 AM

This is definitely an oddity of Meraki MS devices currently. As @PhilipDAth points out, you cannot use a L3 interface you've created on the stack as the stack's Dashboard uplink (management). While some people have reported this works, it is NOT supported so you're better off using the link between the stack and your firewall as the management interface. 

MRCUR | CMNO #12
Subscribe
In response to MRCUR
AlexL
Comes here often
‎06-05-2022 01:16 PM
‎06-05-2022 01:16 PM

Sorry to resurrect an old thread, but what are you saying is to create an L3 mgmt interface on say an MX and trunk that vlan down to the core switch? Would I also need to enable DHCP for the L3 mgmt interface on the mx?

 

Thanks

0 Kudos
Subscribe
In response to AlexL
Dunky
Building a reputation
‎06-10-2022 04:50 AM
‎06-10-2022 04:50 AM

Yes, create the VLAN on the MX, and then include that in Allowed VLANs on the uplink port to the MX on your MS.

You only need to enable DHCP if anything in your Mgmnt VLAN is configured for DHCP. Personally, I assign all Meraki devices static IP's in the mgmnt VLAN.

The only other reason you would enable DHCP was if you wanted to use the MX as the DNS server in that VLAN or any reason, in which case you just configure the DNS nameservers to "Proxy to upstream DNS" and reserve the entire IP range covered by the subnet.  Again, I don't use the MX for DNS on the management VLAN, I configure the devices to use Google (8.8.8.8) and OpenDNS (208.67.222.222).

 

Hope that helps.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki