Maraki Switches need to be connected to another Meraki firewall setup

HaniAbuelkhair
Getting noticed

Maraki Switches need to be connected to another Meraki firewall setup

HI,

I have a setup of Mx67, two M120 switches connected and working fine with few VLAN's setup 

 

I have new requirements to connect few ports from both Switches to another Meraki Firewall Z3, and the machine will get the DHCP IP address from that Meraki Z3 not the main Mx67.

And all traffic should be passed to the Z3.

 

I connected the Z3 to one port on Switch1, and another port on Switch 2 and setup these two ports from the switches as Trunk port as they will use VLAN 20 which created from Z3.

 

Then i configured the the other ports as access with VLAN 20 only on the switch port not the Meraki.

 

VLAN 20 is not been used in the Mx67.

When i did that 1st to Switch 2 it works fine, but when i connect the Z3 to Switch 1 went down nd had to remove all the config and cabled in order to work again.

 

Any suggestions.

  

5 Replies 5
KarstenI
Kind of a big deal
Kind of a big deal

I am not 100% sure but it could be that you introduced a loop into your network. I would connect the Z3 only to one switch and make sure that the trunk between the two switches carries this VLAN 20.

@KarstenI i was expecting a loop as well as the two switches when you configure the port directly with the VLAN dose not communicate with the other switch, and the Z3 become a gateway for them, and the full setup can prevent loops but not this setup

ZeeBoussaid
Getting noticed

i think you need to advertise Vlan20 in the MX otherwise you will loop. the Vlans needs to match between the MS and the MX.

dlowery
Getting noticed

I have to ask, Why do you need this Z3 at all? What is it doing that the MX67 cannot?

@dlowery Oh its a long story 

But its a setup requested by the customer to do this 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels