Meraki

Community

No internet with ISP uplink port directly on switch

cpuchips42
New here
‎Jan 29 2024 5:54 AM
‎Jan 29 2024 5:54 AM

No internet with ISP uplink port directly on switch

Hi all,

 

I did a switch migration test over the weekend and ran into an issue with our (6) MS250-48P switch stack not being able to reach the Meraki cloud and no internal endpoints reaching outside our network. We are switch from a standard Cisco switch to this new meraki switch. To give a bit of our topology background, Our existing "core" Cisco Catalyst 4510R switch does all of our layer 2 routing for our building but just 1 port has the ISP uplink which connects over to our Palo Also firewall interface to filter traffic. The firewall then routes back to the switch. I know this is a weird setup to have switch first then firewall but this is just how it was setup when I was here. On the MS250, The switch port for the uplink has been set to trunk with no native vlan set as well as an access port with vlan 100 to firewall traffic to our firewall. The firewall interface is assigned as trunk with no tag. 

 

For some reason internet was not accessible with this setup but internal traffic was being routed. I talked with the meraki tech and he was puzzled as well. He mentioned it could be related to bridge priority not being set properly but even when we set that up still no internet. I am curious if someone has run into this issue as well or if anyone has an idea to make this work. Thanks!

 

EDIT: Added a topology image for reference to better explain my setup.

draft-topology.jpg

 

Labels:
0 Kudos
10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 29 2024 6:11 AM
‎Jan 29 2024 6:11 AM

The MS is receiving an IP, do you see any attempts to communicate with the Internet in the firewall logs?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
cpuchips42
New here
‎Jan 29 2024 6:20 AM
‎Jan 29 2024 6:20 AM

Yes I looked at the logs and only saw internal traffic going through the firewall which let me to believe that something between the firewall and MS switch was not configured correctly but I could not figure it out.

0 Kudos
In response to cpuchips42
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 29 2024 6:24 AM
‎Jan 29 2024 6:24 AM

To save conscience, I would try to configure a machine in the same VLAN in which the MS is receiving IP to validate if the internet is working as expected.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
cpuchips42
New here
‎Jan 29 2024 6:59 AM
‎Jan 29 2024 6:59 AM

Next time I test I will try this. Thanks!

0 Kudos
ww
Kind of a big deal
Kind of a big deal
‎Jan 29 2024 6:58 AM
‎Jan 29 2024 6:58 AM

The ms250 is new and replacing the 4510?

The ms250 is going to do layer3 routing?

All ms250 switches have layer2 connectivity for the management vlan to the firewall/isp subnet?

Do you have a network drawing.

In response to ww
cpuchips42
New here
‎Jan 29 2024 7:01 AM
‎Jan 29 2024 7:01 AM

The ms250 is new and replacing the 4510? Yes I preconfigured ports but it is a new switch/stack of 6 switches.

The ms250 is going to do layer3 routing? No this will just be doing layer 2 traffic. The firewall handles all layer 3 routing.

All ms250 switches have layer2 connectivity to the firewall/isp subnet? I was able to reach the firewall interface from an internal PC that was plugged into the switch stack so yes it was able to reach with layer 2.

0 Kudos
In response to cpuchips42
ww
Kind of a big deal
Kind of a big deal
‎Jan 29 2024 7:06 AM
‎Jan 29 2024 7:06 AM

How was you switch management interface set on the switch? To a specific vlan? Of without vlan

 

And what was the general settings network management vlan set to

0 Kudos
In response to ww
cpuchips42
New here
‎Jan 29 2024 7:07 AM
‎Jan 29 2024 7:07 AM

The management vlan is set to a specific vlan of 1900. When I first configured the switches I assigned them a static IP within this vlan before testing in production with our firewall. All it was connected to when I configured IP was another meraki switch just to get it setup.

0 Kudos
In response to cpuchips42
ww
Kind of a big deal
Kind of a big deal
‎Jan 29 2024 8:50 AM
‎Jan 29 2024 8:50 AM

So port 5 of the switch allows tagged vlan 1900. 

And switch management has 1900 set in the vlan field?

1000040513.jpg

0 Kudos
In response to ww
cpuchips42
New here
‎Jan 29 2024 8:55 AM
‎Jan 29 2024 8:55 AM

Switch 6/48 has the uplink cable from ISP plugged in which I tried assigning both trunk with no native vlan(saw that Palo alto has issues with meraki and trunking with native vlan assignment) as well as access vlan 100(this vlan is just for use of isp uplink). Both of these assignments to 6/48 did not get internet traffic and meraki dashboard could not reach the switch stack. 

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.