Meraki

A_Vijay

Hi Team,

We have a set of Meraki Core switches (MS-425-16P) that are stacked and that are connected to the SonicWall NSA-4700 HA pair. We have aggregated the 3rd port of the Meraki switches and connected it to the primary SonicWall firewall. We have aggregated the 4th port of the Meraki switches and connected it to the secondary firewall. The firewall also has the aggregated ports. The 1st and 2nd ports of the primary firewall are aggregated, and the 1st and 2nd ports of the secondary firewall are aggregated. When we connected the cables from the primary firewall to the Meraki switches, we lost the network connectivity. If we connect any one cable from the firewall to any one of the switches, the network connectivity works, and the scenario is the same with the secondary firewall. If we change the aggregate option to redundancy on the firewall ports, the network turns up while connecting all the cables. Right now we kept the firewall ports as redundant instead of aggregate.

The SonicWall vendor reports that their firewall worked successfully with aggregated ports with some other vendor switches. Even with the Cisco Catalyst switches, it's working; when we connect the Meraki switches, it won't work.

The Meraki core switches' aggregated ports are working fine with Cisco switches. We couldn't have any chance to check the issue with other vendors because the switches are live in the network.

Could anyone guide me to resolve the issue?

ww

The sonicwall ports are set to use LACP?. And for example set to "mode active"

A_Vijay

I will ask the SonicWall vendor. If the mode is not active, how to activate that?

ww

Meraki MS uses mode active. So the other side can be active or passive. But it needs to be lacp. I just noted the "mode active" setting to check if you see such a setting to make sure you are configuring lacp and not some kind of static LAG

A_Vijay

Is there an option to set LACP mode to passive on Meraki devices? Also, where can we check the LACP mode status on Meraki?

Brash

Agreed with what @ww mentioned.
Check that the SonicWall aggregation is configured to use LACP. Otherwise the Meraki switch won't be able to negotiate the port-channel.

hanjo

It sounds like a compatibility issue between Meraki and SonicWall's LACP implementation. Have you checked if both sides (Meraki and SonicWall) have matching LACP settings, such as active/passive mode? Also, try verifying STP settings to ensure there’s no loop blocking the connection.

GIdenJoe

1) Make sure you connect them correctly. So port 1 of active goes to port 3 of switch 1 and port 2 of active goes to port 3 of switch 2. Then port 1 of spare firewall goes to port 4 of switch 1 and port 2 of spare firewall goes to port 4 of switch 2.

2) Make sure the Sonicwall uses 802.3ad (or AX) which is LACP negotiation of the channel to bundle them. Meraki switches will not form bundles statically. If you are unsure, connect any one of the firewalls to 1 of the switch ports and run a dashboard capture on it and use the capture filter: ether host 01:80:C2:00:00:02 and you will definitely see messages coming from the MS switch but you should check if there are messages coming from the Sonicwall. If not you have a static aggregate and need to reconfigure that.

Meraki

Community

Reg: Aggregate ports

Reg: Aggregate ports