[SOLVED] MS250 SFP port configuration

Marco_812
Here to help

[SOLVED] MS250 SFP port configuration

I'm having an issue getting a Meraki MS-250 to 'see' a device plugged in via fiber to one of the SFP ports. A lot of factors in play here . . . we have configured a Layer 3 interface on the Meraki with a DHCP server that is basically going into a dead-end isolated network. The device is a virutalized (VMWare esxi)  Ubuntu server (18.04) with a regular gigabit NIC, and the fiber connection. The Ubuntu Server (IP 172.60.4.189) shows on the Layer 3 ARP Table, but not in the MAC Forwarding table, and I cannot ping it from the Meraki, nor can I ping the Meraki interface IP (172.60.4.1) from Ubuntu

ARP.table.JPG

If I ping the Meraki, or run a traceroute from Ubuntu, and run a Packet Capture from the Meraki, I see the attempted communication but neither is successful. Also, the Ubuntu server displays on the Client List for the Meraki. The Layer 3 interface runs downstream to a couple of Cisco SG switches, and there are devices on these switches getting their IPs from the Layer 3 DCHP, but these devices are not able to ping or connect to the Ubuntu server, nor can the Ubuntu server connect to them. 

clients.JPG

It would seem the Meraki is aware of the existence of the Ubuntu server, but cannot contact it for whatever reason. Port 49 is set to Access, with an open policy currently. I have tried it as Trunk as well, but with no luck. This is a project I inherited, not 100% sure of my Linux networking skills so this could very well be on the Linux side (or even VMWare) but from the packet capture and other information it would seem it's set up properly. Any pointers, tips, or links to documentation on what settings I should be using for that port, or for the Meraki itself?

Thanks very much 

6 REPLIES 6
BrandonS
Kind of a big deal

I read this quickly so may be off here, but you are aware 172.60.4.189 is not an internal/private/RFC1918 IP address, right?

 

 

- Ex community all-star (⌐⊙_⊙)

Ahh, I was not aware of that, thank you, that could very well be it. This had been setup with a 172.20.x.x network previously, but that conflicted with an existing private network already set up here so I changed that, but I did not realize I had gone beyond the bounds of a private network.

Thank you!

PhilipDAth
Kind of a big deal
Kind of a big deal

This is going to depend a lot on your VMWarre configuration.  Is VMWare expecting to see the VLAN you are routing to it as a tagged VLAN on its ports, or are they mapped into the vSwitch as access ports.

 

The issue is unlikely to be on the Ubuntu site.  This is likely to be a mis-configuration in VMWare about the presentation of the VLAN to it.

Thank you. As far as I can tell the vSwitch is presenting as VLAN 40 although I'm pretty sure I never actually edited it as suchvmNic6.JPGvswitch-BMC.JPG

GIdenJoe
Kind of a big deal
Kind of a big deal

I agree with Philip on this one.

Normally a when a vswitch links to a vmnic the VLANs from the port groups are sent tagged out the port, so by using an access port you are basically untagging the traffic in the other direction causing it to be dropped into the wrong VLAN if there is a native VLAN defined.

So you'll have to make the port connected to the server NIC a trunk port and make sure you allow VLAN 40 across.

Marco_812
Here to help

Thanks for all the help, it's really appreciated. I did switch back to trunk from access but it turns out I had the native VLAN on that port set to 40, but really needed to have it set to VLAN 1, and allow VLAN 40, as per the Meraki engineer who assisted. Doing that immediately opened up that port and all devices on VLAN 40 can now see each other

I did not realize that the native VLAN setting is for management purposes. Lack of networking knowledge on my part but I'm really a database guy and had inherited this project as we no longer have a network guy

Thanks again, feeling good . . . until the next crisis pops up 🙂


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels