Switches scanning entire network

JustinGA
Getting noticed

Switches scanning entire network

hello everyone, 

 

i have just hooked up new meraki switches to my network and it seems that they have an auto discover feature in them.

 

what i mean is... i have hooked these up to just use on the default vlan 1 network and they had began discovering clients on ALL my other vlans and networks.

 

Is there anyway possible to prevent these merakis from touching other networks or VLANs? 

 

 

9 REPLIES 9
BlakeRichardson
Kind of a big deal
Kind of a big deal

If you have them connected using trunk ports and are allowing all VLANs they will see all networks, clients etc. 

 

To be honest this is one of the benefits of Meraki.

I agree I can see the benefit of it... however, some of the equipment on our network is so old and sensitive that it completely drops off the network if it gets any kind of activity.... its crazy i know.

 

If I were to try and prevent this in the future, would I just change the VLANS that are allowed on both the Meraki and my Core Switches?

It has caused issues with old equipment or you're just concerned it could? The switch is not probing or scanning. It's seeing clients and traffic and simply reporting it.

it HAS caused issues... i can see machines and devices dropping off the network as we speak.

 

is there ANYWAY to prevent this? These switches dont need to know about anything other than what is currently plugged into them. 

So, disconnecting the Meraki switch (which these devices aren't connected to or flowing through) restores stability to them? Or, are clients connected to them or traffic is traversing the Meraki switch?

 

Support case open?

I havent disconnected them, but the devices drop off... then come back. 

 

All types of devices are being affected now... not just the older equipment.

 

  • laptops
  • desktops
  • IP phones
  • wireless access points
  • wireless lan controller

some of each of these devices have dropped completely... then came back online a few minutes after..NONE of these devices are directly connected to the Meraki 

PhilipDAth
Kind of a big deal
Kind of a big deal

When you say drop off - how are you observing this?  Loss of ping?
Is this loss of connectivity permanent or intermittent?  Does the loss of connectivity happen immediately after connecting the Meraki switch to the network, or does it happen 30s or 90s later?

 

The Meraki switches are not doing active discovery (aka sending traffic).  They passively listen to the traffic they see.  So it is impossible for this feature to cause a client to drop off.

 

HOWEVER, this doesn't mean they couldn't cause a client to drop off - it just won't be passive client monitoring.

Things I would check for:

  • IP address conflicts.  Perhaps the Meraki switch is using the address of something else on the network?
  • Spanning tree issues.  Are there are redundant layer 2 loops?  If you have multiple brands of switches strongly consider configuring the other switches to use MST with a single default region to make sure you are not having spanning-tree issues.  Make sure you have configured your core switch as the spanning-tree root guard.
  • Do any of the switches have any security features configured, like spanning-tree guard, etc?
  • What do the other switch logs say?
  • What does the Meraki switch even log say?

 

the devices drop from the network.. we are no longer able to access them on the network. no pings as well.

 

it is intermittent loss. the merakis have been plugged in since 6pm yesterday.

 

  • no ip address conflict
  • not sure about the spanning tree setting or how to configure that spanning tree root guard
  • i know that my other switches have stp enabled for rstp
  • i dont have any logs of my current switches
  • i just got off the line with Meraki support, they believe it could be an STP issue.
PhilipDAth
Kind of a big deal
Kind of a big deal

>i know that my other switches have stp enabled for rstp

 

That could be it.  Many vendors (including Cisco Enterprise ....) did not follow the RFP and implemented per VLAN instances.  Try changing the others to use MST instead of RTSP.  When deploying Meraki switches into Cisco Enterprise switch environments I always make this change to avoid issues.

 

You should also configure a core switch to be the spanning-tree root to minimise issues.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels