Meraki

githo · ‎Sep 6 2019

Hi

MS120 switch with access port (native VLAN 40). When we connect a computer everything works fine (internal network + connection to our USG, who handles all VLANS, routing and WAN).

When we connect a dumb layer 2 switch however (due to not enough cables atm) the internal network works fine except access to the USG (and everything behind it) for all clients connected to the dumb switch.

This exact same setup (untagged VLAN40 port) on our old Zyxel GS1920 switch works just fine.

What might cause this problem?

Thanks

NolanHerring · ‎Sep 6 2019

Maybe I'm having a brain fart but if the port is configured for access port mode, you can't assign a native vlan (only on trunk ports).

Can you show a screenshot for how you have the port configured

Nolan Herring | nolanwifi.com

cmr · ‎Sep 6 2019

@githo is the dumb switch truly dumb? It may have a VLAN1 setting that is causing a mismatch?

githo · ‎Sep 10 2019

@cmr It's the most basic and cheapest switch (tried both netgear and D-link). It's a temporary solution due to cable shortage.

When we put these switches on an untagged (access) port (VLAN 40) from our Zyxel switch everything works fine.

On the meraki the clients get IP's as the should and they can access the servers. They just can't reach (or get a reply from) our gateway (ICMP), so no internet.

cmr · ‎Sep 10 2019

@githo wrote:
@cmr It's the most basic and cheapest switch (tried both netgear and D-link). It's a temporary solution due to cable shortage.
When we put these switches on an untagged (access) port (VLAN 40) from our Zyxel switch everything works fine.
On the meraki the clients get IP's as the should and they can access the servers. They just can't reach (or get a reply from) our gateway (ICMP), so no internet.

Are the MAC addresses of the clients who are connected to the dumb switch in the arp table of the USG?

githo · ‎Sep 18 2019

@cmr Sorry about the delay. I replicated the problem today.

Computers with ip show up on the port information page.
All mac addresses turn up in the routers arp table.

Also the problem starts to manifest when I put on more than 1 computer behind the switch. If only 1 pc is turned on everything works perfect.

I tried other simple non manageable/non vlan switches but the problem remains. It seems that you can't put another switch behind the MS.

redsector · ‎Sep 18 2019

I can put dumb switches on our MS-switches (MS 10.45 networks an MS 25.14 networks).

The port config you sent seems to be good (but some dump switches are working with BPDU-guard enabled on the Meraki switch-port some don´t. I had this issue today).

You may have to check if the standard VLANon Meraki switches is 1.

Try another dumb switch from another vendor. I this case: the cheaper the dumb switch the better (no extra software on the dumb switch which can occure failures).

redsector · ‎Sep 18 2019

Do you have 802.1x port-security on the Meraki network switch-ports?

githo · ‎Sep 18 2019

Hi, I(ve tried 2 brands (D-link and netgear) with the same results. I don't think they come any cheaper than this. 🙂

We have no access policies. Do you mean management VLAN with standard?

redsector · ‎Sep 18 2019

Yes, management VLAN 1.

I just tried a Netgear FS 105 switch. It´s working.

githo · ‎Sep 18 2019

Yes Management VLAN is 1.

So weird, I really don't get it.

I just tried with

a TP-link TL-SF1008D

a belkin V300df

and a D-Link DES-1008D

All cheap, a bit older but still..

githo · ‎Sep 10 2019

@NolanHerring

The port config:

Type: Access

Access policy: Open

VLAN: 40

Voice Vlan: /

Link: Auto negotioate

RSTP: Enabled

STP guard: disabled

Unsheduled

Port isolation: Disabled

UDLD: Alert only

Meraki

Community

"Dumb" layer2 switch on access port meraki ms120

"Dumb" layer2 switch on access port meraki ms120