Community Record
11
Posts
14
Kudos
0
Solutions
Badges
Honestly, this whole experience has not been confidence inspiring in terms of Meraki's QA & change control systems which then impacts our gear even when we've not made any changes ourselves. I've got over $500K USD of this gear in production so far & I'm seriously considering dumbing Meraki for future sites/upgrades.
... View more
I've just had another 6 switches drop from AES auth now too.
... View more
AND the same thing has happening for me too for the same site that dropped about this time yesterday. Back to DES now AND now SNMP uptimes have been reset too - yet my network monitoring didn't show a network drop at all? In fact I saw nothing go offline. But this is royally screwing my metrics and reporting!!!
... View more
Further to this original incident, two more of more sites had some of their switches switches also suffer the same fate. I can also confirm the 'combined network' sites do not sure the DES/AES selection. HOWEVER upon pressing 'save' on that config page - it then changes all site's switches to use AES! 😲 So I've now re-saved all my sites to force them to AES - which let's be honest, should've been the default setting all along for a switch at this price point.
... View more
One of my sites's SNMPv3 reporting went offline earlier tonight. The Sites' > Network-Wide > Configure > General > SNMP section had a new Privacy Mode = AES128 dropdown. Of course our monitoring software is still configured for the previous DES setting This is easy enough to 'update' our Network Monitor to AES too, which is definitely the preferred option - but seriously WTF was this changed to begin with? This wasn't a change we triggered nor did I receive any advice about this. This caused mass panic & confusion as to why we're suddenly started loosing SNMP polling progressively across all Meraki switches on the site. To possibly make matters worse - Some of my other sites also have this new AES128 dropdown - yet are still polling fine on the existing DES settings. WTF is going on with the change control process here?
... View more
Aug 14 2024
9:00 PM
Ah right - I hadn't factored a pair of MS225's failing at the same time; since we have a cold MS225 spares onsite ready. As for stack sizing - I could get extra optics to split the 6 high stack in to 2 smaller 3 high stacks to minimize any future distribution incurred during stack repairs. But since these stacks are not hot-swappable anyway - (and that's a disappointing flaw) - realistically that means we'd be waiting for a downtime window anyway regardless of stack size. We won't want to take down any more switches in the repair process during business hours. We'd just have to do a temporary single switch setup/uplink just to get those ports going until we can power off & rebuild the original stack.
... View more
Aug 14 2024
7:32 PM
From history (and not recently "tested") - I had UniFi AP's forward STP. If your user's connect a STP generating device like a Sonos to your Guest Wi-Fi - that resulted in the switch port shutting down - and that entire AP going offline 😞
... View more
Aug 14 2024
6:42 PM
2 Kudos
Ah yes, I did notice that whilst researching these recent issues! I use the unofficial meraki-cli python script to API create all the 100+ L3 core VLAN interfaces & DHCP config. Is that likely to still work? That would save on re-tooling our workflow. Otherwise can it be configured directly via cisco CLI?
... View more
Aug 14 2024
1:53 AM
1 Kudo
Over the years we've built a couple of Meraki sites but seem to have ended up with slightly different configs & conflicting advice re root & loop guard usage. Previously had months of site stability until recent core switch MLAG additions appears to have kicked off a bunch of weirdness like 'Port running LACP and LACP has disabled this port' madness knocking out a bunch of links unexpecting. Firmware updating seems to have helped a lot, but I'm in need of a sanity check to clarify what Meraki's best practices for spanning tree. Is this the recommended STP & UDLD config for a LACP trunk between a stacked MS425 core & MS225 access switches? Inter-Meraki Switch trunk - AGGR/x (Core-side)
Type = Trunk
Native = 1 Allowed = all (or as required) RSTP = Enabled STP Guard = Root Guard UDLD = Alert Inter-Meraki Switch trunk - AGGR/x (Access-Stack-side) Type = Trunk
Native = 1 Allowed = all (or as required) RSTP = Enabled STP Guard = Loop Guard
UDLD = Enforce
And whilst we're on the topic.... All end devices, computers, servers, users, etc Type = Access RSTP = Enabled STP Guard = BPDU Guard UDLD = Alert Only Non-Meraki Wi-Fi Access Point with VLANs Type = Trunk
STP Guard = Root Guard
UDLD = Alert Only
Non-Meraki Switch with VLANs & any inbound STP not to be trusted Type = Trunk STP Guard = Root Guard
UDLD = Alert Only Unmanaged Switch Type = Access
STP Guard = BPDU Guard Non-Meraki Firewall cluster, LACP Trunk to each HA Node - no STP support since failing over results in MAC address jumping between ports Type = trunk
RSTP = Disabled Native VLAN = 1 Allowed VLAN = (selected ID's as required) UDLD = Alert Only Trusted DAI not enabled globally, so that's not a factor. Thanks in advance!
... View more
Aug 13 2024
7:15 PM
5 Kudos
Thanks guys, that is reassuring advice. I've actually got a couple of sites with these stacked MS425 core & MS225 access stacks topology; although the max 8 stack count was just an example above. On that topic though; largest stack size of I've gone is 6 units. Most are only 3-4 high. What I also just noticed was this comment here about "Use distributed uplinks across the stack such that they are equidistant". https://documentation.meraki.com/MS/Meraki_Campus_LAN%3B_Planning%2C_Design_Guidelines_and_Best_Practices This is something we hadn't put any thought in to, aside from keeping the uplinks over multiple switches incase a single unit fails. Is there really that much difference in reality between the "Acceptable" and "Best" above in terms of the uplink positions in the stack? (Granted MS225 Stacking is 40GBit; LACP 20Gbit uplinks to core) & all these access ports are just office computers; not some sort of high bandwidth server/SAN setup. This has me thinking if it's worth splitting that 6 high stack as I've got spare fiber so it could be done with some extra optics. Firmware is only ever done on weekends with plenty of possible recovery time - but isolation of possible failures is critical.
... View more
Aug 13 2024
4:03 PM
The Meraki best practices guide states: Keep the STP diameter under 7 hops, such that packets should not ever have to travel across more than 7 switches to travel from one point of the network to the other With this in mind, are stacked Meraki switches considered as one single STP hop, or still is it multiple hops based on number of stacked switches? Would this example topology work? - MS 425 Core stack with MS225 stacks - LACP/MLAG Trunk between Core & Access Stacks - Layer 2 VLANs across all switches, with L3 gateway terminated on Core
... View more
Labels:
- Labels:
-
Layer 2
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 5 | 1629 | |
| 2 | 2731 | |
| 2 | 2891 | |
| 2 | 1540 | |
| 1 | 1496 |
