Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2075
Views
0
Helpful
1
Replies

Staging and Provisioning advice for Meraki Layer 2 / Layer 3 Switches

Paul Tursan d'Espaignet
Level 1
Level 1

‎02-19-2016 02:58 AM - edited ‎03-05-2019 03:22 AM

A customer of mine has purchased a number of Meraki switches for various purposes, which I am tasked with deploying.

I've found the documentation to be woefully inadequate, and completely glaze over quite important points, and I was wondering how other people in the field are efficiently deploying these devices.

To paint a typical picture of a customer's network:

Downstream Meraki Layer 2 access switches <-----> Meraki Layer 3 Switch with SVIs <-------> Cisco ISRG2 Router <------> Rest of network.

I've staged the Layer 3 switch via the Meraki dashboard, adding all the necessary SVIs. As the devices don't have the concept of a "routed port", I created a separate VLAN / SVI for the connection between the Cisco Router and the Switch (just a /30 subnet), and assigned that port as an access port in this VLAN

Now the issue, which the documentation glazes over: "Install and connect your switch(es) in their desired locations, provide power and a connection to the Cisco Meraki cloud" 

I would never normally assign a network device an address over DHCP, so I wanted to go the way of static configuration. I factory reset the device, gave it an address in the correct VLAN, with correct default gateway (staging in a lab, so I configured the lab router with the same addressing as will be present in production). The device is then simply unusable, and unreachable. From the test router, it is pingable, but it's not possible to browse to any web interface.

I then factory reset the device, and then simply connected via  default port to a test router with a DHCP server attached. The switch joins the meraki cloud no problem. I then had to manually change the management interface through the Meraki dashboard to what it was before, and then swapped the port that was connected to the original interface that i had tried to configure statically. After a few minutes this finally came up and is reachable.

Next I tried to do the same with a downstream layer 2 access switch. I'm connecting to the Meraki Layer 3 switch via a 10G Twinax cable, with both sides configured as a trunk and passing all VLANs. The native VLAN is VLAN 1, which is not used on either device. VLAN 201 is what is configured as the management VLAN. I go to the local interface, try and set the details there statically, but the device never connects to the Meraki cloud. The management interface (VLAN 201) on this layer 2 switch is pingable from remote networks, so there's no issue with routing, and it also has a default route. But still not accessible via Meraki, nor from the 1.1.1.100 address.

I tried the same trick with factory reseting and using DHCP connected directly to the internet, but then when trying to change it to use the management VLAN and its permanent static address, the device is then unreachable.

What the hell is with these devices? No local access or connectivity troubleshooting is possible from the device? I have to factory reset it and connect directly to the internet if I want to do anything on it? This seems ridiculous. 

I've been certified CCNP Routing & Switching for 14 years, and CCIE Voice / Collaboration for 6 years, so I'm not an idiot, but would appreciate advice on how people integrate these devices into a traditional enterprise network.

Labels:
0 Helpful
1 Reply 1

Paul Tursan d'Espaignet
Level 1
Level 1

‎08-12-2016 02:56 AM

Forgot i had posted this. It's a long time ago so my memory is a bit fuzzy, but I believe the issue was that for the "Management' interface that you are statically coding, you should not configure a separate SVI interface for that particular VLAN.

The issue was I believe the Management Static address is considered an interface itself, separately to the SVI, so if you're configuring VLAN100 - 10.1.1.1/24 and then also the Management interface as 10.1.1.1/24 it's a conflict.

My experience with these switches was generally not good - also SFPs had a tendency to get stuck on the ports and required a screwdriver to get them out again. Also the fixed mounting brackets don't really leave many options for mid-mounting a switch if the cabinet depth is too shallow, which was an issue for one of my customers who instead had to use a shelf to sit it on.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card