I'm having issues with VLANs per SSID. I can connect to an SSID that has no VLAN tag, and everything works. If I connect to an SSID that has a VLAN tag, the DHCP request does not make it to the FW. I can see the DHCP request leaving the AP with the correct VLAN tag, but I never see it hit the firewall.
Right now I am testing having a laptop connect to an SSID with VLAN 50. On a support call with Meraki they could see the Discover packet leave the AP with the VLAN 50 tag, but they couldn't see it reach the Meraki firewall.
Overview of the network: FW <> SW01 <> SW02 <> AP
I've copied the config for the ports below.
FW to SW01
LAN 1 enabled trunk Native VLAN: VLAN 10 Allowed VLANS: VLAN 10, VLAN 50 , VLAN 60 , VLAN 99 , VLAN 230
SW01 to FW
interface GigabitEthernet0/2 description TEMP UPLINK SHL_FW0001,DIRECT,Meraki-MX60 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport trunk allowed vlan 10,50,60,99 switchport mode trunk spanning-tree portfast disable ip dhcp snooping trust end
SW01 to SW02
interface GigabitEthernet1/1 description SHL-NS0201,DIRECT,FIBER,UPLINK switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport trunk allowed vlan 10,50,60,99 switchport mode trunk ip dhcp snooping trust end
SW02 to SW01
interface GigabitEthernet1/1 description SHL-NS0001,DIRECT,FIBER,UPLINK switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport trunk allowed vlan 10,50,60,99 switchport mode trunk ip dhcp snooping trust end
SW02 to AP
interface GigabitEthernet0/19 description AP19 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport trunk allowed vlan 10,50,60,99 switchport mode trunk spanning-tree portfast disable end
No comments:
Post a Comment