Thursday, June 14, 2018

Management IP routinely goes up/down on Catalyst 3560 connected to LAN over Meraki mesh link

Hello, everybody. I've been trying to figure out why a Catalyst 3560 in my environment stops responding to ping/SSH regularly, then comes back online. Any tips are much appreciated if anyone has any suggestions.

I inherited a network at one of our branch sites where a Meraki mesh link is used to connect a small building to the rest of the LAN instead of conduit/cabling. A Meraki MR72 is getting its uplink connectivity from the mesh network; the MR72's only LAN port is connected to a Catalyst 3560 (the MR72 gets PoE from the 3560). The mesh link reports as strong, per Meraki.

Until recently, only one device was connected to the 3560. It was not being used, so I'm not sure if the devices on the switch were getting network access or not. Contractors ran another 10 drops in the remote building which terminate into the 3560. It was at this point that I realized the 3560 was not being monitored, so I started monitoring it. Solarwinds tries to ping the device every couple of minutes; I started getting spammed with alerts that the switch went down, then it came back up, etc. The duration of how long it's up or down doesn't look to be consistent.

That being said, I can still communicate with nodes on that switch even when the IP for the switch itself is not responding. It's mostly just annoying that I can't reach the switch regularly and noise from alerting. For now, I'm going to change the alerting for this switch to require the pings to fail for an hour before sending out an e-mail. I'd prefer to fix whatever is wrong, but I haven't figured it out.

  • 3560 has three VLANs configured with corresponding SVI's. Only one of the VLANs is actually in use and its SVI is what I'm monitoring.

  • Meraki mesh acts as a layer 2 bridge. VLAN info is dropped once traffic travels over the mesh from the LAN port on the wireless access point.

  • Logging on the 3560 doesn't show any ports going down or power issues that I can see.

  • The port on the 3560 connecting to the Meraki is set up as a dot1q trunk with a native vlan (the native vlan includes the monitored IP address) set to "nonegotiate" and cdp is disabled.

This is more of an annoyance than anything, but if anyone can help save my sanity I'd be quite grateful.

 +--------+ | | | Rtr | | 2911 | +----+---+ | | | | | ---------+--------+ +---------------------+ | Sw1 | | Sw2 | | 3560 | | 3560 | +---------------+--+ +---------+-----------+ | | | | | | +---+--+ | | AP | +------+ | MX74| XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | AP | +------+ | MX72 | ^ +------+ | | | | MESH 


No comments:

Post a Comment