Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

Management IP routinely goes up/down on Catalyst 3560 connected to LAN over Meraki mesh link

Hello, everybody. I've been trying to figure out why a Catalyst 3560 in my environment stops responding to ping/SSH regularly, then comes back online. Any tips are much appreciated if anyone has any suggestions.

I inherited a network at one of our branch sites where a Meraki mesh link is used to connect a small building to the rest of the LAN instead of conduit/cabling. A Meraki MR72 is getting its uplink connectivity from the mesh network; the MR72's only LAN port is connected to a Catalyst 3560 (the MR72 gets PoE from the 3560). The mesh link reports as strong, per Meraki.

Until recently, only one device was connected to the 3560. It was not being used, so I'm not sure if the devices on the switch were getting network access or not. Contractors ran another 10 drops in the remote building which terminate into the 3560. It was at this point that I realized the 3560 was not being monitored, so I started monitoring it. Solarwinds tries to ping the device every couple of minutes; I started getting spammed with alerts that the switch went down, then it came back up, etc. The duration of how long it's up or down doesn't look to be consistent.

That being said, I can still communicate with nodes on that switch even when the IP for the switch itself is not responding. It's mostly just annoying that I can't reach the switch regularly and noise from alerting. For now, I'm going to change the alerting for this switch to require the pings to fail for an hour before sending out an e-mail. I'd prefer to fix whatever is wrong, but I haven't figured it out.

  • 3560 has three VLANs configured with corresponding SVI's. Only one of the VLANs is actually in use and its SVI is what I'm monitoring.

  • Meraki mesh acts as a layer 2 bridge. VLAN info is dropped once traffic travels over the mesh from the LAN port on the wireless access point.

  • Logging on the 3560 doesn't show any ports going down or power issues that I can see.

  • The port on the 3560 connecting to the Meraki is set up as a dot1q trunk with a native vlan (the native vlan includes the monitored IP address) set to "nonegotiate" and cdp is disabled.

This is more of an annoyance than anything, but if anyone can help save my sanity I'd be quite grateful.

 |        |
 |  Rtr   |
 |  2911  |
 ---------+--------+                                            +---------------------+
|      Sw1          |                                          |       Sw2           |
|      3560         |                                          |       3560          |
+---------------+--+                                           +---------+-----------+
            |                                                                 |
            |                                                                 |
            |                                                                 |
        +---+--+                                                              |
        |  AP  |                                                          +------+             
        +------+                                                         |  MX72 |
                                       ^                                  +------+
33% Upvoted
What are your thoughts? Log in or Sign uplog insign up
level 1

Duplicate IP? I've seen it in a case like that.

level 2
Original Poster1 point · 3 months ago

Thanks for the reply. I don't think that's it. The IP assigned to the switch is excluded from DHCP so it would have needed to be configured statically on a device.

I just checked the ARP tables on the two meshed access points. The access point directly connected to the switch still has an entry for the IP in its ARP table, but the access point on the other side of the mesh doesn't have that IP in its ARP table. As you would expect, the connected access point can still ping the switch but the other access point cannot ping.

level 1

What does the Meraki portal show? Check if the Merakis have connectivity issues over the Wi-Fi. Check the event logs on the Meraki too.

Thats definitely not an ideal setup. Have a lan device monitor the switch too. Is the Cisco only unpingable over the Meraki?

Open a case with Meraki support to check for known bugs.

Check the ios version on the Cisco 3560.

Add another SVI and monitor that too.

Check switch logs, interface errors, qos settings and buffers.

Check Meraki AP settings for any layer 3 filtering.

Check wireless radio spectrum for congestion.

Community Details





###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
Rule #1: No Home Networking.
Rule #2: No Certification Brain Dumps / Cheating.
Rule #3: No BlogSpam / Traffic re-direction.
Rule #4: No Low Quality Posts.
Rule #5: No Early Career Advice.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.