Hey everyone! I just started a new gig as an IT Manager at a construction company, and I've hit a snag with their network setup. For the last eight years, they've relied on a local IT partner who hasn't been very effective, leaving things in a bit of a shambles.
From the outside, their Cisco Meraki network looks fine, but I've uncovered some serious issues. Everything—Ethernet, Wi-Fi, and even printers—are on the same subnet, and the guest Wi-Fi isn't isolated from the corporate network. When I plugged into the guest Wi-Fi, I could see all clients and open ports from the corporate network.
I've accessed the Meraki dashboard and noticed that all switch ports are set to VLAN 130 (Guest) and the native VLAN 99 (Corp). Am I right in thinking that VLAN 99 means untagged traffic? Is this why traffic from VLAN 130 is leaking into VLAN 99? I don't have access to the Cisco Wi-Fi controller yet, but if it's also on VLAN 99 instead of VLAN 130, is that causing the issue?
The IT partner claims that all Cisco devices can be managed through Meraki, but I'm skeptical since we only have Meraki routers and a mix of old and new Cisco Business 250 switches, which I don't think can be managed by Meraki. I'd appreciate any insights before I confront the IT partner about their setup. Cheers!
5 Answers
I’ve got the same series of switches, and I haven’t figured out how to connect them with Meraki either. Often, local IT partners will throw things together quickly without finishing the job. So, you’ll probably find issues that need fixing for quite a while.
If the equipment's outdated, you might want to just scrap it all and start fresh. Consider going all in on Meraki or switching to something like Ubiquiti – it's more affordable and easier to manage. And definitely implement a solid firewall to keep things secure. You don’t want a mix of Meraki with other non-Meraki hardware; that’s just asking for chaos!
Having multiple VLANs on the same port isn't inherently bad; it’s all about the gateway setup. Make sure your firewall rules are on point to manage inter-VLAN traffic properly. That’s where the leaking could be happening.
Plus, if you find all switch ports are native 99 and guest calls 130, check for rogue ports somewhere that might be bridged incorrectly; that would definitely leave your networks exposed.
Exactly, your Meraki setup might look fine from afar, but without proper ACLs, it could be a total disaster waiting to happen!
Yeah, you're right! Untagged traffic goes with whatever your native VLAN is set to. But it sounds like you might need a firewall in place to really regulate traffic between VLANs. I'd suggest getting all your facts straight from the Meraki dashboard before you approach your IT partner. You're probably not able to manage those SG switches through Meraki, just so you know.
Exactly! If the guest Wi-Fi is set to the same native VLAN, that could definitely explain the cross-talk between your networks. It sounds like they set up the VLANs but forgot to implement proper configurations that control the traffic. You might want to get a console cable to check the switch configs directly.
True, it feels like they set things half-heartedly. The firewall should be handling the traffic rules between VLANs. Make sure you document everything!
Proceed with caution. Sometimes these setups are messier than you think, and people might not want things changed based on budget constraints or prior decisions. I've been in situations where I found out that changing the network means bruising egos. Just make sure you’re aware of the full context before confronting anyone.
Oh man, so that means the firewalls are completely open between the networks? Yikes! You should not see any cross-traffic like that. I’d dig into the Meraki firewall settings.