Meraki's MS switch allows you to configure anything from a single port to thousands of ports through our industry-first, Virtual Stacking technology. Virtual Stacking provides centralized management for up to 10,000 switch ports and unlike traditional stacking, virtually stacked switches do not require a physical connection, can be in different physical locations, and can be of different switch models, thereby simplifying large scale, distributed deployments.

From the Configure>Switch Ports page, you can name your ports, turn ports on/off, enable spanning tree (RSTP), define port types (access/trunk), and specify VLANs (data and voice).

 

 

Searching for ports

The virtual stack allows for you to view all your switch ports in one easy-to-navigate page. To further simplify switch port management, a dynamic search bar is available at the top to allow for you to quickly find the port(s) you are looking for.

Search terms
  • Enter any value in to the search omnibox for an instant search result
  • Use conditional operators to separate multiple search queries (AND, OR)
  • Use a wildcard to search for more general results ( * )
  • Enter specific search terms to find a particular port:

 

Search TypeSearch ValueResult

Example

Port

port:value

return all specified ports or port rangesport:1-10

Name

name:value

return all ports with the specified switch name

name:"joe's desktop"

Switchswitch:valuereturn all ports for the designated switch(es)switch:"1st floor"
Detected Uplinkis:uplinkreturn interface(s) detected as uplink to Meraki Cloud

is:uplink

not:uplink

Tags

tag:value

return all ports with the specified tag

tag:"blue 132"

VLAN

vlan:value

vlan:native

vlan:voice

return all ports with the specified vlan

return all ports with a native vlan

return all ports with a voice vlan

vlan:"60"

vlan:"native 60"

vlan:"voice 20"

LLDPlldp:valuereturn all ports containing matching LLDP informationlldp:"MR24"

Type

is:value

will return all ports with type "trunk" or type "access"

is:trunk

Link

link:value

return all ports with the link type set to specified speed/duplex

link:"100 mbps"

link:"10 gbps"

Link Aggregateis:aggregatedreturn only link aggregated (LACP) portsis:"aggregated"
Access Policyap:valuereturn all ports with the specified access policy applied (wildcard supported)ap:*
Port Scheduleschedule:valuereturn all ports with the specified port schedule (wildcard supported)schedule:*
Groupgroup:valuereturn all ports belonging to a common group (the virtual stack automatically categorizes the 3 most common configuration types into groups 1,2 and 3)

group:1

group:2

group:3

MAC Whitelistmac_whitelist:*return all ports with a mac-whitelist enabled (you can substitute the * with a mac address value using colons as separators)

mac_whitelist:aa:bb:cc:dd:ee:ff

mac_whitelist:*

The search tool is also capable of intelligently combining multiple search queries. See a few examples below.

 

Search: name:"joe's port" AND switch:"2nd floor POE"

Result: returns all port(s) with the name "joe's port" on the switch named "2nd floor POE"

Search: port:1-15 link:"10 gbps" switch:"2nd floor IDF"

Result: Returns all ports configured for 10gbit from the port range of 1-15 on the switch named "2nd floor IDF"

 

Making Configuration Changes

Making a Selection

In order to make changes to a port or port group on your MS switch, select the port or ports you would like to change by checking their prospective check box(es). 

 

Editing your Selection

Choose "Edit selected items" and make the desired changes. The following items can be modified:

    • Port Name
    • Port State (Enabled/Disabled)
    • Port PoE State (Enabled/Disable)
    • Port Type (Trunk/Access)
    • Native VLAN
    • Link Negotiation (1Gfdx, 100Mfdx, 100Mhdx, 10Mfdx, 10Mhdx)
Applying your Changes

Once you are satisfied with the changes you've made, save them by selecting "Update ports". This will instantly push the changes to your MS Switch.

 

 

Configuring a Trunk Port

Configuring a trunk port will cause the selected port(s) to accept 802.1Q tagged traffic for the VLANs specified. You will also have the opportunity to specify a Native VLAN for traffic that has no VLAN tag on ingress. This port configuration type is often used when configuring ports uplinks and devices that support 802.1Q.

Selecting a Native VLAN (optional)

If you would like untagged traffic to be tagged with a Native VLAN on egress, specify the Native VLAN by entering the VLAN ID in the appropriate field.

 

Choosing Allowed VLANs (optional)

In the VLAN field on the configuration window, enter the VLAN ID for the appropriate VLAN. Please note that making changes to your uplink port is not recommended as you may lose connectivity to the Meraki Cloud Controller.

 

 

Configuring an Access Port

Configuring a port with type "access" will cause for port to accept untagged traffic on ingress and send it to the VLAN specified. This is often used when configuring ports for edge devices.

Specifying the VLAN

In the VLAN field on the configuration window, enter the VLAN ID for the appropriate VLAN. Please note that making changes to your uplink port is not recommended as you may lose connectivity to the Meraki Cloud Controller.

 

Adding a Voice VLAN (optional)

If a voice VLAN is specified, the port will accept tagged traffic on the voice VLAN. In addition, the port will send out LLDP and CDP advertisements recommending devices use that VLAN for voice traffic.

 

Please note that STP Portfast (immediate forwarding state) is enabled by default on ports configured as Access ports

 

Enabling BPDU Guard (optional)

BPDU guard is a spanning tree enhancement that will instruct the switchport to go into a discarding state if a BPDU is received on the interface. The interface will remain in discarding state for 15 seconds.


Enabling Root Guard (optional)

Root guard typically enabled on switch to switch connections and when enabled, will keep the port in a designated role. If a superior BPDU is received, the port will go into a discarding state. Once the port stops receiving superior BPDUs it will automatically go back to learning/forwarding state


Configuring MAC whitelist (optional)

MS switches support whitelist based port-security which allows administrators to configure basic port-level protection against unauthorized network access. By default the whitelist is empty and disabled, thus allowing the switch to add any mac address to its forwarding table. However, by specifying one or more mac addresses, one can limit which devices are permitted on a per-port basis.

 

 Click here to expand...

 

Identifying ports

It can be very useful to name or tag individual ports for management and troubleshooting purposes. For example, you may want to label the Uplink or stack interconnect port in the event you need to make a change to that port. You can then search your entire virtual stack by port name to easily locate a particular port or range of ports (ie. all ports containing the term "uplink"). See Searching for ports below.

 

Applying an Access Policy (802.1x)

If you would like to configure and implement 802.1x wired authentication, you must first create an Access policy. For more information, see Creating an Access Policy.

Once you have successfully created an access policy, simply select the port or ports you would like to configure. Now, select the appropriate policy from the "Access Policy" dropdown. Choosing "open" will remove all authentication requirements from the ports you're modifying.

Note: In order to configure 802.1x wired authentication, you must configure the port as an Access port.

 

Link Aggregation

The MS series supports Link Aggregation (LACP) groups of up to 8 ports. To configure an aggregate, simply choose the ports you would like to aggregate by checking their respective boxes and then select the "Aggregate" option at the top of the page (see video 1 below). 

Doing this will create an LACP port group running mode:active.


 

A "Link Aggregate" is a combination of ports that act as one logical link. This is often referred to as Link Bonding, Link Aggregation, or EtherChannel. A link aggregate will load balance across the different physical links for additional performance, and will also give higher reliability because the link aggregate will continue to function as long as at least one of the physical links is working.


By default the MS series runs an LACP Passive instance per port. This is to prevent loops when a bond is connected to a switch running default configuration.


It is generally recommended that you first configure a link aggregate and then physically connect the aggregated ports. Be sure to configure the aggregate (or have LACP enabled) on both ends of the link.


 

Aggregated ports allow you to use multiple physical ports on your switch in order to create one logical connection with another switch or host. This assumes that the device you're connecting to is also configured to aggregate its connected ports. This is useful for providing higher throughput as well as high availability as the link continues to function even if part of the aggregate connection fails.

Selecting your Aggregate ports

In your virtual stack, select the ports you would like to aggregate. Once you have selected the target ports, choose "Aggregate Ports" at the top or bottom of the port list and accept the change notification. 


Splitting your Port Aggregates

If you decide to remove or modify your port aggregation links, simply select the aggregated port and choose "Split Aggregates". This will revert the changes and split the group into it's own separate ports.

*For more specific configuration and interoperability information, please see kb.meraki.com