Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cisco Meraki VLAN creation Issue in MS 250

Solved
Durai
Here to help
‎Apr 4 2023 5:35 AM
‎Apr 4 2023 5:35 AM

Cisco Meraki VLAN creation Issue in MS 250

 

Hi All,

 

Good evening.

 

Recently we have bought MS250 Switch and MX105 firewall.

 

Here we need to keep all VLANs in MS250 instead of MX105.

 

In firewall we are keeping default VLAN 1 (192.168.128.0/24).

 

I have created 5 VLANs in MS250. But its not working.

 

VLANs are not able to reach firewall.

 

VLAN Details below.

 

192.168.10.0/24 Interface IP 192.168.10.1

 

192.168.12.0/29 Interface IP 192.168.12.1

 

192.168.12.8/29 Interface IP 192.168.128.9

 

172.24.100.0/24 Interface IP 172.24.100.1

 

* InterVLAN communication is not working.

 

But i have two end points in 192.168.12.5 1 / 92.168.128.6. I am able to access this end points from 192.168.12.1.

 

Do we need to enable OSPF for interVLAN communication?

 

Can some one help me to resolve this case since i am new to cisco meraki Environment.

 

 

 

0 Kudos
Subscribe
1 Accepted Solution
In response to Durai
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 4 2023 7:16 AM
‎Apr 4 2023 7:16 AM

Just to be clear, the way it's configured in MX you're causing route asymmetry every time packets are forwarded.
 
What you need to do is create a summary route or specific routes for each subnet.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
Subscribe
11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 4 2023 6:25 AM
‎Apr 4 2023 6:25 AM

Do you have routes configured on Switch and Firewall?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 4 2023 6:27 AM
‎Apr 4 2023 6:27 AM

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Layer_3_Switching_and_Routing

 

Can you share your MS and MX interfaces and routes configuration?

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Recommended_Topologies/MX_and_MS_B...

 

 

Basically, you need to create a default route in MS pointing to MX as the next hop and routes in MX to the subnets you created in MS pointing to MS IP as the next hop.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Durai
Here to help
‎Apr 4 2023 6:58 AM
‎Apr 4 2023 6:58 AM

Hi Alemabrahao,

 

Thank you for your response.

 

MS 250 Routing: 

 

Default route  0.0.0.0/0  192.168.128.1  No Not preferred

 

Note : 192.168.128.1 is firewall IP address. (VLAN1 Which is in Firewall)

 

MX105

 

Default 0.0.0.0/0 192.168.128.5 always

 

192.168.128.5 is my switch IP address

 

Note : Switch is in Stack

 

 

 

0 Kudos
Subscribe
In response to Durai
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 4 2023 7:00 AM
‎Apr 4 2023 7:00 AM

Your route on the MX is wrong.

 

Take a look at this example:

 

 

alemabrahao_0-1680616834372.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to Durai
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 4 2023 7:16 AM
‎Apr 4 2023 7:16 AM

Just to be clear, the way it's configured in MX you're causing route asymmetry every time packets are forwarded.
 
What you need to do is create a summary route or specific routes for each subnet.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Durai
Here to help
‎Apr 5 2023 2:50 AM
‎Apr 5 2023 2:50 AM

Hi Alemabrahao,
 
Thank you for response and solution.
 
after changing the configuration as per your correction, Its working fine.
 
But i have one more query from this,
 
I am able to reach firewall from MS250
Also able to reach MS250 from switch.
 
 
But in MS250 switch,
 
i am not able to reach one VLAN gateway to Another VLAN.
 
Example:
 
192.168.10.1 to 192.168.12.1 is not communicating.
192.168.12.1 to 172.24.100.1 is not communicating.
 
Do we need to enable OSPF for all VLANs.

 

0 Kudos
Subscribe
In response to Durai
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 5 2023 3:37 AM
‎Apr 5 2023 3:37 AM

No, OSPF is not necessary. Do you have any ACL configured?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Durai
Here to help
‎Apr 5 2023 4:41 AM
‎Apr 5 2023 4:41 AM

Hi Alemabrahao,

 

There is no ACL configured. But when i enable OSPF , i am able to ping the end devices which is connected within VLANs.

 

Durai_0-1680694856237.png

 

 

0 Kudos
Subscribe
In response to Durai
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 5 2023 4:47 AM
‎Apr 5 2023 4:47 AM

Probably you are missing some configuration, I'm pretty sure that OSPF is not a requirement. 😉

 

It would be ideal to check your settings, but this is not the place to do that.
 
But remember that although things are a little different with Meraki, the routing concepts are the same, just remember the concepts and apply them in practice and it will work.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Durai
Here to help
‎Apr 5 2023 5:03 AM
‎Apr 5 2023 5:03 AM

I will check it out and let you know.

 
Thanks for your swift response and making me correct.
 
let me try 
 
Have a good day alemabrahao

 

0 Kudos
Subscribe
In response to Durai
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 5 2023 3:58 AM
‎Apr 5 2023 3:58 AM

Some Considerations:

 

 

Switch Management IP and Layer 3 Interfaces

The management IP is treated entirely different from the layer 3 routed interfaces and must be a different IP address. It can be placed on a routed or non-routed VLAN (such as the case of a management VLAN independent from client traffic). Traffic using the management IP address to communicate with the Cisco Meraki Cloud Controller will not use the layer 3 routing settings, instead using its configured default gateway. Therefore, it is important that the IP address, VLAN, and default gateway entered for the management/LAN IP still provide connectivity to the internet.

 

The management interface for a switch (stack) performing L3 routing cannot have a configured gateway of one of its own L3 interfaces

 

For switch stacks performing L3 routing, ensure that the management IP subnet does not overlap with the subnet of any of it's own configured L3 interfaces. Overlapping subnets on the management IP and L3 interfaces can result in packet loss when pinging or polling (via SNMP) the management IP of stack members.

 
Pings Destined for a Layer 3 Interface

MS Switches with Layer 3 enabled will prioritize forwarding traffic over responding to pings. Because of this, packet loss and/or latency may be observed for pings destined for a Layer 3 interface. In such circumstances, it's recommended to ping another device in a given subnet to determine network stability and reachability. 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.