We tried to bring up a site with two MX67C and two MS120. The MX's came up, however the switches remained down. After some troubleshooting we noticed that the switches have pulled IP addresses out of a range 192.168.0.0/16 from the standby MX (new, out of the box). the configuration in the Meraki dashboard previewed VLAN1 as untagged VLAN with a range of 192.168.128.0/24. Apparently the switches were not reachable and therefore not configurable. We solved the problem by blocking the DHCP server on the Standby MX.
All good, BUT: for me the question remains, how a standby MX can actively hand out DHCP addresses out of an unconfigured address range? A passive device should never be able to act as DHCP server in my opinion. The active MX should be the only active DHCP server.
Does anybody have more insight in this topic, since I have not found a detailed description on how this is designed to work.
Was the Internet connection for the standby MX up and was it showing as online?
Was the LAN interface of both the primary and standby MX plugged into the same layer 2 domain, so that they could see each other?
thanks for the fast reply. Both MX were connected to the same Internet access box on the internet interface and both MX's had were connected to both switches (all links up, at least what the LEDs said). The config in the dashboard for the MX ports was set to trunk/native VLAN1 in a template and therefore in the bound network as well. So I would say yes, same internet uplink and same Layer 2 domain.
It does sound odd... When the MX's were configured there were no issues going into Primary and Standby?
How did you cable them up into this mode exactly?
First the cabling was not ok, since the standby MX was only connected to the primary MX via LAN port and no working internet uplink was present. After correcting the cabling and rebooting the MX I did a factory reset on the attached switches so I assume that they had to redo the DHCP discovery. And since active and standby MX were up and running in the dashboard I assume that the standby MX had the correct config.
But I have to redo the setup to see if it behaves the same way again.
Thanks for your support.
It took me some time to do the tests, however I was not able to replicate the situation. The DHCP scope 192.168.0.0/16 did not show up again after various factory resets. I must assume that the faulty device has already been used in a test setup previously and had an old configuration on it. Since the spare MX did not have a direct internet connection during my tests with the errors happening, it might have started to distribute IP addresses from its DHCP server.
This brings me to two other questions (tell me if I should ask it in a separate thread): what does a spare MX do in terms of packet forwarding on the LAN ports? Would an internal DHCP server on a spare MX be able to intercept DHCP packets and answer them?