Hi ,
I have come across this 'issue' recently , when you configure vlans on a routed MX the behavior of 'allowed vlans: all' is different on a small MX eg:MX68CW versus a larger one eg: MX250.
On a MX250 it is the 'classic' and expected behavior. Allowed vlans : all means ALL vlans (1-4095) that will be allowed.
On a MX68CW it is ONLY the vlans that were created that will be allowed.
I'm not able to test on all 'large' MXs ( MX100,MX450 ) but I'm sure that this is also the behavior on those.
Very unusual to have 2 separate behavior on the same plateform. I just wonder what was the point of it and the goal apart from creating confusion..
Solved! Go to Solution.
Hardware limitation maybe?
Maybe to prevent the smaller MX to forward trafic for non pruned vlans. Might be that , still it is undocumented which is probably my main concern if that's the case
Agreed it should be documented.
Have you opened a Support case for this? It would be good to get it confirmed and noted in documentation if it's expected behavior.
I can confirm on an MX75 that only VLANs with a L3 interface on the MX can be selected for a port in access mode, but that's not quite what you asked, is it?
I haven't yet. This is how I would reproduce the 'issue' :
On MX250. Create 1 vlan ( 20 )
On both MS350, create 2 uplinks ( trunks , native vlan 20 , allow all vlans ). Create 1 access port with a undefined vlan on the MX ( my case that would be 50 )
Connect a client a generate multicast / broadcast. You will notice that the packets can transit the MX250 and reach the other MS350
Do the exact same thing on a MX68 and it won't work since the MX68 will only allow the vlans that it knows ( are defined )
I don't know if this is expected, but I've already validated that on some Switch models you can't allow all VLANs either. An example is MS 390, you can only add from VLAN 1 to 1000.
But as for the MX, I don't think it's exactly a problem since the recommended by best practices is to allow only the VLANs that will be used. 😅
To be clear the MS390 (and Cat9K) only allow 1,000 active VLANs. You can use VLAN IDs higher than 1000. It's covered HERE.
Great ! Do we know if there is a fix coming ? Also , can we identify what 'certain platforms' are ? I'm guessing the MX250 is included
Thanks a lot !
My recommendation is open a Support case. They can attach it to a bug and then you'll be updated when it's resolved. As for the platform list - seeking info on that. But from anecdotal info it might be everything MX75 and up.
Well , no success ( refer to : 08772837 ) :
Hello Raphael,
This is a feature not a bug based on the functionality of the different MXes. There is no fix that will be released and is treated as expected behavior depending on the MX model.
@Ryan_Miles I'm confused
Yes, it does sound like this is a known issue and one that's expected based on specific hardware platforms. So, my calling it a bug was perhaps misleading as that suggests something to be fixed.
I've run into this before. Create additional VLANs on the MX. I used 169.254.x.x addresses on them (dummy addresses).
End of the story : Case is closed. Meraki says that it is normal and expected to have 2 different behavior on the same product familiy.
Well we choose our fights. Clearly lost that one.