I have Comcast fiber in my DC. The account has 2 sets of public IP ranges, one set of 5 for the "gateways" and and a set of 13 of user-assignable. We're currently looking to replace a cable circuit with 13 IPs. Seemed straight forward, until it wasn't. To the Comcast router, I connected an MX68 in routed mode, with one of the 5 IPs as the gateway and then designated a LAN port to handle the 13 user-assignable IPs. I connected another device, assigned the static IP and was done. However, upon inspection, I see that my device is broadcasting the static IP of the gateway, not the static IP of the device. As such, the device static IP is not responding. So, I tried putting the MX68 in passthrough mode. That made circuit fail. I called Comcast and they said I had to apply a routing statement to the Meraki router. I don't see anything within the Meraki (or documentation) regarding doing such a thing. I may be just completely overlooking it, so I'm hoping the community can help me out. This seems like it should be really easy, but so far, I'm failing.
@DunJer622 are you saying that you have one /29 that is directly on the circuit and a /28 that is routed through one of the /29 IP addresses?
If so I'm guessing that you have set the WAN of the MX to one of the /29 IPs and want to use the /28 range on the LAN port. The only way I can think of doing this with an MX is to use No NAT mode that is part of the release 15+ train. Are you running at least 15.42? However unless you have another firewall inside the MX I wouldn't recommend this as you'll only be able to have 13 devices in total. There may be another way to handle this on the MX, but I've not seen it.
If I've got this completely wrong then please correct me.
If it is that freaking "No NAT" issue again, that is going to suck. Ran into that previously with a VeloCloud-Meraki SD-WAN setup. I do have the MX68 LAN connected to a switch that then connects to my MX250 stack and my MX64 VPN router. Currently running 14.53 across the board for all my MX units.
For the /28 on the LAN you could also do 14x 1:1 NATs on the MX - it’s not pretty, but it’s an alternative to No NAT. You create the subnet on the LAN side with the public IP subnet, then create the 14x 1:1 NAT for all the addresses, putting the public IP address for both the public IP and the LAN IP. Then you can manage the permitted inbound connections, to allow everything, it’s protocol ‘any’ (obviously) and then remote IP addresses 0.0.0.0/0. Hopefully this should get you working too.
Thanks for the suggestion. I tried it, but I didn't see a change, as it is still broadcasting the /29 IP (instead of the /28) and the public IP is not responding to ping/web calls. Do I need to be in Passthrough mode, perhaps? Actually, 1:1 NAT is not available in that mode.
Can you clarify what you mean by ‘still broadcasting the /29’? Are you expecting the MX to advertise the presence of the /28 to your ISPs upstream router? If so, then unfortunately you can’t, The MX doesn’t run a routing protocol on its WAN interface, but if your ISP is routing traffic for the /28 to a address on the /29 (which is the address on the MX WAN port) then you should be able to use No NAT or 1:1 NATs to get the traffic to the LAN side of the MX.
Good morning. I'm expecting any device that I assign one of my 13 user-assignable IP addresses to to broadcast that IP. Currently, we have a Comcast coaxial modem that is connected to a switch for distribution of the IPs. If I put any of those IPs into any of my Meraki equipment, they immediately broadcast that IP. The issue here is that I have a Meraki behind a Meraki. Perhaps the Comcast router (with the fiber) needs to be reconfigured? As it is now, my /28 IPs are useless, as I can't remotely access them, nor ping them.
Old Comcast modem (coaxial w/13 IPs) <> switch <> MX250 (core stack) and MX64 (VPN) - Works perfectly, with all assigned IPs responding externally and each unique IP is broadcast.
New Comcast router (fiber w/13 IPs) <> MX68 <> switch <> MX250 and MX64 - Fails. Each MX250/MX64 both broadcast the same IP, with is the IP from the /29 assigned to the MX68. The /28 IPs do not respond to pings or web access.