Configure IP blocks on MX

maxhest
Comes here often

Configure IP blocks on MX

So, Comcast EDI delivers two IP blocks. 

 

/30 and /29

 

I programmed my WAN port with the /30 and I am able to get out to the internet. However, I want to setup to use the IPs in my /29. 

 

AKA, so I have my LAN and I want to have all traffic come from an IP in my /29 and use the /30 as a default route. Let me know if I'm not being clear. 

7 REPLIES 7
MRCUR
Kind of a big deal

You'll either need to place a L3 device in front of the MX which can handle this type of setup, or ask Comcast to provide the /29 as the handoff and skip the /30. This is a limitation of the MX line. Our solution in the past was to put an MS320 in front of the MX and create two L3 interfaces on it - one with the /30 for the Comcast handoff, the second with the IP space Comcast was routing to us. 

MRCUR | CMNO #12
maxhest
Comes here often

Thank you for the quick reply! 

 

I have an MS225P, would this work if I used that in front and then routed back to the MX? And VLAN it off for those ports? 

MRCUR
Kind of a big deal

Yep, that should work since the MS225's support 16 static routes. Just make sure you create the /30 interface first so the default route is set properly. 

 

Also keep in mind you'll still need to get the MS225 Internet access through a non-routed interface. So just plug it into your internal network in your usual management VLAN in addition to the Comcast interface and the MX interface. 

MRCUR | CMNO #12
maxhest
Comes here often

Ok, so in theory I can still have my APs in this switch as well?

 

I would have the Comcast Ciena in the MS225, plug in the internet port the the MX to the MS Switch that has the /29 and then have the rest of the devices behind the firewall? 

MRCUR
Kind of a big deal

Yes, you can have other devices on the switch as long as they’re in another VLAN.

Create a L3 interface with the /30 from Comcast and assign a unique VLAN to it. Put a port in access mode in that VLAN and plug the Ciena into it.

Create a second L3 interface with the /29 from Comcast and use a different unique VLAN. Put another port in access mode in this VLAN and plug the MX Internet 1 port into this port. Assign the MX an IP from the /29 and there you go. You can then use the remaining IP’s in the /29 (minus the MS225’s IP and MX’s IP) for 1:1 NAT rules.
MRCUR | CMNO #12
maxhest
Comes here often

And we can use the /30 as the default route ?

This is how they have an example or do we just use how you explained and that will work as expected ?

https://business.comcast.com/help-and-support/ethernet/comcast-business-ethernet-equipment-configura...
MRCUR
Kind of a big deal

As long as you create the /30 interface on the switch first, it will correctly use that as the default route for all other L3 interfaces you create. You should still set the MX's gateway as the /29 block IP you assign to the MS225 though. 

MRCUR | CMNO #12
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels