We are trying to switch ISPs and switching over to Meraki SD-WAN. In testing I've run into an issues with not being able to communicate with a server on the local network. The network is on 10.10.0.0/24 but a server uses a virtual IP of 10.10.8.60 (I'm told its so it can share the connection over 4 physical ports on the server). The network is using two SG200 switches with nothing really configured into them. On the MX under routing VLANs I added 10.10.0.0/24 ID-1 and 10.10.8.0/24 ID-18 and the ports are configured Trunk, VLAN 1, and allow all VLANs.
Once I plug the network into the MX certain things stop working that have to do with the server on 10.10.8.60. I can ping that servers physical IP of 10.10.0.60 but not the 10.10.8.60.
On the current working ISP the network is plugged into their Fortinet. I asked what they have set to allow 10.10.8.0
sh sys int nonpci1-switch
config system interface
edit "nonpci1-switch"
set vdom "root"
set ip 10.10.0.2 255.255.255.0
set allowaccess ping
set type hard-switch
set snmp-index 2
set secondary-IP enable
config secondaryip
edit 1
set ip 10.10.8.1 255.255.255.0
set allowaccess ping
next
end
next
end
Physical interfaces assigned to this virtual switch are internal1 and internal2:
sh sys virtual-switch
config system virtual-switch
edit "nonpci1-switch"
set physical-switch "sw0"
config port
edit "internal1"
next
edit "internal2"
next
end
next
end
I did go into the switches and add the VLAN 18 but I have not set it to a port.
That server - does it have a virtual switch inside of it? Is it using the correct VLAN numbers?
Edit: You may also need to run the vlan through the switches in between your MX and this server. A diagram of the traffic flow would be helpful.
"does it have a virtual switch inside of it?" Not that I'm aware of. I would have to ask the software vendor that is in charge of it.
Whats the best way to make diagram of the traffic flow?
*added info
# named virtual ips
10.10.8.60 vipa60
Well - for future reference, I use labeled boxes a lot for a quick and dirty diagram. We just need to know devices are between the MX and your server. You also want to check in with your software vendor about what vlans they're set to use.
The simplest choice here is really changing your MX vlan 18 to whatever vlan number is in use.
But if you're deadset on using 18, then you're going to need to ensure it's added to your uplink/downlinks between MX -> switch(es) -> server, and that the server is updated to use vlan 18.
I also noticed when in the event log of the MX i was getting Source Ip and/or VLAN mismatch and Client IP conflict.
Two MACs claiming IP 10.10.8.60
Also the 10.10.0.60 last_illegal_ip_mapped_vlan_id 18
I would do what @Nash recommended in changing the VLAN id on the MX from 18 to whatever is named on the server.
Other option, possibly out of normal business hours plug that server into the MX and see if the MX and clients can ping the virtual IP, if so then you know it is a switch config issue.
I checked with the Software Vendor and there is no VLAN ID for the IPs.
I did try after hours yesterday and I was unable to ping the virtual IP. I'm not sure if this had to do with the MX saying there is an IP conflict with the 10.10.8.60 IP.
I did run a small test on the MX with two computers. One on port 5 with the Native VLAN 18 with IP 10.10.8.50
and another computer connected to port 9 with the Native VLAN 1 with IP 10.10.0.136
The 8.50 could ping the 0.136 but the 0.136 could not ping the 8.50
So far what I'm getting is I have to use VLAN IDs for this to work? The software vendor said they have never had to assign a VLAN ID before.
*Update
I took the VLANs out. There really isn't a reason to keep them separated, so I added some static routes in the MX and was able to ping all the IPs. However the system couldn't print for some odd reason. One problem down another one to go.