Configuring MX

CashG
Getting noticed

Configuring MX

We are trying to switch ISPs and switching over to Meraki SD-WAN. In testing I've run into an issues with not being able to communicate with a server on the local network. The network is on 10.10.0.0/24 but a server uses a virtual IP of 10.10.8.60 (I'm told its so it can share the connection over 4 physical ports on the server). The network is using two SG200 switches with nothing really configured into them. On the MX under routing VLANs I added 10.10.0.0/24 ID-1 and 10.10.8.0/24 ID-18 and the ports are configured Trunk, VLAN 1, and allow all VLANs. 

 

Once I plug the network into the MX certain things stop working that have to do with the server on 10.10.8.60. I can ping that servers physical IP of 10.10.0.60 but not the 10.10.8.60.

 

On the current working ISP the network is plugged into their Fortinet. I asked what they have set to allow 10.10.8.0

sh sys int nonpci1-switch

config system interface

    edit "nonpci1-switch"

        set vdom "root"

        set ip 10.10.0.2 255.255.255.0

        set allowaccess ping

        set type hard-switch

        set snmp-index 2

        set secondary-IP enable

            config secondaryip           

                edit 1

                    set ip 10.10.8.1 255.255.255.0

                    set allowaccess ping

                next

            end

    next

end

 

Physical interfaces assigned to this virtual switch are internal1 and internal2:

 

sh sys virtual-switch

config system virtual-switch

    edit "nonpci1-switch"

        set physical-switch "sw0"

            config port

                edit "internal1"

                next

                edit "internal2"

                next

            end

    next

end

 

I did go into the switches and add the VLAN 18 but I have not set it to a port. 

8 REPLIES 8
Nash
Kind of a big deal

That server - does it have a virtual switch inside of it? Is it using the correct VLAN numbers?

 

Edit: You may also need to run the vlan through the switches in between your MX and this server. A diagram of the traffic flow would be helpful.

CashG
Getting noticed

"does it have a virtual switch inside of it?" Not that I'm aware of. I would have to ask the software vendor that is in charge of it. 

 

Whats the best way to make diagram of the traffic flow?

 

*added info 

# named virtual ips

10.10.8.60      vipa60

 

 

Nash
Kind of a big deal

Well - for future reference, I use labeled boxes a lot for a quick and dirty diagram. We just need to know devices are between the MX and your server. You also want to check in with your software vendor about what vlans they're set to use.

 

The simplest choice here is really changing your MX vlan 18 to whatever vlan number is in use.

 

But if you're deadset on using 18, then you're going to need to ensure it's added to your uplink/downlinks between MX -> switch(es) -> server, and that the server is updated to use vlan 18.

CashG
Getting noticed

I also noticed when in the event log of the MX i was getting Source Ip and/or VLAN mismatch and Client IP conflict.

Two MACs claiming IP 10.10.8.60 

 

Also the 10.10.0.60 last_illegal_ip_mapped_vlan_id 18

CashG
Getting noticed
SoCalRacer
Kind of a big deal

I would do what @Nash recommended in changing the VLAN id on the MX from 18 to whatever is named on the server.

 

Other option, possibly out of normal business hours plug that server into the MX and see if the MX and clients can ping the virtual IP, if so then you know it is a switch config issue.

I checked with the Software Vendor and there is no VLAN ID for the IPs. 

 

I did try after hours yesterday and I was unable to ping the virtual IP. I'm not sure if this had to do with the MX saying there is an IP conflict with the 10.10.8.60 IP.

 

I did run a small test on the MX with two computers. One on port 5 with the Native VLAN 18 with IP 10.10.8.50

and another computer connected to port 9 with the Native VLAN 1 with IP 10.10.0.136

The 8.50 could ping the 0.136 but the 0.136 could not ping the 8.50

 

So far what I'm getting is I have to use VLAN IDs for this to work? The software vendor said they have never had to assign a VLAN ID before. 

CashG
Getting noticed

*Update

I took the VLANs out. There really isn't a reason to keep them separated, so I added some static routes in the MX and was able to ping all the IPs. However the system couldn't print for some odd reason. One problem down another one to go. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels