Does Meraki MX need connection to the Meraki cloud / Internet to work? I have a Meraki MX configured for VLANs, I connected it to our ISP, and I got the solid white light. When I logged into the dashboard, it says "config up to date".
I disconnected it from the internet, and I setup my switches to see if works. The switches are not getting the correct VLANs. I created the same setup on the MX on a Juniper router, and when I connect the switch to the Juniper router, it's working.
The Meraki and Juniper have the same exact configuration. So why doesn't the switches work when it's connected to the MX (not connected to Internet), but it works on the Juniper router (not connected to Internet)? I know the Juniper saves its config on the actual device and the MX does not. I don't understand.
If MX only works when it has Internet connection, does that mean that if I loose Internet, the LAN stop working?
Solved! Go to solution.
On the MX, I changed the native VLAN from 2 to "drop untagged traffic", didn't change anything on the switch side. I'm getting the correct VLAN now.
The LAN will continue to work. You just won't have internet access. Granted that it does need internet connection to the Meraki cloud to do it's configs.
Ok, but why doesn't the switch get the config from MX, but on the MX dashboard it says "configuration upto date".
The Juniper router I was testing (which have the same VLANs and trunk ports as the MX) works.
what kind of switch? how is it configured? what config you expect the switch to get from the mx?
The switches are Netgear. I have 3 VLANs on the Meraki, I'm expecting to get the correct VLANs on the switch also. To test it's not my switch config, I created the same VLANs on a Juniper router, and connected it to the same switch I was connecting the MX.
When I connect a laptop to the switch while on Juniper, my laptop gets the correct ip depending on which port on the switch I'm connected to. But when I connect the switch to the MX, the laptop does not get any ip, instead I get the 169 loop back.
@tantony wrote:Ok, but why doesn't the switch get the config from MX, but on the MX dashboard it says "configuration upto date".
The Juniper router I was testing (which have the same VLANs and trunk ports as the MX) works.
@tantony I'm sorry if I'm not understanding you correctly but if you are asking me why the Juniper works and the MX doesn't would be because MX is "cloud" controlled and the Juniper can be configured from within it. Do you login to this unit and configure it locally? If you do that's your answer. Now if you're trying to make the MX like a switch it's simply connecting it to the "INTERNET" port and it gets an address from your local LAN. I do not know your network so I'm just shooting from the hip.
@kYutobi "I'm sorry if I'm not understanding you correctly but if you are asking me why the Juniper works and the MX doesn't would be because MX is "cloud" controlled and the Juniper can be configured from within it."
So according to your reply, the MX does need connection to the cloud to work, even the LAN. Yes, I connect to the Juniper router and config the configuration using Putty. But, the MX of course is configured from the cloud.
@Nick @tantony thank you both. Answering what you asked about "MX does need connection to the cloud to work, even the LAN". If you need to configure the ports and change things the MX would need the cloud to configure it's updates. Then let's say you lose internet on the MX but you still have devices plugged in. It will still work on the LAN side but you won't have internet connection obviously.
Hi @tantony
The MX doesn't require an internet connection to continue to function and route VLAN's. In the setup you have mentioned the VLAN's should be working, assuming the ports have been setup correctly along with the firewall rules. Can you connect the MX to the internet to perform the test to examine what is taking place?
However any configurations made in the dashboard will not be applied to the MX until it has connected. Without a Dashboard connection you will be very limited in what you can do with the MX and what you can see.
If you are unable to supply the MX with a connection to Dashboard then you may be better going with a device with onboard management rather than Cloud management.
I did have the MX connected to the dashboard after I made the changes. So the dashboard says "configuration upto date"
So, the MX should have the latest config. I can try connecting the MX to the internet, but I just thought since the dashboard says config up to date, it will work.
Or I have a bad MX!
I have 3 VLANs, one trunk port per VLAN (allowing all VLANs). Same as on the Juniper router.
I could try other ports on the MX, I haven't tried that yet. This is an almost new MX, it's not even in production yet. I'm testing it. May be 2 months old.
On each port you've set the native VLAN to the same as the switches? Yes
Gateway for the VLAN is the MX unit? Yes
What is handling the DHCP for these VLAN's?
If you place two devices on them, are you able to ping each other?
Under "Security & SD-WAN > Firewall you have no rules in place?
Under "Network Wide > Event Log" is it showing any issues
Meraki handling dhcp, no rules in place.
I connected to port 3 (VLAN 2) on MX, and I got the VLAN 2 IP. Connected port 4 (VLAN 3) on MX, and I got the VLAN 3 IP, and port 5 (VLAN 4) on MX, and I got the VLAN 4 IP. So that looks correct.
In the dashboard, this is what I have:
port 3 trunk, native VLAN 2, allowed VLANs (all)
port 4 trunk, native VLAN 3, allowed VLANs (all)
port 5 trunk, native VLAN 4, allowed VLANs (all)
May be I should set the native VLANs on the 3 MX ports to "drop untagged traffic", or make the ports on the switch trunk instead of access.
https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs
do you connect 1 port from the mx to one single switch . or are there connecting more ports to the same switch
do you connect 1 port from the mx to one single switch? Yes, and the switch port is trunk, and the VLAN ports are access
I did have ports on Netgear to access. XS716T, I’m home now, I’ll test Monday
Ports need the same settings on both ends of a link. Having trunk on one side and access on the other is no bueno. You need the same mode, the same allowed VLANs and same native VLAN.
As general rules of thumb. Links between switches are usually trunks as they usually carry multiple VLANs (otherwise you need a separate link for each VLAN... waste of interfaces). The same goes for links between MXs and switches. For access points, if you have multiple SSIDs and have configured any VLANs on them you also need a trunk.
Access ports are used when the device at the other end is VLAN unaware (unmanaged switches, clients). Only packets from the configured VLAN will be sent out and the VLAN tags will be removed before they're sent out. Inversely, for all packets that come into such a port the VLAN id will be added before the packet is sent on further.
I hope this helps.
I do have trunk on MX and trunk on the switch. I think my problem is that I don’t have the same native VLAN on the switch side. Unfortunately, I need to wait till Monday to test.
On the MX, I changed the native VLAN from 2 to "drop untagged traffic", didn't change anything on the switch side. I'm getting the correct VLAN now.
meraki also have a local config. your lan should also work, if the mx has the correct config while offline status in the dashboard.