Does Meraki MX need connection to the Meraki cloud / Internet?

SOLVED
tantony
Head in the Cloud

Does Meraki MX need connection to the Meraki cloud / Internet?

Does Meraki MX need connection to the Meraki cloud / Internet to work?  I have a Meraki MX configured for VLANs, I connected it to our ISP, and I got the solid white light.  When I logged into the dashboard, it says "config up to date".

 

I disconnected it from the internet, and I setup my switches to see if works.  The switches are not getting the correct VLANs.  I created the same setup on the MX on a Juniper router, and when I connect the switch to the Juniper router, it's working.  

 

The Meraki and Juniper have the same exact configuration.  So why doesn't the switches work when it's connected to the MX (not connected to Internet), but it works on the Juniper router (not connected to Internet)?  I know the Juniper saves its config on the actual device and the MX does not.  I don't understand.

 

If MX only works when it has Internet connection, does that mean that if I loose Internet, the LAN stop working?

1 ACCEPTED SOLUTION
tantony
Head in the Cloud

On the MX, I changed the native VLAN from 2 to "drop untagged traffic", didn't change anything on the switch side.  I'm getting the correct VLAN now.

View solution in original post

28 REPLIES 28
kYutobi
Kind of a big deal

The LAN will continue to work. You just won't have internet access. Granted that it does need internet connection to the Meraki cloud to do it's configs. 

Enthusiast
tantony
Head in the Cloud

Ok, but why doesn't the switch get the config from MX, but on the MX dashboard it says "configuration upto date".

 

The Juniper router I was testing (which have the same VLANs and trunk ports as the MX) works.

ww
Kind of a big deal
Kind of a big deal

what kind of switch? how is it configured? what config you expect the switch to get from the mx?

tantony
Head in the Cloud

The switches are Netgear.  I have 3 VLANs on the Meraki, I'm expecting to get the correct VLANs on the switch also.  To test it's not my switch config, I created the same VLANs on a Juniper router, and connected it to the same switch I was connecting the MX.

 

When I connect a laptop to the switch while on Juniper, my laptop gets the correct ip depending on which port on the switch I'm connected to.  But when I connect the switch to the MX, the laptop does not get any ip, instead I get the 169 loop back.

kYutobi
Kind of a big deal


@tantony wrote:

Ok, but why doesn't the switch get the config from MX, but on the MX dashboard it says "configuration upto date".

 

The Juniper router I was testing (which have the same VLANs and trunk ports as the MX) works.


@tantony  I'm sorry if I'm not understanding you correctly but if you are asking me why the Juniper works and the MX doesn't would be because MX is "cloud" controlled and the Juniper can be configured from within it. Do you login to this unit and configure it locally? If you do that's your answer. Now if you're trying to make the MX like a switch it's simply connecting it to the "INTERNET" port and it gets an address from your local LAN. I do not know your network so I'm just shooting from the hip.    

Enthusiast
tantony
Head in the Cloud

@kYutobi "I'm sorry if I'm not understanding you correctly but if you are asking me why the Juniper works and the MX doesn't would be because MX is "cloud" controlled and the Juniper can be configured from within it."

 

So according to your reply, the MX does need connection to the cloud to work, even the LAN.  Yes, I connect to the Juniper router and config the configuration using Putty.  But, the MX of course is configured from the cloud.

kYutobi
Kind of a big deal

@Nick  @tantony  thank you both. Answering what you asked about "MX does need connection to the cloud to work, even the LAN". If you need to configure the ports and change things the MX would need the cloud to configure it's updates. Then let's say you lose internet on the MX but you still have devices plugged in. It will still work on the LAN side but you won't have internet connection obviously.  

Enthusiast
Nick
Head in the Cloud

Hi @tantony 

 

The MX doesn't require an internet connection to continue to function and route VLAN's. In the setup you have mentioned the VLAN's should be working, assuming the ports have been setup correctly along with the firewall rules. Can you connect the MX to the internet to perform the test to examine what is taking place?

 

However any configurations made in the dashboard will not be applied to the MX until it has connected. Without a Dashboard connection you will be very limited in what you can do with the MX and what you can see.

 

If you are unable to supply the MX with a connection to Dashboard then you may be better going with a device with onboard management rather than Cloud management. 

 

tantony
Head in the Cloud

I did have the MX connected to the dashboard after I made the changes.  So the dashboard says "configuration upto date"

 

So, the MX should have the latest config.  I can try connecting the MX to the internet, but I just thought since the dashboard says config up to date, it will work.

Nick
Head in the Cloud

That should be the case - however to rule out something going wrong i'd plug it back in as its a quick check.

How are the VLAN's setup on the MX?
tantony
Head in the Cloud

Or I have a bad MX!

 

I have 3 VLANs, one trunk port per VLAN (allowing all VLANs).  Same as on the Juniper router.

Nick
Head in the Cloud

It can happen, its rare but i've had a few die off on me.

On each port you've set the native VLAN to the same as the switches? Gateway for the VLAN is the MX unit

No firewall rules in play on the MX unit? The Netgear switches are unmanaged?
tantony
Head in the Cloud

@Nick 

 

I could try other ports on the MX, I haven't tried that yet.  This is an almost new MX, it's not even in production yet.  I'm testing it.  May be 2 months old.

 

On each port you've set the native VLAN to the same as the switches? Yes

Gateway for the VLAN is the MX unit? Yes

Nick
Head in the Cloud

What is handling the DHCP for these VLAN's?

If you place two devices on them, are you able to ping each other?

Under "Security & SD-WAN > Firewall you have no rules in place?

 

Under "Network Wide > Event Log" is it showing any issues

tantony
Head in the Cloud

Meraki handling dhcp, no rules in place. 

Nick
Head in the Cloud

Ok - can you plug into the the MX port directly and confirm you get an IP. With another device do ether same and see if you can ping between the two
tantony
Head in the Cloud

@Nick 

 

I connected to port 3 (VLAN 2) on MX, and I got the VLAN 2 IP. Connected port 4 (VLAN 3) on MX, and I got the VLAN 3 IP, and  port 5 (VLAN 4) on MX, and I got the VLAN 4 IP.  So that looks correct.

 

In the dashboard, this is what I have:

 

port 3 trunk, native VLAN 2, allowed VLANs (all)

port 4 trunk, native VLAN 3, allowed VLANs (all)

port 5 trunk, native VLAN 4, allowed VLANs (all)

tantony
Head in the Cloud

May be I should set the native VLANs on the 3 MX ports to "drop untagged traffic", or make the ports on the switch trunk instead of access.

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs

 

  • Native VLAN (trunk mode only): Sets the Native VLAN for the port. All untagged traffic that comes in on this port will be treated as if it belonged to this VLAN. This can also be set to Drop Untagged Traffic.
ww
Kind of a big deal
Kind of a big deal

do you connect 1 port from the mx to one single switch . or are there connecting more ports to the same switch

tantony
Head in the Cloud

@ww 

do you connect 1 port from the mx to one single switch?  Yes, and the switch port is trunk, and the VLAN ports are access

 

 

Nick
Head in the Cloud

You don't need to change the VLAN settings, those settings are correct.

If you plug a switch into the MX can you get an IP through DHCP connecting into the switch with a laptop?
tantony
Head in the Cloud

@Nick 

 

No, that's the problem.  I have the same config on the Juniper router, and I get dhcp.

Nick
Head in the Cloud

On the netgear set the switch port to access and test again

What model of Netgear out of interest

tantony
Head in the Cloud

I did have ports on Netgear to access. XS716T, I’m home now, I’ll test Monday

Ports need the same settings on both ends of a link. Having trunk on one side and access on the other is no bueno. You need the same mode, the same allowed VLANs and same native VLAN.

 

As general rules of thumb. Links between switches are usually trunks as they usually carry multiple VLANs (otherwise you need a separate link for each VLAN... waste of interfaces). The same goes for links between MXs and switches. For access points, if you have multiple SSIDs and have configured any VLANs on them you also need a trunk.

 

Access ports are used when the device at the other end is VLAN unaware (unmanaged switches, clients). Only packets from the configured VLAN will be sent out and the VLAN tags will be removed before they're sent out. Inversely, for all packets that come into such a port the VLAN id will be added before the packet is sent on further.

 

I hope this helps.

@BrechtSchamp 

I do have trunk on MX and trunk on the switch.  I think my problem is that I don’t have the same native VLAN on the switch side. Unfortunately, I need to wait till Monday to test. 

tantony
Head in the Cloud

On the MX, I changed the native VLAN from 2 to "drop untagged traffic", didn't change anything on the switch side.  I'm getting the correct VLAN now.

ww
Kind of a big deal
Kind of a big deal

meraki also have a local config. your lan should also work, if the mx has the correct config while offline status in the dashboard.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels