Meraki

Community

Dry VLAN possible?

Solved
ely105
Here to help
‎Jan 30 2020 4:39 PM
‎Jan 30 2020 4:39 PM

Dry VLAN possible?

Hi,

  Maybe a silly question but I am trying to accomplish a "dry" VLAN on a Meraki MX/MS setup.  By Dry I mean i'd like to assign ports to a VLAN and have traffic pass between those ports and devices connected to them but was hoping to not have to set an MX IP address or address scope.  Essentially having no interaction with Meraki MX, just a virtual cable if you will.

 

Regards,

-m

0 Kudos
1 Accepted Solution
In response to ely105
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 30 2020 7:10 PM
‎Jan 30 2020 7:10 PM

This is an example of one I have done.  I tend to make the third tuple equal to the VLAN number.

 

1.PNG

'

 

View solution in original post

13 Replies 13
BrandonS
Kind of a big deal
‎Jan 30 2020 5:00 PM
‎Jan 30 2020 5:00 PM

Yes you can. You are forced to assign an IP but do not have to use it or enable DHCP on the VLAN. If I understand correctly you might want to just make a new VLAN and then assign it to a couple of ports set to access mode. You could create a 2 or 3 port switch this way with nothing routing through the MX assuming you don’t route anything to the VLAN IP. 

- Ex community all-star (⌐⊙_⊙)
In response to BrandonS
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 30 2020 6:24 PM
‎Jan 30 2020 6:24 PM

I have used auto-conf addresses when doing this in the past (169.254.x.x/30).  This class of addresses are link-local and non-routable.

In response to PhilipDAth
ely105
Here to help
‎Jan 30 2020 6:58 PM
‎Jan 30 2020 6:58 PM

I like the idea of using a auto-conf address but i get an error when I try to save it.  It says the MX IP address is not in the subnet.

 

 

Screen Shot 2020-01-30 at 6.56.08 PM.png

0 Kudos
In response to ely105
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 30 2020 7:10 PM
‎Jan 30 2020 7:10 PM

This is an example of one I have done.  I tend to make the third tuple equal to the VLAN number.

 

1.PNG

'

 

In response to ely105
drgnslyr
Getting noticed
‎Jan 31 2020 6:08 AM
‎Jan 31 2020 6:08 AM

@ely105 wrote:

I like the idea of using a auto-conf address but i get an error when I try to save it.  It says the MX IP address is not in the subnet.

 

 

Screen Shot 2020-01-30 at 6.56.08 PM.png

The error is coming from the flipped numbers in the MX  IP, you have 196, should be 169. 

In response to drgnslyr
ely105
Here to help
‎Jan 31 2020 7:32 AM
‎Jan 31 2020 7:32 AM

wow, rookie mistake. I stared at that several times too. Thanks for the catch.
0 Kudos
In response to BrandonS
ely105
Here to help
‎Jan 31 2020 7:35 AM
‎Jan 31 2020 7:35 AM

Thanks Brandon!  I figured that might work, and I think that coupled with the autoconfig address it makes it a bit more "dark/dry" to Meraki. 

0 Kudos
Nash
Kind of a big deal
‎Jan 31 2020 6:23 AM
‎Jan 31 2020 6:23 AM

You said you have a switch? Does the traffic actually have to transit the MX in order to do what you need it to do?

 

i.e. is it just internal or does it need to go out. If it doesn't need to go out, and all the ports are of the MS...

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
In response to Nash
ely105
Here to help
‎Jan 31 2020 7:32 AM
‎Jan 31 2020 7:32 AM

All the ports would be on the MS or multiple MS's.  So it doesn't really need to traverse the MX

0 Kudos
In response to ely105
Aaron_Wilson
A model citizen
‎Feb 1 2020 4:27 AM
‎Feb 1 2020 4:27 AM

If all on the MS, just set the ports to a unique vlan. No MX config required. Just make sure you add that new vlan to the trunks.

I do this at hotels all the time. They never make L3 changes, just add some made up vlan to the ports I need and trunk it for me
In response to Aaron_Wilson
dkleeman
Conversationalist
‎Oct 16 2020 9:44 AM
‎Oct 16 2020 9:44 AM

think that Aaron has made an important point here. If I understand his point it is that the VLAN can exist on the relevant switches by simply being configured on a port and a trunk. The VLAN does not need to exist on the MX. I had not grasped this because I could not see anywhere to define a VLAN except on the MX.

0 Kudos
In response to dkleeman
Aaron_Wilson
A model citizen
‎Oct 19 2020 10:48 AM
‎Oct 19 2020 10:48 AM

Correct, vlan can be on a layer 2 switch without needing to be configured on the layer 3 switch.

 

In my picture you will see 1234 exists on the switch, but not the MX. If you configured 1234 on the switch and any layer 2 trunks it should work just fine.

 

The part I have not tested/confirmed is if the MX will pass the "1234" vlan when "allow all vlans" is enabled on a MX trunk port. You cannot allow just 1234 on a MX trunk link without it being configured, and obviously there would be no layer 3 routing if you did not configure it.

 

Aaron_Wilson_0-1603129491933.png

Aaron_Wilson_1-1603129531612.png

 

victorsanchez
Conversationalist
‎Jan 19 2021 8:01 AM
‎Jan 19 2021 8:01 AM

To set a dry vlan (L2), you don't need to set anything on a L3 device (appliance). You just untag the vlan on the needed ports on the switches and they will communicate with each others.

 

 

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.