Dry VLAN possible?

SOLVED
ely105
Here to help

Dry VLAN possible?

Hi,

  Maybe a silly question but I am trying to accomplish a "dry" VLAN on a Meraki MX/MS setup.  By Dry I mean i'd like to assign ports to a VLAN and have traffic pass between those ports and devices connected to them but was hoping to not have to set an MX IP address or address scope.  Essentially having no interaction with Meraki MX, just a virtual cable if you will.

 

Regards,

-m

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

This is an example of one I have done.  I tend to make the third tuple equal to the VLAN number.

 

1.PNG

'

 

View solution in original post

13 REPLIES 13
BrandonS
Kind of a big deal

Yes you can. You are forced to assign an IP but do not have to use it or enable DHCP on the VLAN. If I understand correctly you might want to just make a new VLAN and then assign it to a couple of ports set to access mode. You could create a 2 or 3 port switch this way with nothing routing through the MX assuming you don’t route anything to the VLAN IP. 

- Ex community all-star (⌐⊙_⊙)
PhilipDAth
Kind of a big deal
Kind of a big deal

I have used auto-conf addresses when doing this in the past (169.254.x.x/30).  This class of addresses are link-local and non-routable.

I like the idea of using a auto-conf address but i get an error when I try to save it.  It says the MX IP address is not in the subnet.

 

 

Screen Shot 2020-01-30 at 6.56.08 PM.png

PhilipDAth
Kind of a big deal
Kind of a big deal

This is an example of one I have done.  I tend to make the third tuple equal to the VLAN number.

 

1.PNG

'

 


@ely105 wrote:

I like the idea of using a auto-conf address but i get an error when I try to save it.  It says the MX IP address is not in the subnet.

 

 

Screen Shot 2020-01-30 at 6.56.08 PM.png


The error is coming from the flipped numbers in the MX  IP, you have 196, should be 169. 

wow, rookie mistake. I stared at that several times too. Thanks for the catch.

Thanks Brandon!  I figured that might work, and I think that coupled with the autoconfig address it makes it a bit more "dark/dry" to Meraki. 

Nash
Kind of a big deal

You said you have a switch? Does the traffic actually have to transit the MX in order to do what you need it to do?

 

i.e. is it just internal or does it need to go out. If it doesn't need to go out, and all the ports are of the MS...

All the ports would be on the MS or multiple MS's.  So it doesn't really need to traverse the MX

If all on the MS, just set the ports to a unique vlan. No MX config required. Just make sure you add that new vlan to the trunks.

I do this at hotels all the time. They never make L3 changes, just add some made up vlan to the ports I need and trunk it for me

think that Aaron has made an important point here. If I understand his point it is that the VLAN can exist on the relevant switches by simply being configured on a port and a trunk. The VLAN does not need to exist on the MX. I had not grasped this because I could not see anywhere to define a VLAN except on the MX.

Correct, vlan can be on a layer 2 switch without needing to be configured on the layer 3 switch.

 

In my picture you will see 1234 exists on the switch, but not the MX. If you configured 1234 on the switch and any layer 2 trunks it should work just fine.

 

The part I have not tested/confirmed is if the MX will pass the "1234" vlan when "allow all vlans" is enabled on a MX trunk port. You cannot allow just 1234 on a MX trunk link without it being configured, and obviously there would be no layer 3 routing if you did not configure it.

 

Aaron_Wilson_0-1603129491933.png

Aaron_Wilson_1-1603129531612.png

 

victorsanchez
Conversationalist

To set a dry vlan (L2), you don't need to set anything on a L3 device (appliance). You just untag the vlan on the needed ports on the switches and they will communicate with each others.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels