Maybe a silly question but I am trying to accomplish a "dry" VLAN on a Meraki MX/MS setup. By Dry I mean i'd like to assign ports to a VLAN and have traffic pass between those ports and devices connected to them but was hoping to not have to set an MX IP address or address scope. Essentially having no interaction with Meraki MX, just a virtual cable if you will.
Solved! Go to Solution.
Yes you can. You are forced to assign an IP but do not have to use it or enable DHCP on the VLAN. If I understand correctly you might want to just make a new VLAN and then assign it to a couple of ports set to access mode. You could create a 2 or 3 port switch this way with nothing routing through the MX assuming you don’t route anything to the VLAN IP.
I have used auto-conf addresses when doing this in the past (169.254.x.x/30). This class of addresses are link-local and non-routable.
I like the idea of using a auto-conf address but i get an error when I try to save it. It says the MX IP address is not in the subnet.
The error is coming from the flipped numbers in the MX IP, you have 196, should be 169.
You said you have a switch? Does the traffic actually have to transit the MX in order to do what you need it to do?
i.e. is it just internal or does it need to go out. If it doesn't need to go out, and all the ports are of the MS...
think that Aaron has made an important point here. If I understand his point it is that the VLAN can exist on the relevant switches by simply being configured on a port and a trunk. The VLAN does not need to exist on the MX. I had not grasped this because I could not see anywhere to define a VLAN except on the MX.
Correct, vlan can be on a layer 2 switch without needing to be configured on the layer 3 switch.
In my picture you will see 1234 exists on the switch, but not the MX. If you configured 1234 on the switch and any layer 2 trunks it should work just fine.
The part I have not tested/confirmed is if the MX will pass the "1234" vlan when "allow all vlans" is enabled on a MX trunk port. You cannot allow just 1234 on a MX trunk link without it being configured, and obviously there would be no layer 3 routing if you did not configure it.
To set a dry vlan (L2), you don't need to set anything on a L3 device (appliance). You just untag the vlan on the needed ports on the switches and they will communicate with each others.