Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I want to reach other subnet . I forgot the routing rules

Solved
athan1234
Building a reputation
‎Mar 6 2022 4:26 AM
‎Mar 6 2022 4:26 AM

I want to reach other subnet . I forgot the routing rules

The scenario is the next:
A have Central point a firewall it is pemit the trafic from network 10.5.2./24 forwad meraki central point ,


The meraki headquarter has the network 10.5.2.0/24.

I want to isolate a device in other network , for this reason . I braked up the network from /24 to /25 .

I craetd on the meraki two networks

vlan 3 10.5.2.0/25 //
GW 10.5.2.2
vlan 4
10.5.2.128/25 // GW 10.5.2.254


I pluged device on diferent meraki port with a Ip address 10.5.2.129 /25 MX ip 10.5.2.254.

From the meraki trought the vlan 3 ( network 10.5.2.0/25) I try to hit via ping the 10.5.2.129 /25 but it was impossible .
May be I will need a static router isen`t it ?

Also I have a doubt When the traffic reach the firewall it has the ip 10.5.2.0/24 could be a problem ? on the firwall I would have to partition the network in two /25 . I don´t remember the routing rules when you break up a network on small pice and you have the main network .

0 Kudos
Subscribe
1 Accepted Solution
Bruce
Kind of a big deal
‎Mar 7 2022 12:22 PM
‎Mar 7 2022 12:22 PM

@athan1234 Have you tried ping from the VLAN11 interface on the MX to the client with IP address .180? That will confirm that the device is on the network. Remember, you need to change the subnet mask on ALL the clients to /25 (so, 255.255.255.128) so that they ‘know’ that IP addresses above .128 need to be accessed by their default gateway.

View solution in original post

Subscribe
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 6 2022 11:23 AM
‎Mar 6 2022 11:23 AM

Are you saying the Meraki MX has two VLANs configured, VLAN3 and VLAN4?  Are you saying the Meraki has the configuration:

VLAN3: 10.5.2.2/25

VLAN4: 10.5.2.254/25

 

Have you configured the MX to have a trunk port with these two VLANs on it, or have you configure some access ports, one in each VLAN?

 

https://documentation.meraki.com/MX/Networks_and_Routing/Configuring_VLANs_on_the_MX_Security_Applia... 

Subscribe
Bruce
Kind of a big deal
‎Mar 6 2022 12:15 PM
‎Mar 6 2022 12:15 PM

@athan1234 you shouldn’t need a static route on the MX. The MX will route between its interfaces without a static route. The MX firewall rules should allow traffic between the VLANs by default, but check those rules too - the ‘outbound’ firewall rules apply to traffic between VLANs. 

Your central firewall won’t know whether the traffic is from a /24 or /25 network, so that won’t matter. You should check your devices, what OS are they running? Some have a local firewall that could be restricting traffic from the other subnet - now that the other device is in a different subnet.

Subscribe
athan1234
Building a reputation
‎Mar 7 2022 6:13 AM
‎Mar 7 2022 6:13 AM

Thanks a lot of for the replies

I attach you some images @Bruce and @PhilipDAth 

The device ip machine is .180  ( I can not  see  the configuration of this device  , but i asked to my client the gateway is .254) maybe it is the problem because if the device has other geteway .254 maybe it is the problem , but my customer tells me the Geteway is the correct .254.

Only there isent comunication betewwen vlan 10 and vlan 11 . inside  Meraki

 

 

0 Kudos
Subscribe
Bruce
Kind of a big deal
‎Mar 7 2022 12:22 PM
‎Mar 7 2022 12:22 PM

@athan1234 Have you tried ping from the VLAN11 interface on the MX to the client with IP address .180? That will confirm that the device is on the network. Remember, you need to change the subnet mask on ALL the clients to /25 (so, 255.255.255.128) so that they ‘know’ that IP addresses above .128 need to be accessed by their default gateway.

Subscribe
In response to Bruce
athan1234
Building a reputation
‎Mar 9 2022 3:53 AM
‎Mar 9 2022 3:53 AM

Hi @Bruce  thanks for your reply . I changed the mask on all device and I get ping between both networks .

So thanks 🙏

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.