IP VLAN mismatch in event log.

Solved
ErnstTFD
Getting noticed

IP VLAN mismatch in event log.

Hi there, we use many different subnets in our company for different resources. The only subnet/VLAN I have loaded on my Meraki is 192.168.1.x because this is were I want it to serve. Because of all the subnets I have multiple PC's with more than one IP depending on which subnets they need access too. This causes errors in my event log with the Meraki saying that the IP and MAC doesn't match up and that there are illegal packets.

 

Thank goodness it does not block these "illegal packets". So it does not cause me any problems. except the hundreds of "false" events in my event log that I don't want there.

 

When I access the event log I always enter IP/VLAN mismatch in the "Event type ignore" box. So that it doesn't bother me. I was just wondering if there is a better way of dealing with this? Can I tell the Meraki to ignore other subnets than the one it has been assigned?

 

Or is a better way to load all of these subnets as VLAN's into the Meraki and configure access rules for every one?

 

Here is an example of IP's configured on one of my PC's and on one of it's network adapters:

IPv4 Address. . . . . . . . . . . : 5.0.0.40
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 10.0.0.140
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 10.5.5.140
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 10.10.10.140
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 10.90.90.40
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 172.172.2.40
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.0.40
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.1.40
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.2.190
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.50.140
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.254.40
Subnet Mask . . . . . . . . . . . : 255.255.255.0

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

For each subnet, there should be a separate VLAN.  Clients in a particular VLAN should be plugged into a port that is assigned to that VLAN.  You can use something like an MX or a layer 3 MS to perform the routing.

https://documentation.meraki.com/MX/Networks_and_Routing/Configuring_VLANs_on_the_MX_Security_Applia... 

 

I'm going to guess you have a lot of devices, so you would need managed switches (like an MS) to be able to say which switch ports are in which VLAN.  If the MX does the routing then you can use lower-cost layer 2 switches.

View solution in original post

7 Replies 7
GreenMan
Meraki Employee
Meraki Employee

Why do you have so many IP addresses assigned to one interface on one PC?   This is extremely unusual, unless I'm missing something;   The rest of the world, for one PC with one interface uses just one IP address.   If that PC requires access to multiple IP subnets, you provide routing within your network, via a Default Gateway.

ErnstTFD
Getting noticed

Not all PC's are configured like this, this is just my PC that needs to be able to access everything. Most PC's have one IP, some of them two and a handful three or more. For example our electrical department do a lot of setup and experimentation work. For that they have their own subnet. But they also need to be part of the main subnet to access nas drives and the internet etc. Then we have a separate network for backups, to keep them safe. I have a seperate NIC in my PC to acces only that subnet. I don't know how you will do this with routing?

BrandonS
Kind of a big deal

You can try, but I don't think building all the VLANs will stop the mismatch because you will still be having ARP replies from addresses you configured on your laptop, but not part of the native VLAN you are connected to.  Ignoring the logs is probably best and to be expected for a non standard scenario like this.

- Ex community all-star (⌐⊙_⊙)
PhilipDAth
Kind of a big deal
Kind of a big deal

> I was just wondering if there is a better way of dealing with this?

 

Change the hosts to using a single NIC and use routing (such as on the MX) to get the traffic to the correct VLAN.

ErnstTFD
Getting noticed

Do you have an example how to do this? I have never seen something like this.

PhilipDAth
Kind of a big deal
Kind of a big deal

For each subnet, there should be a separate VLAN.  Clients in a particular VLAN should be plugged into a port that is assigned to that VLAN.  You can use something like an MX or a layer 3 MS to perform the routing.

https://documentation.meraki.com/MX/Networks_and_Routing/Configuring_VLANs_on_the_MX_Security_Applia... 

 

I'm going to guess you have a lot of devices, so you would need managed switches (like an MS) to be able to say which switch ports are in which VLAN.  If the MX does the routing then you can use lower-cost layer 2 switches.

BrandonS
Kind of a big deal

I’m guessing OP does this to quicken time to manage various equipment with his laptop. It never crossed my mind, but I could see how it saves a few

minutes when plugging your laptop into some equipment for maintenance, etc. maybe like a field tech that goes around and has to plug into different stuff with static addresses throughout the day. 

I’m curious to hear the reason too. Maybe there is a better way. 

- Ex community all-star (⌐⊙_⊙)
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels