InterVlan Routing not working

Solved
DscRafael
Here to help

InterVlan Routing not working

Could you help me understand why I can't have internal communication between my VLANS, I have an mx64.

 

The situation is as follows, I have a desktop directly connected to the meraki that is on vlan 1 and has the ip 192.168.1.2 if on that desktop I use a VM that is on the same network (192.168.1.0/24) I can have normal communication.

 

However, if I put this VM on the VLAN 30 LABS network (192.168.30.0/24) I cannot have any type of communication, not even with the gateway (MX IP 192.168.30.1). However, from the desktop (ip 192.168.1.2) I can ping the gateway, but no other ip from the VLAN 30 range.

 

Below is how the VLANs are configured:

DscRafael_0-1676117293742.png

 

 

Meraki is currently with Client tracking in IP Address mode, even in Mac Address mode, the communication does not work:

 

DscRafael_1-1676117293749.png

 

 

There are no firewall rules or group policies blocking communication:

DscRafael_2-1676117293754.png

 

Group policies

DscRafael_3-1676117293755.png

 

ARP VLAN 30:

DscRafael_4-1676117293757.png

 

 

Tests vlan 30 not working

DscRafael_5-1676117293761.png

 

Test vlan 1 working

DscRafael_6-1676117293765.png

 

DscRafael_7-1676117293767.png

 

1 Accepted Solution
DscRafael
Here to help

I found the problem.

View solution in original post

16 Replies 16
alemabrahao
Kind of a big deal
Kind of a big deal

Are you using VMware on a Windows desktop? It's probably a Hypervisor problem, not the MX. You can test it by setting up two physical machines on a different VLAN.
 
I'm saying this because I've come across the same situation running Hypervisor installed on a Windows machine.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Hello,
I'm using VMware. I've already tried to do the tests by tagging the vlan or leaving it without tagging, but I wasn't successful anyway.

Forget it, VMware running directly on Windows will not work, only with VMware ESXI.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

But why not?
This to me is simple routing on L3.
If I connect the windows desktop to the ISP's router (a very simple router, by the way) the communication works normally...

It'  VMware limitation. 😕

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Sarv
Getting noticed

Not sure about the VMware on Windows (Im assuming you are using VMWare workstation?). Did you try changing the MX Port settings for the port connected to this VM? Change it from Trunk port to Access Port (VLAN 30).  Im assuming you are changing the virtual machine (the same one) from VLAN 1 to VLAN 30. If that is not the case and you have a switch port uplinked to the Meraki make sure you have presented VLAN 30 over that.

I am using VMware workstation. With the use of vmware workstation, there is no point in changing the trunk port to access, as that would be one more reason for the connection not to work between the vlans.
I don't have any switches between the MX and the desktop, it's directly connected to the MX.

@DscRafael it's a VMware limitation, on Microsoft hyperv it works well 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

VMware limitation? Are you sure what you're talking about? If I replicate the same vlans connected to an ASA 5505 it works correctly. It's a limitation of MX

Yep, I'm sure. 😉

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

So use a Cisco ASA, or open a support case. ✌🏼

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

And just so you know, I'm talking about VMware Workstation, okay? I've already performed several network migrations with virtualized environments (VMware EXI, Microsoft HyperV, Xen, etc) and never had any problems.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Ryan_Miles
Meraki Employee
Meraki Employee

This sounds like a VM issue and not a MX problem. Everything appears fine on your MX from the screenshots and inter VLAN routing should work fine. If you put standard (not VM) clients on each VLAN and test I assume everything is ok?

 

I have a slightly different setup than you. But I run VM Fusion on a Mac here with two CSR1000Vs on different VLANs. Routing works fine through my MX. My Mac is on a native VLAN 172 and the two VMs are tagged to use VLAN 85 & 86. I did have to mess around with a few configs to get it working, but it's fine now.

Ryan / Meraki Solutions Engineer

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
DscRafael
Here to help

I found the problem.

What was the issue?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
jsanchez-dattic
New here

@DscRafael What was the issue? I'm having a similar issue and would be really helpful if you could share what you found.\Thanks.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels