cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Interlan communication and internet conectivity help

SOLVED
Highlighted
Here to help

Interlan communication and internet conectivity help

I have three vlans setup on the mx80, and they intercommunicate just fine. The problem is I only get internet connectivity on vlan1.

 

All Lans communicate through a single mx80 port configured to LAN1 trunk with allow all vlans set. Other than experience, what am i missing here to achieve internet across all vlans while still using a single port configuration?

 

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Here to help

Re: Interlan communication and internet conectivity help

Maybe this might work.

 

MX LAN port - Trunk native vlan 1 allowed vlans , 2 & 3 or all vlans

 

TP-link port connected to MX - trunk port - pvid 1, tagged 2&3

 

TP-link port connected to patch panel that connects to Vlan 2 device - pvid 2

 

TP-link port connected to patch panel that connects to vlan 3 device - pvid 3

 

Or  you can try

 

MX LAN port connects TP link - Turnk port with native vlan - drop all untagged packets, allowed vlans - 1,2,3

 

TP-link port connects to MX - Trunk port with tag 1,2,3

 

TP-link port connected to patch panel that connects to Vlan 2 device - pvid 2

 

TP-link port connected to patch panel that connects to vlan 3 device - pvid 3

View solution in original post

25 REPLIES 25
Highlighted
Kind of a big deal

Re: Interlan communication and internet conectivity help

I'm not clear from your description your configuration.

 

Are you saying you have three VLANs configured on the MX80 - or is something else doing the VLAN routing in your network?

Highlighted
Here to help

Re: Interlan communication and internet conectivity help

Thank you for your reply. Yes, 3 vlans configured on the mx80, and they inter communicate just fine, though only vlan1 has internet access. 

 

Mx80 port0/2 (lan1 trunk allow all vlans)  -> tp-link switch -> patch bay 

Highlighted
Kind of a big deal

Re: Interlan communication and internet conectivity help

Are there any group policies applied on the VLAN interfaces on the MX?

 

I assume the MX is providing DHCP for all three VLANs?

Highlighted
Here to help

Re: Interlan communication and internet conectivity help

No group policies affecting any vlans on mx, and yes dhcp is configured for all vlans.
Highlighted
Kind of a big deal

Re: Interlan communication and internet conectivity help

Click on a client that is not working, and then in the bottom left hand corner click on "Show Details".  What do you see?  What is applied to that client?

 

Screenshot from 2018-01-16 08-32-13.png

Highlighted
Getting noticed

Re: Interlan communication and internet conectivity help

Are you saying you have the following setup:

 

MX80 ---> TP-Link Switch ---> Patch bay?

 

If so, did you confirm the TP-Link switch's port to the MX80 is set up as a dot1q trunk and all vlans allowed?

 

That may be why only vlan 1 is getting internet and the rest not.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
Highlighted
Here to help

Re: Interlan communication and internet conectivity help

PhillipDAth, Bandwidth unlimited, no layer 3 rules, no layer 7 rules, traffic snapping unlimited voip & video conferencing.

Highlighted
Kind of a big deal

Re: Interlan communication and internet conectivity help

On your MX:

  • What are the IP address and subnet configured on each of the three VLANs

On an example client from each VLAN (so give me three answers):

  • What is the IP address, subnet mask, default gateway and DNS

 

Highlighted
Here to help

Re: Interlan communication and internet conectivity help

Chris_m, all tp ports are set to trunk but the pvid's are set to 1. Also all ports are set to untagged and unselectable to add tagging. Could this be my problem?
Highlighted
Getting noticed

Re: Interlan communication and internet conectivity help

For your trunk, adding tagged vlan is basically what vlan you allow on the link. Untagged means they remove the tag when they traverse the port. So if you have untagged on all vlan on that port, then they are losing the VLAN ID after they enter the trunk port. Which is why you could do inter-vlan route still but not go out to the internet since the MX could not return the traffic to the right VLAN.

 

So you want to make sure that the port connecting to the MX84 is "tagged' with the 3 vlans you want. I had a similar experience with Brocade switches. Untagged is best for access/edge ports. So you might have to remove the untagged configuration.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
Highlighted
Here to help

Re: Interlan communication and internet conectivity help

Vlan1
10.0.0.0/24
10.0.0.1 gateway
8.8.8.8 dns

Vlan2
10.0.5.0/24
10.0.0.1 gateway
8.8.8.8 dns

Vlan3
10.10.0.0/24
10.0.0.1 gateway
8.8.8.8 dns
Highlighted
Kind of a big deal

Re: Interlan communication and internet conectivity help

VLAN2 and VLAN3 are not correctly configured.

 

If you have an IP address in the 10.0.5.0/24 subnet you must have a default gateway from that same subnet (such as 10.0.5.1/24).  Ditto for the 10.10.0.0/24 network.

Highlighted
Getting noticed

Re: Interlan communication and internet conectivity help

@PhilipDAth is correct, your VLAN gateway is misconfigured for VLAN 2 and VLAN 3. A gateway must be within the same subnet as the network. The MX84 can be a gateway for multiple VLAN. It creates an interface for each VLAN, which has its own IP address, thus a gateway for that VLAN.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
Highlighted
Here to help

Re: Interlan communication and internet conectivity help

Sorry, very bad very absent minded typo. The correct values I meant to type are as follows.

Vlan1
10.0.0.0/24
10.0.0.1 gateway
8.8.8.8 dns

Vlan2
10.0.5.0/24
10.0.5.1 gateway
8.8.8.8 dns

Vlan3
10.10.0.0/24
10.10.0.1 gateway
8.8.8.8 dns
Highlighted
Getting noticed

Re: Interlan communication and internet conectivity help

Then that will be correct, if set up that way.

 

I would advise you to make sure the trunk port on the TP-Link switch is configured correctly.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
Highlighted
Kind of a big deal

Re: Interlan communication and internet conectivity help

Can a host in each VLAN ping the MX IP address in that same VLAN?

Highlighted
Here to help

Re: Interlan communication and internet conectivity help

Yes each host can ping the mx from its own subnet and the mx from the other two subnets by inter communication.

Chris is starting to convince me it may be my tp switch configuration. I was able to assign taggable ports for vlan2 and vlan3. But I'm locked out from modifying vlan1 from untagged to tagged ports. I'll dive deeper into that issue in the morning to see what the issue might be.

Thanks for both your help today. I'll update the thread on the situation as I unravel it. Thanks again.
Highlighted
Head in the Cloud

Re: Interlan communication and internet conectivity help

If you're still unsure if it's the tagging issue a simple packet capture taken from the MX on LAN 1 would be able to prove if that is the case.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Highlighted
Here to help

Re: Interlan communication and internet conectivity help

Maybe this might work.

 

MX LAN port - Trunk native vlan 1 allowed vlans , 2 & 3 or all vlans

 

TP-link port connected to MX - trunk port - pvid 1, tagged 2&3

 

TP-link port connected to patch panel that connects to Vlan 2 device - pvid 2

 

TP-link port connected to patch panel that connects to vlan 3 device - pvid 3

 

Or  you can try

 

MX LAN port connects TP link - Turnk port with native vlan - drop all untagged packets, allowed vlans - 1,2,3

 

TP-link port connects to MX - Trunk port with tag 1,2,3

 

TP-link port connected to patch panel that connects to Vlan 2 device - pvid 2

 

TP-link port connected to patch panel that connects to vlan 3 device - pvid 3

View solution in original post

Highlighted
Here to help

Re: Interlan communication and internet conectivity help

Sorry guys, we got hit with a winter storm and have been shut down. As soon as we are back in swing I'll check that switch and update my post. Thanks again for all the help you provide. 

Highlighted
Here to help

Re: Interlan communication and internet conectivity help

So, what was the issue?
Highlighted
Here to help

Re: Interlan communication and internet conectivity help

I'd like to thank everyone's assistance on this, you have been great help, and a valuable resource. I needed to configure each switch-port used in the switch-chain, as I was only configuring half the chain. Everything works great now. Is it ok to accept

PresITsupport post as solution, since it outlined basically what I was trying to do? Thanks, again everyone.
Highlighted
Here to help

Re: Interlan communication and internet conectivity help

PresITsupport,vlan2 & 3 were only tagged in the vlan port configuration for some ports used in the switch-chain. A serious noob oversight that you solution helped to solve. Thanks again.
Highlighted
Getting noticed

Re: Interlan communication and internet conectivity help

Glad you were able to solve your network issue!


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
Highlighted
Here to help

Re: Interlan communication and internet conectivity help

Sweet! I'm glad it worked out
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.