MX Hub Configuration Assistance

cdpneighbor
Conversationalist

MX Hub Configuration Assistance

I'm currently working on setting up an MX device as a hub and I think that I need some assistance with some potentially basic questions but I'm getting stuck. Here is a quick overview of the current setup:

 

  • Device: MX67 (using for testing purposes)
  • Uplink into edge firewall
  • LAN 2 connected to Cisco Nexus 
  • Deployment mode: Routed

 

Under Routing I've configured the following:

Screenshot 2024-06-05 104955.png

 

Under Site to Site VPN:
s2s.png

 

 

I've set up one of my networks to point to this hub. I've found that devices on that network are not able to communicate with the 10.0.40.0/24 subnet for some reason. 

I'm currently a bit confused about what the port configuration needs to be for the nexus port that im connected into and if I need to do anything with the 192.168.178.0/29 vlan that I had configured. I was trying to follow guides online on how to properly set this up, but I can't seem to locate anything that gets me any further. The IP listed under "Next hop IP" was just the IP listed under this guide.

I wasn't too sure if I needed to assign that IP to the interface on the nexus that i'm connected into or what. 

 

I'm just a total mess here and I don't have anyone in my organization who is able to guide me.

 

Is there anyone who would be able to provide any more insight into what I need to actually do here? 

6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal

Have you created a route in your nexus switch?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

And yes you need to create a transit VLAN between the MX and Nexus.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

I believe you have configured an IP on VLAN 700 on the Nexus side, right?
This will be the next hop IP for the MX and for the Nexus the IP you assigned in the MX.
 
Also, is the Nexus port to which the MX is connected configured as Trunk as well?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
cdpneighbor
Conversationalist

Thank you so very much for your response! I've created the VLAN and assigned the IP, but it still doesn't seem to be working: 

 

# sh run int vlan700

!Command: show running-config interface Vlan700
!Time: Thu Jun 6 07:46:13 2024

version 7.3(8)N1(1)

interface Vlan700
no shutdown
no ip redirects
ip address 192.168.178.2/29
no ipv6 redirects

 

Port configuration:

# sh run int eth105/1/38

!Command: show running-config interface Ethernet105/1/38
!Time: Thu Jun  6 07:48:28 2024

version 7.3(8)N1(1)

interface Ethernet105/1/38
  switchport mode trunk
  switchport trunk allowed vlan 700

 

 

alemabrahao
Kind of a big deal
Kind of a big deal

add your VLAN 700 as native VLAN on both MX and Nexus.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Alejandro_F
Meraki Employee
Meraki Employee

Hi!

Additional of the recommendations from @alemabrahao. I would enable VLAN 700 in the VPN, it is need it since is a transit VLAN for your VPN tunnel connection.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels