MX Routing

CashG
Getting noticed

MX Routing

I have the MX in Routed mode but I don't think its routing properly. I have a LAN Config of 10.10.0.0/24 with the MX IP 10.10.0.2. My issues is a server that is sending print jobs to printers are not being printed. It is sending it to be routed threw the Gateway 10.10.0.2 but it never prints. 

 

How do I know its the MX? Well currently the Network is connected to our current ISP threw a Fortigate. If I unplug our LAN from the Fortigate into the MX it won't print. Also it wont print if its not plugged into either one because the Fortigate is doing the routing. 

 

If I go to Network wide-Monitor-Clients the server 10.10.0.60 doesn't show up. I did go to the Appliance Status-Tools and run a ARP table and could see the server 10.10.0.60

 

I'm at a loss as to why it's not working when connected to the MX. 

22 REPLIES 22
timeshimanshu
Getting noticed

Are the clients and printer is in the same subnet as 10.10.0.0/24. if yes, then MX is not the culprit here unless you have configured the FW rules to block the subnet.

 

If the printer and client is in the different subnet and mx is the only gateway then you need to check if the gateway is configured correctly.

All computers, Servers, Printers are configured with an IP 10.10.0.X Subnet 255.255.255.0 and Gateway 10.10.0.2.

The MX should be the only Gateway and I don't know what else to configure on it other then what I have done. 

The MX does have DHCP disabled as there is a DHCP server on the LAN.

bayet
Getting noticed

Communication between systems in the same layer 2 domain ignore Gateway. So in your case it can't be the Gateway, since all your systems located in subnet 10.10.0.X/24.

You should check the vlan configuration of the port the systems are plugged in. Because it's the same layer 2 domain, the VLAN must be the same for all those systems.

I would check the printer itself and the gateway to make sure those settings are correct as @timeshimanshu mentioned. You also said you had a Fortigate so could that be doing anything?  

Enthusiast
CashG
Getting noticed

The Fortigate is being removed when switching over to the MX. We have a MPLS with our current ISP (the Fortigate belongs to them) and we are trying to switch to a new ISP using the Meraki SD-WAN

kYutobi
Kind of a big deal

Do you have VLANs or a flat network? Did you assign a port to your LAN that the printer is in?

 

Capture.PNG 

Enthusiast
CashG
Getting noticed

The other static routes are only there because the server in question has them (don't know why the software vendor for the server has it set like that) The server has 4 physical NICs and then the 10.10.8.0 is for virtual IPs on the server. 

routing2.jpg

ww
Kind of a big deal
Kind of a big deal

why the routes are pointing to the mx itself?

 

what is the client ip and gateway?

what is the printserver ip and gateway?

what is the printer ip and gateway?

 

CashG
Getting noticed

Shouldn't the MX be acting as the gateway for the LAN? Am I confused as to what the MX can and can't do?

 

what is the printserver ip and gateway? 10.10.0.60 and 10.10.0.2

what is the printer ip and gateway? 10.10.0.75 and 10.10.0.2

 

in the Static route the gateway ip is misconfigured. please change it where are these subnet configured? Those subnets only exist on the software server. They are statically assigned. I put those subnets in the MX just so they can talk to each other. 

ww
Kind of a big deal
Kind of a big deal

traffic in the same subnet can talk to eachother directly. the gateway is used if it need to route to some other subnet/the internet. so basicly your print job should even work without any gateway connected

CashG
Getting noticed

@ww I agree but for some reason the server is not sending the print job directly to the printer but to the gateway for it to direct it back to the printer. Don't ask me why but thats what I get from the software vendor of the server. 

No it shouldn't ping as the server is in 10.10.8.0  subnet and printer is in 10.10.0.0 subnet, right? @CashG 

 

@timeshimanshu The printer, server, and my computer are in 10.10.0.0 but I am able to ping the virtual IP of the server at 10.10.8.60. From my computer I could ping everything just fine. 

Physcal IP of server is 10.10.0.60

Virtual IP supposedly splits traffic across the NICs of the server. 

 

ENO - 10.10.0.60, 255.255.255.0, 10.10.0.2

EN1 - 10.10.5.60, 255.255.255.0, 10.10.0.2

EN2 - 10.10.3.60, 255.255.255.0, 10.10.0.2

EN3 - 10.10.7.60, 255.255.255.0, 10.10.0.2

Can you disable all ethernet interface except ENO and then test again. Just to verify where the issue is.

@timeshimanshu @ww I'm so confused as to whats going on. Before I switched over to the MX I tested opening a console on the server, FTP to a printer, then print a test file. It worked just fine. Once connected to the MX I open a console on the server but was unable to FTP to the same printer. I could however ping the printer from the server just fine. I then opened a command prompt on my computer and could FTP to the printer just fine.

 

Side note I've noticed the MX doesn't like non Meraki switches to much. I tried setting up a small network environment with a small D-Link smart switch I have and its like they don't want to recognize each other. No lights even come on the port. I even put a static IP on the switch and nothing. I even tried a dumb switch and still nothing. 

@CashG  can you send me the output of below.

 

open cmd and type route print from your server. 

@timeshimanshu This is what I did before switching over to the MX

# cd /u/jmi  <---location of the printtest file

# ftp 10.10.0.74 <----- IP of the printer

Connected to 10.10.0.74.

220 ET0021B7ABD56C Lexmark MS810 FTP Server NH63.YS.N639 ready.

Name (10.10.0.74:root):

230 User root logged in.

ftp> put printtest   <------ printtest file with a simple Hello message

200 PORT command successful.

150 Opening ASCII data connection (10.10.8.60,46526).

226 Transfer complete.

173 bytes sent in 0.2 seconds (0.8446 Kbytes/s)

local: printtest remote: printtest

ftp> quit

221 Good-bye.

 

This is after switching over to the MX

# cd /u/jmi
# ftp 10.10.0.74 <---- Just sat there and never connected
^C#
# ping 10.10.0.74 <---- Decided to ping it 
PING 10.10.0.74: (10.10.0.74): 56 data bytes
64 bytes from 10.10.0.74: icmp_seq=0 ttl=254 time=0 ms
64 bytes from 10.10.0.74: icmp_seq=1 ttl=254 time=0 ms
64 bytes from 10.10.0.74: icmp_seq=2 ttl=254 time=0 ms
64 bytes from 10.10.0.74: icmp_seq=3 ttl=254 time=0 ms
64 bytes from 10.10.0.74: icmp_seq=4 ttl=254 time=0 ms
64 bytes from 10.10.0.74: icmp_seq=5 ttl=254 time=0 ms
64 bytes from 10.10.0.74: icmp_seq=6 ttl=254 time=0 ms
64 bytes from 10.10.0.74: icmp_seq=7 ttl=254 time=0 ms
64 bytes from 10.10.0.74: icmp_seq=8 ttl=254 time=0 ms
64 bytes from 10.10.0.74: icmp_seq=9 ttl=254 time=0 ms
^C
--- 10.10.0.74 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 0/0/0 ms
# ftp 10.10.0.74 <---- Tried it again and it just sat there

 

From a command prompt from my computer

C:\>ftp 10.10.0.74
Connected to 10.10.0.74.
220 ET0021B7ABD56C Lexmark MS810 FTP Server NH63.YS.N639 ready.
500 OPTS command not understood.
User (10.10.0.74:(none)):
230 User default logged in.
ftp>

 

Can you understand my frustration? All I'm doing is moving one cable from the ISP gateway to the new MX but certain things stop working. 

@timeshimanshu I should probably note the server is running IBM AIX

CashG
Getting noticed

@timeshimanshu @ww @kYutobi @bayet I know 100% where my issue is now. When the server tries to connect to the printers its going out on the 10.10.8.60 IP. The way I have it set with the static route 10.10.0.0 can talk to 10.10.8.0 but nothing on 10.10.8.0 can talk to 10.10.0.0

I also did a small test with two computers connected directly to the MX. If I set VLANs up with mentioned subnets and set the Native VLAN to 8 on the port where the 10.10.8.0 computer is I could ping from the 10.10.8.0 to the 10.10.0.0 but not the other way around. If I set static routes for 10.10.8.0 I could ping from 10.10.0.0 to 10.10.8.0 but not the other way around. All I need is for 10.10.8.0 and 10.10.0.0 to be able to talk both ways. Is the only way of getting it to work is using VLANs? There are no VLANs now and it works. 

@CashG  yes you are going into the right direction now. But i don't know the reason why you are using the Native VLAN in this case. well the easiest way to make it work now is to use the VLAN.

 

 

Configured one vlan subnet for 10.10.8.0 in the MX. go to use VLAN option configured a vlan interface for 10.10.8.0 make sure to choose the IP which you have not assigned anywhere.

 

 

meraki vlan config.PNG

@timeshimanshu 

Lets assume I'm not a Network Engineer, and simple down the network to the MX84, a Cisco SG200 Layer 2 switch, and then my computer and a server. All I want is to allow 10.10.0.0 and 10.10.8.0 to freely communicate with each other. 

MX is configured 

Subnet-10.10.0.0/24, ID-1, MX IP-10.10.0.2 Then also Subnet-10.10.8.0/24, ID-8, MX IP-10.10.8.1

All ports are set to Trunk VLAN-1 with All VLANs allowed on the MX

SG200 Switch

Added a VLAN ID 8. All ports are set to Trunk and Untagged

Do I set the port on the Switch that goes to the MX to both IDs? Then the port where the server is to both since one is a Virtual IP on 10.10.8.0? I'm also assuming the software vendor of the server can set a ID for them. 

@CashG  in the Static route the gateway ip is misconfigured. please change it where are these subnet configured?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels