MX and Layer 2 Vlans

RaphaelL
Head in the Cloud

MX and Layer 2 Vlans

Hi ,

 

We have a super weird topology like this one : 

 

RaphaelL_1-1645818824832.png

 

 

The MX on the top does Routing and the MS are simply Layer 2 switches.  The MX on the bottom is strickly for the guest network. 

 

Layer 3 : MXs 

Layer 2 : MS 

 

Let's say we have a SSID on vlan 3020. The vlan is tagged on the SSID and clients are bridged. Client on the AP sends a DHCP discover. Will the MX on the bottom left receive it ?  ( the flow would follow the red arrows ) 

Let's not forget that the vlan 3020 is ONLY on the MX on the bottom. The MX on the top has no idea what vlan 3020. Will the MX flood the trafic from vlan 3020 to his other ports ? I don't think so.

 

The question may sound stupid , but sometimes the MX product line is tricky and is not really behaving like a standard switch.


Thanks ,

6 REPLIES 6
Ryan_Miles
Meraki Employee

Is 3020 allowed on all the MS trunk ports and the top MX LAN ports? That's the only way it would work in bridged mode to VLAN 3020.

It is allowed everywhere. But I don't see how would the MX forward the trafic from Vlan 3020 on port '4' to port '3'. The MX has no knowledge of vlan 3020.

cmr
Kind of a big deal
Kind of a big deal

With Meraki devices all VLANs exist by default, you don't need to create them in the way you would on a Cisco IOS device.

in order to be able to change the native vlan on the mx, the vlan interface must be created on the mx.
 
with "all" vlan id 1-4095 are forwarded. but only as a trunk on the mx.
RaphaelL
Head in the Cloud

Hi ,

 

I was able to do 2 tests. 

 

1- Capture L2 trafic from SW1 on a vlan that is defined on the MX ( MX has a SVI on that vlan )

2- Capture L2 trafic from SW1 on a vlan that is not defined on the MX ( MX has no SVI on that vlan ) 

 

Both captures were taken the interfaces on the MS leading to the MX. 

When the vlan is not present on the MX , the MX doesn't forward the trafic to SW2

 

There were multiple clients on SW1 doing ARP requests on vlans 3000-3100 ( which doesn't exist on the MX ). The capture on SW1 shows the L2 broadcast , and at the same time a capture on SW2 was taken and not a single L2 broadcast was seen from SW1 on vlans 3000-3100. 

 

RaphaelL_0-1646056784159.png

 

 

RaphaelL
Head in the Cloud

I was able to confirm that a MX will not  forward trafic if the vlan is not present on the MX. 

 

Here are my tests : 

MX 15.44 with vlans from 1-1035. ARPs are from vlans 3000-3035 on SW#1 and not forwarded downstream to SW#2 via le MX

Setup : 

RaphaelL_2-1652282814024.png

 

 

PCAP#1: 

RaphaelL_1-1652282642070.png

 

PCAP#2 : 

RaphaelL_0-1652282607393.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels