Meraki

Community

MX and MS connection issue

Solved
MX-2020
Comes here often
‎Jan 11 2021 12:58 AM
‎Jan 11 2021 12:58 AM

MX and MS connection issue

Hi,
 
I have an internet connection issue between MX and MS,
 
There are the setup of the MX84 and MS210-24P setup
 
 
 
MX--> MS --> MR (access point)
 
 
 
Uplink:
 
Wan 1: ISP 1 210.3.X.X 
 
Wan 2: ISP 2 internal metro Link 10.10.99.X
 
 
 
Routing:
 
Lan         80  10.10.80.0/24  10.10.80.1 
 
               88  10.10.88.0/24  10.10.88.1
 
 
 
Per-port VLAN Settings
 
All ports  Trunk   Native: VLAN 80 allowed all Vlan
 
 
 
Primary uplink Wan1
 
Load Balancing: Enable
 
 
 
 
Flow preferences
Internet traffic  Any  Any Any  10.82.0.0/16  Any   WAN 2
 
MS
IP: 10.10.80.10
Interfaces
10.10.99.8/29 10.10.99.12 99 Off Disabled Disabled
10.10.80.0/24 10.10.80.1 80 Off Disabled Disabled
10.10.81.0/24 10.10.81.1 81 Relay Disabled Disabled
10.10.88.0/24 10.10.88.1 88 Relay Disabled Disabled
 
Static routes
10.82.0.0/16 10.10.99.11 No Preferred
Default route 0.0.0.0/0 10.10.80.50 No Not preferred
 
DHCP 
88 10.10.88.0/24 10.10.80.20 (relay: 10.10.88.1)
81 10.10.81.0/24 10.10.80.20 (relay: 10.10.81.1) 0.0.0.0/0 10.10.80.50 No
 
Switch port  10  --> MX port 3
Switch port  21 --> Metro E Link connect other Site.
 
Last time, I checked MX Wan1 and Wan 2 uplink which are active and able to connect to MR switch, but do not have internet access and at the same time 3 X MR33 are down at the same time.
I would like to make the MX to be 10.10.80.50 static IP. how to setup on MX to have internet access to passthrough to MS Switch to connect the internet Wan 1. 

 

0 Kudos
1 Accepted Solution
In response to MX-2020
Bruce
Kind of a big deal
‎Jan 15 2021 5:01 PM
‎Jan 15 2021 5:01 PM

Hi MX-2020,

 

Sounds like you are moving in the right direction.

Here are couple more pointers.

 

  1. You can configure the MX to have as many IP addresses as you want (within reason). Each VLAN you create on the MX has an IP address which is ‘on’ the MX. Don’t think of these as management IP addresses as the MX (like all Meraki devices) is cloud-managed, so they’re actually managed via the internet facing interface. If you want the MX to have 10.10.80.50 on it, then assuming this is on VLAN80, the IP address for VLAN80 should be 10.10.80.50.
  2. I can’t see why the ME router needs to connect to the switch, why not connect it directly to the MX WAN2? Having an interface on VLAN99 on the MS is just going to complicate things and add no value that I can see. You could use VLAN99 on the MS without an IP address, but in that case why not just connect the MX WAN2 to the ME router?
  3. You can setup DHCP relay on either the MX or MS, but if the DHCP server is in VLAN80 then you don’t need a relay for any devices connecting to VLAN80 the sever will respond to them anyway, you will need to configure DHCP relay for other VLANs though to direct them to the DHCP server.

You shouldn’t need to set any specific NAT, the MX will do PAT of the local IP addresses to the respective WAN IP address without any additional configuration.

View solution in original post

0 Kudos
11 Replies 11
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jan 11 2021 3:19 AM
‎Jan 11 2021 3:19 AM

Hi @MX-2020 , so what you’re saying is that your MXs are registered but your Switches and MRs aren’t getting out to the cloud?

 

Not sure which each of your VLANs are enabled for but try creating a third for Meraki Device Management.

 

99 10.10.99.0/24  10.10.99.1

 

The uplink from the MS to your MX set this as a Trunk with Native VLAN 99

 

On your MS set the management IP to something in the .99 range or just enable DHCP on the MX and let that set the IP

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
MX-2020
Comes here often
‎Jan 11 2021 5:26 AM
‎Jan 11 2021 5:26 AM

Hi,

 

1. Yes, MS Switch and MRs aren't go to internet from MX.   

 

Hi @MX-2020 , so what you’re saying is that your MXs are registered but your Switches and MRs aren’t getting out to the cloud?

 

2. Vlan 88 Access point and User data

    Vlan 80 Server, Printer UPS and Management

    Vlan 99 Trunk Link, and ME router (Metro E connect to other Site and backup link)

 

Not sure which each of your VLANs are enabled for but try creating a third for Meraki Device Management.

 

Vlan 99 10.10.99.0/24  10.10.99.1

 

Before our Old firewall abled to set management IP as 10.10.80.50 and Lan port to connect to MS switch.

 

 

3. Before I set MS Port 19 as native 80 to connect to MX port 3 

                       MS Port 21 as Vlan 99 Trunk connect to MX Uplink Wan 2.

 

 

4. OK we have already set on it on port 21 from MS

 

99 10.10.99.0/24  10.10.99.1

 

The uplink from the MS to your MX set this as a Trunk with Native VLAN 99

 

5. The MS switch has relayed to other Window server (10.10.80.20) for DHCP.

    Will it cause the duplicate IP if I enable DHCP on MX or MS on .99 range?

 

On your MS set the management IP to something in the .99 range or just enable DHCP on the MX and let that set the IP

 

MX-2020

0 Kudos
In response to MX-2020
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jan 11 2021 7:17 AM
‎Jan 11 2021 7:17 AM

Hi @MX-2020 , just to clarify this isn’t the official Meraki support help desk. I’m a user of Meraki eqpt just like yourself but jump in and out of the forum to help others.

 

Lets focus on getting your switch online.

 

So VLAN 80 is being used for Management also. What happens if you set the Native vlan on both sides of the Trunk uplink between the MX and MS?

 

Does the MS get an IP address. What are you using for DNS? Can your DNS server see the internet?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
In response to DarrenOC
CptnCrnch
Kind of a big deal
‎Jan 11 2021 7:28 AM
‎Jan 11 2021 7:28 AM

To add further: it'd be very helpful (even for yourself) having the design drawn. It would help us all (including you) better understanding the issue.

0 Kudos
In response to CptnCrnch
MX-2020
Comes here often
‎Jan 11 2021 8:03 AM
‎Jan 11 2021 8:03 AM

 Hi CptnCrnch,

 

I have an Network design. Please have a look and discuss what you think?

 

Network Diagram.jpg

 

MX-2020

0 Kudos
In response to MX-2020
cmr
Kind of a big deal
Kind of a big deal
‎Jan 11 2021 8:56 AM
‎Jan 11 2021 8:56 AM

@MX-2020 you have both WAN2 and LAN (labelled as management?) both going back to the MS.  Why do you have that setup?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
MX-2020
Comes here often
‎Jan 11 2021 9:15 AM
‎Jan 11 2021 9:15 AM

Hi cmr,

 

MX

 

Wan 2 is not the management. 

 

uplink Wan 2 --> MS --> ME Router             

               

Lan port (MX management) --> MS --> MR

 

Lan Port is the management.

 

Mainly MS switch is used for main routing and relay from other DHCP server and it's default route through MX to go internet. Other than that, it also set the route with Lan port to connect to ME router through backup Wan which bridge to our other site for remote server and network devices.

 

It is a little bit complicated.

 

 

0 Kudos
In response to MX-2020
Bruce
Kind of a big deal
‎Jan 11 2021 2:40 PM
‎Jan 11 2021 2:40 PM

It is a little bit complicated 😀, and I can’t see why it should be.

 

There are a couple of things to consider...

  1. The MS can really only have one default route (i.e.0.0.0.0/0) so all internet traffic from the MS will be sent the same way, either to the MX or your ME service - there isn’t really an option for using one as the backup to the other from the MS210 as the routing is static.
  2. Why not connect the ME router directly to the MX WAN2 (i.e. not via the MS) and disable load balancing. With WAN1 configured as the primary, internet traffic should go out WAN1, unless it fails in which case it will go via WAN2 to your ME service. Your Flow Preference will ensure that all ‘internal WAN’ traffic uses WAN2 (unless it fails) - although note that it will be NATed to the WAN2 IP address. Note that you may be limited by the throughput of the MX.
  3. Have a single link between the MX and MS, connected to one of the MX LAN ports. This will have two VLANs on it. I’d have the native VLAN as your management VLAN, and a tagged VLAN as a transit VLAN between the MS and MX for all non-management traffic. Keep all the management interfaces, MS and MR, on this management VLAN (will mean you probably need to switch the MRs to use bridge mode and assign a VLAN tag to all traffic from the SSID).

Hope these, along with everyone else’s suggestions may help.

In response to Bruce
MX-2020
Comes here often
‎Jan 15 2021 3:22 AM
‎Jan 15 2021 3:22 AM

Hi Bruce,
 
 
1. MS one default route
 
 
Default route 0.0.0.0/0 10.10.80.50
  
old firewall setting Management IP of 10.10.80.50
 
 
MX is the new replacement.
 
 And I would like to set the MX to be 10.10.80.50. I have to figure it out how to set MX to have own IP address because MX is not normally like a other simple router have owned management IP. I think MS cannot define how to route to MS for this route 0.0.0.0/0 10.10.80.50
 
  
2. We disabled the load balancing mode.  Wan 1 : ISP 1 and WAN 2: ME route on port 21 (Access Vlan 99)
  
 MX Port 3 
 Module Port Enabled Type VLAN Allowed VLANs
 Built-in 3
 Trunk Native: VLAN 80 (Server_Vlan)   Allow all Vlans
 
 
MS switch
Port 19 Native VLAN 80 to connect MX port 3 both trunk native vlan 80 allowed all VLANs (80 and 88)
  
MX 
ID                                                     
80  Server_Vlan 10.10.80.0/24 10.10.80.1
 
 
MS routing as 
ME_VLAN 10.10.99.X/29 10.10.99.X Vlan 99
 
It is through MS port 23 to go to ME router to second WAN 2 (backup link).
 
  
MX 10.10.80.50 (if I able to do on DHCP server set as fixed IP for MX relay on Window server on MS )
MS 10.10.80.10.
 
 
 
Wan
 
MX--> Wan1: ISP1 (Primary)
 
           Wan2: ISP2 ME Link (backup link)
 
 
 
Network diagram
 
MX --> MS  --> MR
 
 
 
DHCP
 
MX --> MS( dhcp relay on window server) --> MR
 
 
 
Management
 
MX (dhcp server relay on window server through MS set as fix assignment Ip for MX)
 
 
 
3. MRs used bridge mode and assign a VLAN tag to all traffic from the SSID.
 
    Now I think only issue which is between MX and MS.
 
 
 
Other than that, Local network MX and MS for internet access, do we need to set the NAT 1:1 or 1: many?
 
    
0 Kudos
In response to MX-2020
Bruce
Kind of a big deal
‎Jan 15 2021 5:01 PM
‎Jan 15 2021 5:01 PM

Hi MX-2020,

 

Sounds like you are moving in the right direction.

Here are couple more pointers.

 

  1. You can configure the MX to have as many IP addresses as you want (within reason). Each VLAN you create on the MX has an IP address which is ‘on’ the MX. Don’t think of these as management IP addresses as the MX (like all Meraki devices) is cloud-managed, so they’re actually managed via the internet facing interface. If you want the MX to have 10.10.80.50 on it, then assuming this is on VLAN80, the IP address for VLAN80 should be 10.10.80.50.
  2. I can’t see why the ME router needs to connect to the switch, why not connect it directly to the MX WAN2? Having an interface on VLAN99 on the MS is just going to complicate things and add no value that I can see. You could use VLAN99 on the MS without an IP address, but in that case why not just connect the MX WAN2 to the ME router?
  3. You can setup DHCP relay on either the MX or MS, but if the DHCP server is in VLAN80 then you don’t need a relay for any devices connecting to VLAN80 the sever will respond to them anyway, you will need to configure DHCP relay for other VLANs though to direct them to the DHCP server.

You shouldn’t need to set any specific NAT, the MX will do PAT of the local IP addresses to the respective WAN IP address without any additional configuration.

0 Kudos
In response to DarrenOC
MX-2020
Comes here often
‎Jan 11 2021 8:52 AM
‎Jan 11 2021 8:52 AM

Hi UCcert,

 

Thanks for the advise.

 

Yes, Vlan 80 used for management too, I only able to set this setting on Meraki first and I will see what happen this weekend because I fall back to use the temporality setting on MS switch via other router connected to backup Wan 2 now. The MS switch is 10.10.80.10 static IP.

 

Router Management IP: 10.10.80.50

Opened NAT

Routing:

Vlan 80  10.10.80.0/24  10.10.80.1 

 

I set it before. The MS switch got the different 10.10.80.16 via DHCP server and MR are all disconnected. it is using the ISP DNS. outbound the DNS are pingable.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.