MX100 route configuration

SOLVED
LionGate
Here to help

MX100 route configuration

I have some routes configured to route my MX to various VLANs on my distribution switch. For the "Next Hop" address I've been using the main gateway IP address on my core switch on all of my routes. What I'm wondering is, should I be using the gateway for the specific VLAN instead? For example, my native VLAN gateway IP is 10.25.62.254 and the gateway for VLAN80 is 10.25.80.254. Presently the Next Hop address for this route is 10.25.62.254, but should the route to VLAN80 use a Next Hop address of 10.25.80.254 instead? Or does this not matter as long as the Next Hop leads us back to my main switch?

1 ACCEPTED SOLUTION

They are configured on the core switch with routes created on the MX.

View solution in original post

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

The next hop address must be in the same VLAN as the MX.

Adam
Kind of a big deal

Are the VLANs configured on the router or the switch?  A good practice is to configure these at the core switch layer.  The MX should only really be routing internet and VPN traffic.  That way you can do a default route on the switch to the MX and then create specific layer 3 routes or ACLs as needed.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

They are configured on the core switch with routes created on the MX.

Your best solution is as stated above by @PhilipDAth. You will build static routes on the MX firewall and point them to your core switch IP address since it is the gateway for the VLAN networks. With routing you only have the ability to point a route to another IP on the same subnet on your interfaces or out through the zero cloud route. 

Cloud Network Engineer | cloudIT
Certified Meraki Networking Associate

Kudo this if it helped! 🙂
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels