MX450 device not pinging

Solved
SobyKuruvilla
Getting noticed

MX450 device not pinging

Hi All,

 

I am installing a new MX450 device. The Internet Port 1 is configured with Static IP using "Local status page" and connected to Switch and port is up. But I am unable to ping this static IP even from this directly connected Switch . I can see the mac table and ARP table is learning the mac address in the correct switchport and IP address .. But unable to ping the Static IP configured for the device.

 

MX internet port is configured without any VLAN tagging and switch port connected is an access port in the correct vlan of the static IP configured. 

 

Whether inbound ICMP is denied by default for the Internet Ports of the MX device ? 

 

Note the device is yet to be registered to the Meraki dashboard.

 

Thanks 

1 Accepted Solution
SobyKuruvilla
Getting noticed

MX450 device is now pinging after registering to dashboard .. So, it seems that device is having default deny for inbound ICMP to WAN internet port. Once registered, the default config in dashboard with "allow any" for ICMP is pushed to the device. 

Cant find a documentation for the same in Meraki sites ..Please help if anyone finds it.

 

Thanks.

View solution in original post

8 Replies 8
rhbirkelund
Kind of a big deal
Kind of a big deal

Your MX450, might not be allowed to reply to ICMP pings.
Under Security & SD-WAN -> Firewall what does it say in the filed Security Appliance services?

 

rbnielsen_0-1593512048621.png

 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
SobyKuruvilla
Getting noticed

Thanks..As mentioned, the new MX device not registered to the dashboard yet as there some fw ports to be opened in perimeter firewalls.. 

 

anyway,  in dashboard it is "any" for ICMP ping

rhbirkelund
Kind of a big deal
Kind of a big deal

Ah, sorry, I didn't see your note.

 

If it's the first time registering, it is probably doing first time update. Try and give it some time. It's it probably downloading firmware,upgrading, rebooting a couple of times.

 

What colors in the status LED is the MX showing on the front?

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
SobyKuruvilla
Getting noticed

No problem .. As said, there are some perimeter firewall ports to be opened to get it registered to dashboard.

 

But, question is, before registering to dashboard , can the internet port pingable ? I am trying from local switch itself where the device is directly connected so there is no routing issue.

BrechtSchamp
Kind of a big deal

I'm not sure what the behavior is before the cloud connection is established, but I would assume it's the same as the default cloud settings, and those are to allow ping by default:

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Denying_Inbound_ICMP_on_the_MX

SobyKuruvilla
Getting noticed

MX450 device is now pinging after registering to dashboard .. So, it seems that device is having default deny for inbound ICMP to WAN internet port. Once registered, the default config in dashboard with "allow any" for ICMP is pushed to the device. 

Cant find a documentation for the same in Meraki sites ..Please help if anyone finds it.

 

Thanks.

rhbirkelund
Kind of a big deal
Kind of a big deal

In retrospect, that kind of makes sense, actually. I probably wouldn't want an unprovisioned device responding openly to pings.
Great find, @SobyKuruvilla !
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
SobyKuruvilla
Getting noticed

Thank you 🙂 

Get notified when there are additional replies to this discussion.