MX64 Subnet Routing issue

Solved
KieranBessert
Here to help

MX64 Subnet Routing issue

I am unable to route between a 10.0.0.0/8 subnet and the corperate 192.168.0.0/24 subnet.

 

Here are the basics, We had been using Wireless > Configure > Access Control > Client IP and VLAN > External DHCP server assigned method, however our DHCP Address pool was exhausted as we continue to grow as a company. All devices in the network were either Static or Dynamically Assigned 192.168.0.0/24

 

KieranBessert_0-1694711026415.png

 

We switched to Meraki AP Assigned (NAT Mode) to switch over all wirelessly connected devices, such as cell phones and laptops on the WIFI, to free up some space in the DHCP address pool. This succeeded for the most part.

KieranBessert_1-1694711080055.png

Users while on wireless and wired are still able to access the company web based application server at 192.168.0.X:YYYY, however new wireless only devices cannot access the web based application using the server name, only the IP and Port. This makes sense as there is no DNS server for the 192 network in the 10 network.

My laptop while connected to the wired and wireless networks cannot ping a wireless device in the 10 network either, making me think that the firewall is not routing the packets from the 192 network to the 10 network.

The 10 network device that I am trying to ping is clearly on the Clients list;

KieranBessert_1-1694711977180.png

 

I have set up the following firewall rules and am getting significant hits;

KieranBessert_0-1694711644116.png

Clearly the 192 is being routed to the 10 but the other way around is not true.

Something odd is that there are no hits from the 10 network to the 192 network at all, but I know for a fact that I am using the 192 hosted application while wireless and in a 10 network.

 

I had to create a VLAN for the traffic in order to create the rules

KieranBessert_2-1694712232170.png

 

 

 

What am I missing in my configuration? Is this even possible with these devices?

Is it possible to allow the 10 network devices use the 192 DNS server?

 

1 Accepted Solution
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @KieranBessert , as you’ve discovered if you’re using Meraki NAT mode for DHCP on your wireless SSID then devices Ip address is being NATed  to that of the AP it’s using 

 

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/NAT_Mode_with_Meraki_DHCP

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

2 Replies 2
KieranBessert
Here to help

Just noticed that the MX64 is not handling the 10 VLAN

KieranBessert_0-1694712654645.png

so it must be located at the wireless AP level?

 

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @KieranBessert , as you’ve discovered if you’re using Meraki NAT mode for DHCP on your wireless SSID then devices Ip address is being NATed  to that of the AP it’s using 

 

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/NAT_Mode_with_Meraki_DHCP

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Get notified when there are additional replies to this discussion.