- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MX64W
I have a site-to-site VPN using a MX250 as the hub and a MX64W as a spoke. The MX64W is connected to the network using a CAT6 cable connected to an MS120 switch in the main network closet. Wireless connections on the MX64W receive dhcp addresses from the vlan setup on the MX64W and are able to access the Internet. There are 4 ports on the MX64W and I don't get any connectivity. Where should I look?
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your MX uplink will be the IP address it obtains dynamically from the ISP. I would NOT change that unless they suggest you do so. The MX uplink will be different than the LAN IP address because the LAN VLANs and subnets are internal. The MX uplink should remain WAN (external) and not LAN (internal).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dashboard > Security & SD-WAN > Configure > Addressing & VLANs
Then look at Per-Port VLAN Settings for the additional ports on your MX64W
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The VPN setting for either 192 subnet would need to be enabled on the spoke (MX64W) to be able to go to the HQs hub which is checked as the default route.
what ever you toggle on for VPN enabled (192 subnet) would be set as access vlan on the MX port for clients.
the downlink to the ms120 would typically have a native vlan for management of the switch plus whatever 192 subnets your clients use.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The default 192 subnet is likely the native vlan (set trunk downlink to ms120 as that vlan) and in the allowed vlans on the downlink allow both the native vlan and client vlan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good afternoon Rwelch!
I enabled the default VPN settings on the spoke.
The default 192 subnet is likely the native vlan (set trunk downlink to ms120 as that vlan) and in the allowed vlans on the downlink allow both the native vlan and client vlan.
How do I set the trunk downlink to the MS120 as that vlan?
This is the port on the MS120
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What are your VLAN numbers (Security & SD-WAN > Configure > Addressing & VLANs under Routing)
IF your default VLAN subnet 192.168.125 is likely the default VLAN (say it's VLAN # is 125) and your client VLAN 192.168.2 (say it's VLAN # is 2) you would set it as:
Native VLAN = 125
Allow VLANs = 2,125 (allow vlan 2 comma vlan 125)
You would also need to configure the trunk UPLINK on the MS120 to reflect the same (STP disabled on the TRUNK uplink to the MX)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Routing VLANS on MX
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VLAN1 would be the only default VLAN (subnet) on the local MX. The Client VLAN or VPN option would be external clients connecting to your SPOKE.
Your MX port downlink and MS port would remain the same as you have it set native VLAN1 and allow VLANs to all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I disabled RSTP on the uplink on the MS120
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You would also want to double check the native VLAN and make sure it's set correctly under Switching > Configure > Switch Settings under the VLAN Configuration.
All must align correctly for the management VLAN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Switch settings on the hub VLAN configuration: Management VLAN is 1
I don't have any switches on the spoke
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RSTP should remain enabled. For the MS120 uplink to the MX you would put STP Guard to disabled because the MX doesn't participate in STP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I re-enabled RSTP; the STP guard was already set to disable.
Should the MX Uplink be set to Dynamic? Its IP address is different than the VLAN. It also set as a WAN, should it be a LAN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your MX uplink will be the IP address it obtains dynamically from the ISP. I would NOT change that unless they suggest you do so. The MX uplink will be different than the LAN IP address because the LAN VLANs and subnets are internal. The MX uplink should remain WAN (external) and not LAN (internal).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for all of your help. VPN was enabled on VLAN1 on the MX but the Client VPN Server was disabled. I disabled the VPN mode on the VLAN and the device that was in port one obtained an IP address from the MX's DHCP.
Couldn't have figured it out without you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Glad it worked out for you @Dudley5526 👏👏👏
