Meraki

Dudley5526 · ‎Nov 26 2024

I have a site-to-site VPN using a MX250 as the hub and a MX64W as a spoke. The MX64W is connected to the network using a CAT6 cable connected to an MS120 switch in the main network closet. Wireless connections on the MX64W receive dhcp addresses from the vlan setup on the MX64W and are able to access the Internet. There are 4 ports on the MX64W and I don't get any connectivity. Where should I look?

RWelch · ‎Dec 4 2024

Your MX uplink will be the IP address it obtains dynamically from the ISP. I would NOT change that unless they suggest you do so. The MX uplink will be different than the LAN IP address because the LAN VLANs and subnets are internal. The MX uplink should remain WAN (external) and not LAN (internal).

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

RWelch · ‎Nov 26 2024

Dashboard > Security & SD-WAN > Configure > Addressing & VLANs
Then look at Per-Port VLAN Settings for the additional ports on your MX64W

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Dudley5526 · ‎Nov 27 2024

I changed Port 4 from drop untagged traffic to Native Vlan, and it disappeared. How do I get it back?

This is the other 3

This is the Site-to-Site VPN settings. Are they correct?

I inherited this network. I've had to untangle other setups.

Thank you for your help!

RWelch · ‎Nov 27 2024

The VPN setting for either 192 subnet would need to be enabled on the spoke (MX64W) to be able to go to the HQs hub which is checked as the default route.

what ever you toggle on for VPN enabled (192 subnet) would be set as access vlan on the MX port for clients.

the downlink to the ms120 would typically have a native vlan for management of the switch plus whatever 192 subnets your clients use.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

RWelch · ‎Nov 27 2024

The default 192 subnet is likely the native vlan (set trunk downlink to ms120 as that vlan) and in the allowed vlans on the downlink allow both the native vlan and client vlan.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Dudley5526 · ‎Dec 2 2024

Good afternoon Rwelch!

I enabled the default VPN settings on the spoke.

The default 192 subnet is likely the native vlan (set trunk downlink to ms120 as that vlan) and in the allowed vlans on the downlink allow both the native vlan and client vlan.

How do I set the trunk downlink to the MS120 as that vlan?

This is the port on the MS120

RWelch · ‎Dec 2 2024

What are your VLAN numbers (Security & SD-WAN > Configure > Addressing & VLANs under Routing)

IF your default VLAN subnet 192.168.125 is likely the default VLAN (say it's VLAN # is 125) and your client VLAN 192.168.2 (say it's VLAN # is 2) you would set it as:

Native VLAN = 125
Allow VLANs = 2,125 (allow vlan 2 comma vlan 125)

You would also need to configure the trunk UPLINK on the MS120 to reflect the same (STP disabled on the TRUNK uplink to the MX)

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Dudley5526 · ‎Dec 4 2024

Routing VLANS on MX

RWelch · ‎Dec 4 2024

VLAN1 would be the only default VLAN (subnet) on the local MX. The Client VLAN or VPN option would be external clients connecting to your SPOKE.

Your MX port downlink and MS port would remain the same as you have it set native VLAN1 and allow VLANs to all.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Dudley5526 · ‎Dec 4 2024

I disabled RSTP on the uplink on the MS120

RWelch · ‎Dec 2 2024

You would also want to double check the native VLAN and make sure it's set correctly under Switching > Configure > Switch Settings under the VLAN Configuration.

All must align correctly for the management VLAN.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Dudley5526 · ‎Dec 4 2024

The Switch settings on the hub VLAN configuration: Management VLAN is 1

I don't have any switches on the spoke

RWelch · ‎Dec 4 2024

RSTP should remain enabled. For the MS120 uplink to the MX you would put STP Guard to disabled because the MX doesn't participate in STP.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Dudley5526 · ‎Dec 4 2024

I re-enabled RSTP; the STP guard was already set to disable.

Should the MX Uplink be set to Dynamic? Its IP address is different than the VLAN. It also set as a WAN, should it be a LAN

RWelch · ‎Dec 4 2024

Your MX uplink will be the IP address it obtains dynamically from the ISP. I would NOT change that unless they suggest you do so. The MX uplink will be different than the LAN IP address because the LAN VLANs and subnets are internal. The MX uplink should remain WAN (external) and not LAN (internal).

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Dudley5526 · ‎Dec 4 2024

Thank you for all of your help. VPN was enabled on VLAN1 on the MX but the Client VPN Server was disabled. I disabled the VPN mode on the VLAN and the device that was in port one obtained an IP address from the MX's DHCP.

Couldn't have figured it out without you.

RWelch · ‎Dec 4 2024

Glad it worked out for you @Dudley5526 👏👏👏

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.