MX84 - SFP LAN Interfaces

SOLVED
Uberseehandel
Kind of a big deal

MX84 - SFP LAN Interfaces

An application I am considering would be more flexible if I could reconfigure one of the SFP LAN interfaces as a WAN port.

  • Is this possible on a MX84?
  • Under some circumstances, one might need to make the MAC of the appliance being replaced available for handshaking purposes, can we configure MACs on ports?

It seems that a number of ISPs offering FTTP and bundled "multiplay" services rely on finding a specific MAC, rather than using PPPoE.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

> could reconfigure one of the SFP LAN interfaces as a WAN port.

 

No you can't, but you can do a dirty trick.  Place the SFP port in a unique VLAN, and a copper LAN port in the same VLAN, and then run a cable from that copper WAN port back into the WAN port on the MX.  Effectively you have just made a media converter.

 

You can't configure the MAC address of a port, but the MAC address won't change.  I'm seeing DHCP become more popular, although service providers tend to use DHCP option 82 (which is inserted by the service providers equipment) and allocate the IP address based on the port you are attached to and not the MAC address of your device.

View solution in original post

6 REPLIES 6
CptnCrnch
Kind of a big deal
Kind of a big deal

I guess the answer to both questions is no.

Well, if one can't redefine a LAN port as a WAN port, then the demo rig could be downsized.

 

The MAC is just another string (I know its a number, OK?)

 

Let me quote - 

 

Many network interfaces support changing their MAC address. On most Unix-like systems, the command utility ifconfig may be used to remove and add link address aliases. For instance, the active ifconfig directive may be used on NetBSD to specify which of the attached addresses to activate.[13] Hence, various configuration scripts and utilities permit the randomization of the MAC address at the time of booting or before establishing a network connection.

Changing MAC addresses is necessary in network virtualization. In MAC spoofing, this is practiced in exploiting security vulnerabilities of a computer system. Some modern operating systems, such as Apple iOS and Android, especially in mobile devices, are designed to randomize the assignment of a MAC address to network interface when scanning for wireless access points to avert tracking systems.

[Allegedly], the US National Security Agency has a system that tracks the movements of mobile devices in a city by monitoring MAC addresses. To avert this practice, Apple has started using random MAC addresses in iOS devices while scanning for networks. Other vendors followed quickly. MAC address randomization during scanning was added in Android starting from version 6.0, Windows 10 and Linux kernel 3.18. The actual implementations of the MAC address randomization technique vary largely in different devices.

 

So Meraki is already in a world where MAC addresses are not carved in stone. For anybody treating a MAC as a string, there is the possibly unfamiliar issue of bit reversed notation to be addressed, which will take most of us back to CompSci 101. Fortunately, it's not Hamming Code.🤣

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
cmr
Kind of a big deal
Kind of a big deal

You can't even do part 1 of your question on the MX100 and the hardware was clearly designed to be capable of it as it has separate Internet/LAN LEDs on the front for all ports except 1 that only has an Internet LED.

 

I asked a senior Meraki employee who said that while they had a few requests to have more than two WAN interfaces, it wasn't currently being progressed.  I know that isn't quite the same as having two WAN interfaces, just on different media, but I expect the two are linked.

Uberseehandel
Kind of a big deal

@cmr 

As the network I'm currently on is organised, the MX uplinks to a port on a different brand of gateway device, that is defined as LAN or WAN as the deployment requires. It is most convenient. And the dynamic external IP address is passed through to the MX (and the Z3C behind that).

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
PhilipDAth
Kind of a big deal
Kind of a big deal

> could reconfigure one of the SFP LAN interfaces as a WAN port.

 

No you can't, but you can do a dirty trick.  Place the SFP port in a unique VLAN, and a copper LAN port in the same VLAN, and then run a cable from that copper WAN port back into the WAN port on the MX.  Effectively you have just made a media converter.

 

You can't configure the MAC address of a port, but the MAC address won't change.  I'm seeing DHCP become more popular, although service providers tend to use DHCP option 82 (which is inserted by the service providers equipment) and allocate the IP address based on the port you are attached to and not the MAC address of your device.

@PhilipDAth 

A dirty trick after my own heart! Thanks for that.

 

I don't know, but I more than suspect that serving up synthetic MACs is there, but nobody has thought to implement it, yet. Fixed MACs are an exploitable weakness, per my TLA gnomes. As far as I can tell, MACs are used as part of the authentication process by multicast premium video service suppliers, so they expect to be able to interrogate a port for its associated MAC. I can do this on the Cisco IoT switches, and I have seen them turning up in other manufacturer's hardware.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels