cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX84 not routing vlans

Just browsing

MX84 not routing vlans

Hi All.

 

We have a client with a Meraki MX84, they have a number of vlans that are correctly configured on the appliance as per the Meraki documentation.

 

The Vlan's will route from the external interface but will not route internally. Any help as to why please ?

 

 

10 REPLIES 10
Kind of a big deal

Re: MX84 not routing vlans

HI @ChrisTownsend ,

 

By default an MX will route inter-VLAN traffic on the configured LANs, so if yours is not then I would start looking at firewall rules and move out from there. I would suggest checking all rules under Security & SD-WAN > FIrewall first, and then check any Group Policies that may exist, and where they are applied.

 

Just browsing

Re: MX84 not routing vlans

Hi @jdsilva 

 

We've checked the firewall and even have added two rules to permit all traffic between two vlans for no effect. There are no firewall rules blocking vlan routing and no GP's that affect routing. (only a block on Bonjour).

 

The switches all managed Dell's all have Trunk ports enabled. All of the devices regardless of vlans (ie cabled or wireless connections) can route to the internet, just not internally

Kind of a big deal

Re: MX84 not routing vlans

What test are you using to determine that you don't have internal routing?

Just browsing

Re: MX84 not routing vlans

Hi @jdsilva 

 

We have a NAS on a VLAN, On the same subnet I can ping tracert and browse to it  via smb and html. On any other VLAN I cannot, the tracert stops at the Meraki.

 
Kind of a big deal

Re: MX84 not routing vlans

Are you able to use the packet capture feature to verify what is happening? You should be able to see a packet ingress and egress the MX. 

 

My hunch is that there's a misconfiguration between the MX and the Dell switches with regards to VLAN tagging... Are you able to post the port config of the MX and the connected Dell switchports?

 

Alternatively, could Spanning Tree be in play here? Do you have multiple links between a single switch and the MX?

Just browsing

Re: MX84 not routing vlans

We have a Dell Interconnect 7048P as the top level distribution switch, connecting to two separate stacks of 2 x Dell N1548P's, that are spaced on a couple of floors. The server is plugged into the 7048P, the NAS is plugged into one of the 1548P stacks. There are no recursive loops in the network. The server is on VLAN 13 (10.64.13.0/24) the NAS on VLAN 1 (192.168.10.0/24). 

 

Vlan1.JPGvlan2.JPG

Kind of a big deal

Re: MX84 not routing vlans

>The Vlan's will route from the external interface but will not route internally.

 

You can not route from the WAN interface to the inside - only the other way around.  Traffic from a LAN interface to a WAN interface will be NATed with the WAN interface IP address.

cmr
A model citizen

Re: MX84 not routing vlans

Does the NAS have the correct default gateway configured, this could cause the problem you are seeing.  The NAS could also have an access list set on it for the local subnet only.  It is easier to check inter VLAN routing with a PC in each one and preferably use DHCP on both.

Just browsing

Re: MX84 not routing vlans

@cmr 

 

All devices are correctly configured, the NAS has the correct gateway set for it's vlan (it's statically assigned). The meraki is handling dhcp for all the attached vlans

 

 

Getting noticed

Re: MX84 not routing vlans

Do you have L3 switching enabled?

Do a packet capture on your trunk port on the MX84 which is connected to the core switch. When you try to ping across the VLANs, is any traffic reaching the MX84?

 

As a last resort, can you assign two ports on the MX84 as access ports to different VLANs and try pinging between them?

 

I'm guessing there's a routing or ACL issue somewhere in your switch stack.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.