I am new to Meraki equipment and this forum, I am also not exactly an experienced network administrator but I have worked on routers and switches before, we replaced a Mikrotik Cloud Core router with this new MX64 for VPN reasons
So the issue we are having is to add a new subnet to the MX64, our main DHCP subnet is 192168.2.0/24 and we have devices with static 192.168.5.xxx IPS as well, before on the Mikrotik it was simple to just add another subnet to a port or ports and all was good, no VLAN, etc was needed
How do I do this on the MX64 ?
Thanks a bunch in advance for any help!
Solved! Go to Solution.
Thanks for the reply
I should have mentioned that DHCP for 2.xxx is handled by our server and on the MX64 there is no DHCP at all
So I activated VLAN and added the new VLAN ID 10 as subnet 192.168.5.0/24 and MX IP as 192.168.5.1, I made sure both my default VLAN 1 and the new ID 10 are both allowed on all ports, I have no luck to ping a 5.xxx client from a 2.xxx client, what am I missing ?
By the way I have no static route added anymore, do I still need to add one ?
Where are the clients connected and what vlan is on the access port and on the trunk port connected to the mx?
What ip and gateway has client 1 and ips1 ?
Please excuse my ignorance, but I am willing to learn
We have 2 other switches where the clients are all connected too, none of those switches have a VLAN setup, port 1 on the MX goes to one of the switches and from that switch, it goes to the next, some of those switch ports go to antennas which go to remote locations, 7 to be exact so there are more switches downstream
On the 5.xxx clients, we have for example 192.168.5.100 netmask 255.255.255.0 and gateway 192.168.5.1
I assume I am missing something major here, we had it working by making a static route to the old Mikrotik router which we reset and gave one port a 2.xxx IP and set a 5.xxx subnet on another port and plugged that back into one of the switches, but this just doesn't seem right and we had issues with VoIP equipment on 5.xxx
If numerous VLANs are used, I have found it simpler if there is a direct correlation between the VLAN ID and the IP address. For example
It looks like your mikrotik supports more then 1 IP on the interface/default vlan.
Meraki only support 1 IP/subnet for each vlan interface. So you need to (re)design your network based on vlans
That's what I was afraid I would hear, VLANs are the only option.
That does bring me to another question, as mentioned we got this new MX64 router only because of a VPN issue between the Mikrotik site to site VPN to another MX64 router at another location, I keep seeing the passthrough or VPN concentrator option on the MX, I have read a bit on this but fail to fully comprehend what I can do with that
Could I have kept the Mikrotik router in place and disabled the IPSec VPN and just added the MX and use it only for VPN ?
If so could someone explain how I would connect this to our current router/network to accomplish this?
Thanks so much for any help!
We have the WAN port on the MX uplinking to a different brand gateway's LAN port, using a unique LAN subnet, not a VLAN. The other gateway is connected to the internet using PPPoE via a Vigor 130 modem in bridge mode (for IPTV reasons).
The other gateway is configured as a DHCP server and the MX receives its IP from the DHCP server. I have successfully tested running a VPN from a Z3C using LTE to the MX.
We have not needed to address the Double NAT issue, which simplifies configuration of the upstream gateway.
Thanks for the feedback
We are going to try it in VPN concentrator mode see if we have any luck
If I need more help with this I will start another discussion