Meraki MX84 and Netonix switch

SOLVED
DHAnderson
Head in the Cloud

Meraki MX84 and Netonix switch

I have a client who is using a Managed Service plan from their ISP.  The ISP did not quote a firewall, so I installed a MX84.

 

The Managed Service provider has 3 VLANS, 300, 301, 302.  The MX84 has DHCP pools for all three VLANS.  Clients attached to a Netronix switch on VLAN 300 and 301 can get IP addresses from the MX84, but clients on VLAN 302 cannot.  The port that the Netronix switch is plugged into is configured as a trunk line and all VLANS are allowed.

 

The Managed Service provider has send me images of the NAT table in the Netronix switch, and it shows the MX84 mac address for VLAN 300 and VLAN 301, but nothing listed for VLAN 302.  I cannot see the Netronix switch config, but I am told that the Netronix switch port connect to the MX84 is configured for all 3 VLANS.

 

Is there any reason that the MX84 would not be listening for VLAN 302?

 

Any help on this would be greatly appreciatedSt.Dominic_MacTable.PNGSt.Dominic-Guest_MacTable.PNG

Dave Anderson
1 ACCEPTED SOLUTION
GIdenJoe
Kind of a big deal
Kind of a big deal

- First thing to check is if the VLAN is configured correctly on both sides.  Does the native VLAN match on BOTH sides?  So you'll have to ask how they setup their trunk.  If none of the VLANs are native from the provider you'll have to provide a dummy VLAN on your MX or set drop untagged traffic(usually dangerous if you run an HA pair because STP creates potential loops)
- Second is of course viewing the DHCP configuration on your MX.
- Then you could try to capture traffic on the dashboard (use capture filter (port 67 or port 68)).
- Finally it could be a problem on the provider switch with DHCP snooping if enabled blocking your DHCP server.

View solution in original post

4 REPLIES 4
GIdenJoe
Kind of a big deal
Kind of a big deal

- First thing to check is if the VLAN is configured correctly on both sides.  Does the native VLAN match on BOTH sides?  So you'll have to ask how they setup their trunk.  If none of the VLANs are native from the provider you'll have to provide a dummy VLAN on your MX or set drop untagged traffic(usually dangerous if you run an HA pair because STP creates potential loops)
- Second is of course viewing the DHCP configuration on your MX.
- Then you could try to capture traffic on the dashboard (use capture filter (port 67 or port 68)).
- Finally it could be a problem on the provider switch with DHCP snooping if enabled blocking your DHCP server.

The Managed Service Provider did not have a Native VLAN specified in the Netronix. Once they put that in to match what I had in the MX84, everything started working. If they had allowed me to look and the configuration of the Netronix, I could have spotted that, rather than playing a guessing game.

Thanks,

- Dave
Dave Anderson
GIdenJoe
Kind of a big deal
Kind of a big deal

No problem. It's the one thing I find annoying in my country (Belgium) where ISP's only want to use their own routers and manage the config themselves you always lose end to end visibility and having to e-mail back and forth for information and having to rely on their insights.

The client has purchased a Meraki MS120-24P to replace the Netonix.

 

I will be glad to get rid of the Netonix, and the Microtek used to bypass firewall to allow the ISP to manage the switch.

Dave Anderson
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels