- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
New MX-250 and can't ping configured Static IP <insert eyeroll here>
So we got a new MX-250 shipped to a data center. I sent the install guy the Meraki document on how to configure a static IP in the device. I can't ping the MX-250. I can see a MAC addresses on the WAN uplinks. So L1 and L2 is working. I am using the existing address of a working Meraki. I shut interfaces and clear the ARP entries for that address prior to bringing this one online. So there are no duplicate IP addressing going on. It simply isn't responding to the configured IP. Anyone know if there is a step missing in the documentation. Steps 1-5 below are completed and still no L3 connectivity or response.
Connecting to WAN
All Meraki MX devices must have an IP address. This section describes how to configure your local area network before you deploy it. A local management web service, running on the appliance, is accessed through a browser running on a client PC. This web service is used for configuring and monitoring basic ISP/WAN connectivity.
Setting up a Static IP Address
To ensure that the client PC is redirected to the local web service in the following step, you must disable all other network services (ex: wi-fi) on your client machine.
Do the following to configure basic connectivity and other networking parameters:
- Using a client machine such as a laptop, connect to the management port of the MX.
- Using a browser on the client machine, access the appliance's built-in web service by browsing to http://setup.meraki.com. (You do not have to be connected to the Internet to reach this address)
- Click Uplink configuration under the Local status tab. The default credentials use the device serial number as the username, with a blank password field.
- Choose Static for the IP Assignment option.
- Enter the IP address, subnet mask, default gateway IP and DNS server information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You cant ping it unless you allow this in the firewall settings
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is a new install, since when do you have to configure rules to allow pings? I say that because for our pilot we configured a MX-65W and it didn't require rules to allow us to ping the configured WAN uplink interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Let me be clear are you saying I need to configure rules on the MX-250 to allow ping replies? That would imply it was attached to the cloud and operational. Which it isn't. I am on the local web interface to the device. We configured an IP and it doesn't respond to the configured ip or try to reach out to the cloud.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What does the connection page say about why it can't talk to the cloud?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Should be allowed by default. But check it anyway:
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Denying_Inbound_ICMP_on_the_MX
Should say "Any" by default:
Edit: Sorry, I only saw your post mentioning that it doesn't have cloud connectivity after I posted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This device has never reached the cloud because the IP is not working.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What does the connection tab say about internet connectivity and cloud connectivity?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is your upstream device from the MX250 to the Internet? Can you ping the MX from 10.255.20.1? I have banged my head against the network cabinet many of nights trying to get things like that working. Clearing arp cache, clearing mac addresses, disabling and enabling ports did nothing. The solution, reboot the upstream device. I make it habit to do that if I'm replacing a device that will have the same IP address as a previous device.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is the weirdest thing. We changed the IP to a non production address to test then setup a packet capture on the our firewall. After a few minutes we could see the MX-250 arp entry on the firewall. Still, we couldn't ping it. We could see it reaching out to 8.8.8.8 over ICMP and a few other addresses via UDP. Then 20 to 30 minutes later poof it shows up in our Meraki dashboard and then we could ping it from the firewall. Why we couldn't ping it from the start is annoying. That is the most basic connectivity test. Why did we have to wait for it to check in and do what ever it was doing is beyond me. Especially when non technical people are deploying these in a data center and you are going behind them and verifying the connectivity and get a false negative because you didn't wait long enough for something to happen.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is all part of the Meraki "Magic" 🙂
Wait until you come across the MX250 template bug.
Sometimes settings just don't work on MX. Yesterday for me it was SNMPv2 just would not poll for one site, change the community string to a temporary value then back to the original and all of a sudden SNMP polling is working again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good to hear that it's solved.
Sounds to me like some caching problem. Even though you cleared the ARP cache and shut the interface first. Maybe the endpoint cache?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
>Then 20 to 30 minutes later poof it shows up in our Meraki dashboard and then we could ping it from the firewall
This sounds to me like it was doing an initial firmware upgrade.