So we got a new MX-250 shipped to a data center. I sent the install guy the Meraki document on how to configure a static IP in the device. I can't ping the MX-250. I can see a MAC addresses on the WAN uplinks. So L1 and L2 is working. I am using the existing address of a working Meraki. I shut interfaces and clear the ARP entries for that address prior to bringing this one online. So there are no duplicate IP addressing going on. It simply isn't responding to the configured IP. Anyone know if there is a step missing in the documentation. Steps 1-5 below are completed and still no L3 connectivity or response.
All Meraki MX devices must have an IP address. This section describes how to configure your local area network before you deploy it. A local management web service, running on the appliance, is accessed through a browser running on a client PC. This web service is used for configuring and monitoring basic ISP/WAN connectivity.
To ensure that the client PC is redirected to the local web service in the following step, you must disable all other network services (ex: wi-fi) on your client machine.
Do the following to configure basic connectivity and other networking parameters:
This is a new install, since when do you have to configure rules to allow pings? I say that because for our pilot we configured a MX-65W and it didn't require rules to allow us to ping the configured WAN uplink interface.
Let me be clear are you saying I need to configure rules on the MX-250 to allow ping replies? That would imply it was attached to the cloud and operational. Which it isn't. I am on the local web interface to the device. We configured an IP and it doesn't respond to the configured ip or try to reach out to the cloud.
Should be allowed by default. But check it anyway:
Should say "Any" by default:
Edit: Sorry, I only saw your post mentioning that it doesn't have cloud connectivity after I posted.
What does the connection tab say about internet connectivity and cloud connectivity?
What is your upstream device from the MX250 to the Internet? Can you ping the MX from 10.255.20.1? I have banged my head against the network cabinet many of nights trying to get things like that working. Clearing arp cache, clearing mac addresses, disabling and enabling ports did nothing. The solution, reboot the upstream device. I make it habit to do that if I'm replacing a device that will have the same IP address as a previous device.
It is the weirdest thing. We changed the IP to a non production address to test then setup a packet capture on the our firewall. After a few minutes we could see the MX-250 arp entry on the firewall. Still, we couldn't ping it. We could see it reaching out to 22.214.171.124 over ICMP and a few other addresses via UDP. Then 20 to 30 minutes later poof it shows up in our Meraki dashboard and then we could ping it from the firewall. Why we couldn't ping it from the start is annoying. That is the most basic connectivity test. Why did we have to wait for it to check in and do what ever it was doing is beyond me. Especially when non technical people are deploying these in a data center and you are going behind them and verifying the connectivity and get a false negative because you didn't wait long enough for something to happen.
This is all part of the Meraki "Magic" 🙂
Wait until you come across the MX250 template bug.
Sometimes settings just don't work on MX. Yesterday for me it was SNMPv2 just would not poll for one site, change the community string to a temporary value then back to the original and all of a sudden SNMP polling is working again.
Good to hear that it's solved.
Sounds to me like some caching problem. Even though you cleared the ARP cache and shut the interface first. Maybe the endpoint cache?
>Then 20 to 30 minutes later poof it shows up in our Meraki dashboard and then we could ping it from the firewall
This sounds to me like it was doing an initial firmware upgrade.