Newbie! Metro Ethernet between Sites

jko6
Here to help

Newbie! Metro Ethernet between Sites

Hey Guys,

 

I am having trouble configuring a metro-e connection (no routing basic layer 2) between 2 sites. We have mx100's at each, along with ms225 switches behind them.

 

Each site is on its own subnet, we have autovpn setup and working great but would love to setup the metro-Ethernet connection to talk to devices on each of the subnets.

 

Can this even be done with my current hardware? Do i need to upgrade to get OSPF? I have tried a few configurations and got nothing.

 

Any help would be great!

 

 

10 REPLIES 10
Ryan_Miles
Meraki Employee
Meraki Employee

Do you have a diagram of your topology? Is this hub & spoke or full mesh MX's?

 

If you want SD-WAN you need to land the metro connection on a MX WAN port and let the MX's build autovpn tunnels over the metro links. The interfaces will need dashboard reachability. Basically, the metro-E path needs a route out to internet through some egress point.

 

Or, you might consider landing MPLS as a VLAN on your MX or MS225 switches. The MX's will need a static route to the MPLS subnet(s). More info here https://documentation.meraki.com/MX/Networks_and_Routing/Integrating_an_MPLS_Connection_on_the_MX_LA...

Topology.JPG

 

Thanks for the response @Ryan_Miles both MX's are set as hubs. I will try some configurations on the wan port and see what i get. If no luck ill try the static routes again.

Bruce
Kind of a big deal

@jko6, if you're connecting the ME to a WAN port, and if there is no internet access from the ME service then it won't work. The MX runs a series of tests, DNS lookup, HTTP GET, pings and ARP (see https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo...) to determine if the WAN port has internet connectivity, if these fail then the MX should mark the port as down. 

 

You'll need to connect the ME on the LAN side of the MX for it to work if there is no internet access from the ME.

jko6
Here to help

That makes sense, ill try configuring it again on the LAN and see what happens. Thanks for all the help it is very much appreciated.

 

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

 

 

cmr
Kind of a big deal
Kind of a big deal

@jko6 if you inject a route to the internet to the MPLS (by using another device) then you can use the WAN port of the MX.

jko6
Here to help

Hey Bruce,

 

Do i need to put a router in between the firewalls? I am currently just going firewall to firewall with no luck.

jko6_0-1635610466040.png

 

cmr
Kind of a big deal
Kind of a big deal

@jko6 you need to inject an internet route into the MPLS, each WAN port of each MX needs to be able to get to the dashboard for an SD-WAN link to come up.  You could do this yourself at a site that has internet access, or the MPLS provider could do it.

jko6
Here to help

As I said I'm a super newbie, but how would I "inject" an internet route?

Bruce
Kind of a big deal

@jko6, if you’ve going LAN port to LAN port between the MX then you shouldn’t need any router between them. Just make sure you’ve got the IP addresses in the same subnet. E.g. VLAN on MX1 with 10.10.10.1/30 and VLAN on MX2 with 10.10.10.2/30. Make sure the ports connecting are access ports, and in the correct VLAN. You can then check the connectivity over the link using the Dashboard tools for the MX, and ping directly across the link. Once that’s all working move on to the routing.

Bruce
Kind of a big deal

If the ME is just between two sites and you're not too concerned about SD-WAN (i.e. you'd prefer to just use the ME connection all the time its available) then I'd probably build something close to what's in the link that @Ryan_Miles shared. You won't have the IP addresses in the MPLS cloud, you just create a VLAN on each MX (could just be a /30 with a different address on each end), assign that VLAN to a LAN port on each of the MX and connect the two together across the ME.

 

On each MX you can then set up a Static Route for the subnets at the other site which is only operational when the next hop responds to a ping. You can keep the AutoVPN setup between the two sites, so that if the ME fails the network will failover to the AutoVPN solution.

 

This document shows the solution with MPLS, and it should be easy enough to adapt to ME as I described above, https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels