Meraki

Community

No internet access from lan device through warm spare cluster

Solved
rabusiak
Getting noticed
‎Feb 24 2022 4:21 AM
‎Feb 24 2022 4:21 AM

No internet access from lan device through warm spare cluster

Newbie question probably 😉

Have two mx105 configured with separate public IPs I get from ISP. They're connected to dashboard, warm spare shows which one is current primary, spare is "passive ready" so all should be fine. I have also third public IP from ISP and I set is as Virtual IP.

Somehow when I try to reach internet from a core switch directly connected to one of primary mx lan ports it doesn't work. Traceroute to 8.8.8.8 from it stops at meraki (meraki is it's default gateway). Core switch and meraki are connected by trunk port and communicating over vlan400 - 10.255.255.0/29. Both meraki and core have ip addresses in this vlan .1 & .2 respectively and they can ping each other.

Do I need to enable masquerading somewhere? Meraki has default route pointing to WAN Uplink.
When im pinging google from primary or secondary uplinks ip's - it works, but when I try to choose as a source virtual ip then it fails.

Labels:
0 Kudos
1 Accepted Solution
rabusiak
Getting noticed
‎Mar 1 2022 12:28 AM
‎Mar 1 2022 12:28 AM

Ok, looks like the problem was with this specific ip address I picked for VIP.

When I setup different one - it started to work 😅

I've created ticket with ISP support to verify why

View solution in original post

0 Kudos
4 Replies 4
PaulMcG
Getting noticed
‎Feb 24 2022 7:12 AM
‎Feb 24 2022 7:12 AM

Pings to 8.8.8.8 should also work from the virtual IP source.  Might have something upstream from the MX interfering?

0 Kudos
In response to PaulMcG
rabusiak
Getting noticed
‎Feb 25 2022 7:30 AM
‎Feb 25 2022 7:30 AM

Taking a capture on the MX itself while performing ping tests to Google DNS, I can see it does attempt to communicate out on the VIP, and sees no response, while the uplink IP does see a response. Any idea what that could be? Ip I use for VIP wasn't in use since about couple of months. ISPs are caching mac addresses or what?

Here is how it looks. Red is active internet connection.
wan-setup.png


0 Kudos
In response to rabusiak
PaulMcG
Getting noticed
‎Feb 28 2022 4:43 AM
‎Feb 28 2022 4:43 AM

Could be something on the WAN switch blocking the VIP like an access list.  You could do a capture on the ISP side of the WAN switch to see if the ping goes out to the ISP.  On the ISP side, if your VIP is part of the /29 attributed to you, I don't see any reason for them to be blocking the VIP.

0 Kudos
rabusiak
Getting noticed
‎Mar 1 2022 12:28 AM
‎Mar 1 2022 12:28 AM

Ok, looks like the problem was with this specific ip address I picked for VIP.

When I setup different one - it started to work 😅

I've created ticket with ISP support to verify why

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.