Non contiguous wan IP traffic coming off a bridge

SOLVED
Indetech
Here to help

Non contiguous wan IP traffic coming off a bridge

I have an MX64 on the local side of a carrier bridge. We originally had a public subnet with 5 usable PUBLIC addresses. over time we outgrew and needed to get more addresses from our provider. They have supplied me with a new set of IPs in addition to the 5 we originally have. They have provided me an additional set that ultimately is in a separate block (subnet) than what is provisioned when I put the MX in. So I have 2 subnets coming off the bridge into the MX64. How do I configure this on the Meraki WAN side of the configuration? Do I have to add another WAN port to understand the traffic coming in on these new addresses?

1 ACCEPTED SOLUTION
Bruce
Kind of a big deal

@Indetech, you should be able to get this to work just by doing 1:1 NAT on the MX for the new IP address range, you don't need to change the WAN interface on the MX at all - just do 1:1 NAT for the new IP addresses as you need them.

 

The MX doesn't care if these IP addresses are routable on the MXs WAN interface of not. You just need your ISP to make sure that the new address range is routed to the IP address you currently have on the MX WAN interface. The MX will then receive the traffic and NAT it as required.

 

 

View solution in original post

6 REPLIES 6
cmr
Kind of a big deal
Kind of a big deal

@Indetech you'll have a lot of issues trying to get this working with Meraki, if I were you I'd ask for a single new block and migrate off the existing.

 

The short explanation is that the MX doesn't support a second IP address / range on the WAN ports.

 

[Edit] turns out the above is not correct, as long as the ISP can point the secondary range to one of the primary range addresses, that you then assign to the MX interface (or virtual interface).  Apologies for the confusion.

I can do it that way. The block I was given is a larger block and would give me the total number of addresses I need. So other than needing to get a bunch of vendors reconfigured on the new subnet. I was hoping to not have to do that. this is a pretty critical network and shuffling around a bunch of endpoint addresses is considerable work and would need to be in the wee hours crap. Thank you for the response it was worth asking before just taking the more difficult route.

 

Just for my own information what is the functionality of adding a second WAN port? Or is the only use of that for creating a failover service, or site-to-site branch VPN through a separate circuit?

 

Bruce
Kind of a big deal

@Indetech, you should be able to get this to work just by doing 1:1 NAT on the MX for the new IP address range, you don't need to change the WAN interface on the MX at all - just do 1:1 NAT for the new IP addresses as you need them.

 

The MX doesn't care if these IP addresses are routable on the MXs WAN interface of not. You just need your ISP to make sure that the new address range is routed to the IP address you currently have on the MX WAN interface. The MX will then receive the traffic and NAT it as required.

 

 

After a good bit of reading, I was beginning to ask myself that question. Thank you for the feedback. I will get that tested this morning. Thank you

You are absolutely correct. the additional IP's are routing through the WAN interface even though they are a separate subnet from my WAN configuration. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels