Routing question

Sebastian
New here

Routing question

My setup is MX400 - Gi1/1/1 External Switch Gi1/1/2 - Internet

 

My ISP has given me a block of IPs, say 216.1.1.1/24. we use 216.1.1.253 as our public IP, and that is what the MX IP is. 

 

In order to get to the internet though I have to use IP 207.1.1.1 with next hop 207.1.1.2. 

 

So on the external switch i have a vlan 10 configured with ip address 216.1.1.254 255.255.255.0.

 

Gi1/1/1

switchport access vlan 10

 

Gi1/1/2

no switchport

ip address 207.1.1.1

 

ip route 0.0.0.0 0.0.0.0 207.1.1.2

ip route 216.1.1.0 255.255.255.255.0 216.1.1.253

 

My question is, can I do this  on just the Meraki or do I have to have an external switch to do the routing. 

 

 

Thank you

6 REPLIES 6
Chris_M
Getting noticed

Are you using the public IP block for servers behind the MX?

 

I use MX84 and we have a block of public IP but the next hop IP is within that IP address range.

 

You can have your MX with 207.1.1.1 and "gateway" or next-hop 207.1.1.2. Use 1:1 NAT or 1:Many to accept 216.1.1.0/24 address and point them to where you want.

 

I am not sure if that is what you're looking for or if you are required to use 216.1.1.253 on the MX. But the above proposed solution does remove the external switch.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator

We use some of those IPs for servers behind the MX but the .253 is for all outgoing web traffic. 

Adam
Kind of a big deal

To simplify things for a moment, if you were to put the IP settings directly on a computer and connect it to the ISP.  Would you need to put the 216.1.1.253 or 207.1.1.1?

 

Typically the ISP will give you a /30 to use on your firewall (MX internet interface).  So maybe that is the 207.1.1.1 with gateway 207.1.1.2?  Then they usually bind the external IP block(s) to that IP range.  So the 216.1.1.0/24 would bind to the 207.1.1.1 address above.  So you could assign/NAT those addresses 1:1 directly on the MX.  Example 216.1.1.2 could NAT to something on your internal LAN 192.168.1.2.  

 

But I suppose it is possible that some ISPs do stuff differently/strangely.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

I can put either 216.1.1.253 or 207.1.1.1, but as far as I know I really should keep it 216.1.1.253. I will investigate a little bit to be sure, thank you for the response. 

PhilipDAth
Kind of a big deal
Kind of a big deal

Yes you can put this directly on the Meraki - however - all outbound requests from the Meraki would now appear to come from 207.1.1.1, and VPNs would need to use that as well.

 

Your public IP block could still be used for NATing to internal hosts and servers.

Thank  you Philip, I guess that it what I was looking for. I do not want to change my public IP, all web traffic should come from 216.1.1.253, if there is no way to accomplish that then I will keep the external switch in place. Thank you everyone for the responses. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels