cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secondary IP addresses on interfaces on MX devices?

SOLVED
Highlighted
Conversationalist

Secondary IP addresses on interfaces on MX devices?

Does anyone else have a need for secondary IP addresses on interfaces on MX devices?  I have seen customers that are trying to leverage MX to replace SMB firewall products and they need support for an additional /29 on the WAN interface to allow for additional 1:1 NAT configurations.  I feel like this is a shortfall but curious if others see it the same way. Also helps with migrations/re-ip addressing of subnets on internal interfaces at times.

 

[Mod comment: changing thread title to reflect thread contents!]

1 ACCEPTED SOLUTION

Accepted Solutions
Meraki Employee

Re: Secondary IP addresses on interfaces on MX devices?

5 REPLIES 5
Kind of a big deal

Re: Secondary IP addresses on interfaces on MX devices?

Hey @NCITPro. I'm a little confused by your statements. In my experience with firewalls 1:1 NAT and secondary IP addresses have no relationship. In every case I've ever worked on, the Meraki MX included, 1:1 NATs are more akin to a VIP as opposed to a secondary address. If you have a /29 for your WAN subnet you can configure 1:1 NAT on an MX for the unused addresses in that subnet. You can also configure 1:1 NAT for addresses in another subnet. 

 

 

Kind of a big deal

Re: Secondary IP addresses on interfaces on MX devices?

I'd with @jdsilva - these are two seperate things.  You just get the extra /29 routed towards the MX and configure 1:1 NAT.  I've done it several times before and it works fine.

Meraki Employee

Re: Secondary IP addresses on interfaces on MX devices?

Conversationalist

Re: Secondary IP addresses on interfaces on MX devices?

Thanks.  I have not had a chance to try it yet but in looking at how I would do it, I expected to need to be able to configure it on an interface somehow.  I even stopped by the Meraki zone at CLUS the other week and asked.  I was told to assign it to an interface, even if that interface was not in use but I cannot use those IPs in NAT if I did it on a non-WAN interface.  I will certainly give this a shot when the addresses get assigned this week.

Conversationalist

Re: Secondary IP addresses on interfaces on MX devices?

Thanks Philip. I have not had a chance to try it yet but in looking at how I would do it, I expected to need to be able to configure it on an interface somehow. I even stopped by the Meraki zone at CLUS the other week and asked. I was told to assign it to an interface, even if that interface was not in use but I cannot use those IPs in NAT if I did it on a non-WAN interface. I will certainly give this a shot when the addresses get assigned this week.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.