Greetings;
I have MX100 installed and unfortunately I failed to assign a static IP to a its port.
Bellow is the topology:
How should I assign this IP 10.10.254.1 to port 3 of my Meraki MX100?
Regards;
choose under per port vlan settings the according port and push edit...in the menu you can define the vlan it should be in and if it is an access port or a trunk
Hi @rwiesmann
Thank you for the quick reply;
For more information, I need to replace the existing Cisco ASA firewall by new purchase Meraki MX100.
This Cisco ASA firewall is connected to the switch with the following configs
FOR ASA:
interface GigabitEthernet0/2
nameif inside-c1
security-level 100
ip address 10.10.254.1 255.255.255.248
FOR SWITCH
interface FastEthernet0/1
description LINK TO FIREWALL
no switchport
ip address 10.10.254.3 255.255.255.248
Will I need to change some configs on the switch? Probably changing switchport to trunk
You dont need a trunk. Create the vlan and assign the ip. Set the port to access and assign the vlan you just created
depends on how your setup looks like...
but if you only have one vlan to the switch.
assign the vlan, the according ip address and use access
that's it
Hi @mugrene .
If you have some VLANs and you want route it from MX you need trunk, if you route the vlan from switch you don't need trunk.
If you have only one vlan you can use 10.10.254.1 as default gateway and use the port in the switch as switchport.
Regards,
Since you are replacing an ASA with an MX, I'll just have to say this.
A Meraki MX100 is not a Cisco ASA firewall.
So don't be surprised if there is some functionality in an ASA that isn't present on an MX. I've had my fair share of rogue Sales persons, thinking an MX can simply replace an ASA, without having looked into the running configuration.
You can not assign an IP address to an physical interface of an MX (or any other Meraki product). So in order to obtain what you are depicting, you'll have to create a VLAN on the MX, and assign it an IP, and a SVI interface on your core switch. Just as others already have mentioned.
Basically, what you are doing is, a Layer 3 topology as described in https://documentation.meraki.com/Architectures_and_Best_Practices/MX_and_MS_Basic_Recommended_Layer_...
Assuming you are handling DHCP somewhere else, then creating the VLAN on the MX, remember to disable the DHCP server, that is created by default.
Hi @rhbirkelund
Thank you for the guidance
As you can see, I will definitely have to replace Cisco ASA 5525-X and Elfiq Link Balancer by Meraki MX100.
The issue I am getting now is connecting VPN router (10.10.254.10) and VoIP router (10.10.254.18) to Meraki MS390 as shown bellow, to assign an IP address to Meraki device is impossible.
We are using this VPN router because all other field officeS get internet through our HQ
What might be the way forward?
Thank you
Why is it impossible to assign an IP address to your MS390?
Create a new VLAN on the MX100 for Meraki Management, and either assign the Meraki switch an IP statically, or use DHCP on the Meraki Management VLAN.
Hi @rhbirkelund
The challenge I am facing is to assign an IP address to ports of meraki MS390 that will be connecting to those two routers (VPN and VoIP router). Find bellow the current configs I have as per below topology:
CORE SWITCH to VPN ROUTER
===========================
interface FastEthernet0/23
description LINK TO VPN ROUTER
no switchport
ip address 10.10.254.9 255.255.255.248
interface GigabitEthernet0/0
description LINK TO CORE SWITCH
ip address 10.10.254.10 255.255.255.248
duplex auto
speed auto
CORE SWITCH to VoIP ROUTER
===========================
interface FastEthernet0/21
description LINK TO VoIP ROUTER
no switchport
ip address 10.10.254.17 255.255.255.248
interface GigabitEthernet0/0/0
description LINK TO CORE SWITCH
ip address 10.10.254.18 255.255.255.248
ip helper-address 10.10.0.4
negotiation auto
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.10.254.18
How can I configure the MS390 as well as VPN and VoIP router, remember routers have route ports
There are no such thing as routed ports in Meraki.
You'll have to create a VLAN on the MS390, and assign IPs to that. It is not possible to assign IP addresses to ports on Meraki.
The only "routed port" there is, is the WAN uplink on the MX Security Appliance.
Hi @rhbirkelund
Thank you for quick reply;
If I create VLAN on MS390, that means I have to have switchport on another hand i.e for neighbor routers unfortunately routers I have don't have switchport, they have routed ports. How can I handle this?
Thank you!