Static IP Assignment on a Cisco Meraki MX100 ports

mugrene
Here to help

Static IP Assignment on a Cisco Meraki MX100 ports

Greetings;

I have MX100 installed and unfortunately I failed to assign a static IP to a its port.

Bellow is the topology:

mugrene_0-1594112019804.png

 

How should I assign this IP 10.10.254.1 to port 3 of my Meraki MX100?

Regards;

 

12 REPLIES 12
rwiesmann
A model citizen

choose under per port vlan settings the according port and push edit...in the menu you can define the vlan it should be in and if it is an access port or a trunk

 

rwiesmann_0-1594112840959.png

 

Hi @rwiesmann 

 

Thank you for the quick reply;

For more information, I need to replace the existing Cisco ASA firewall by new purchase Meraki MX100.

This Cisco ASA firewall is connected to the switch with the following configs

 

FOR ASA:

 

interface GigabitEthernet0/2
  nameif inside-c1
  security-level 100
  ip address 10.10.254.1 255.255.255.248

 

 

 

FOR SWITCH

 

interface FastEthernet0/1
  description LINK TO FIREWALL
  no switchport
  ip address 10.10.254.3 255.255.255.248

 

 

Will I need to change some configs on the switch? Probably changing switchport to trunk

ww
Kind of a big deal
Kind of a big deal

You dont  need a trunk. Create the  vlan and assign  the ip. Set the port to access  and assign the vlan you just created

depends on how your setup looks like...

but if you only have one vlan to the switch.

assign the vlan, the according ip address and use access

that's it

Hi @mugrene .

If you have some VLANs and you want route it from MX you need trunk, if you route the vlan from switch you don't need trunk.

 

If you have only one vlan you can use 10.10.254.1 as default gateway and use the port in the switch as switchport.

Regards,

rhbirkelund
Kind of a big deal

Since you are replacing an ASA with an MX, I'll just have to say this.

 

A Meraki MX100 is not a Cisco ASA firewall.

 

So don't be surprised if there is some functionality in an ASA that isn't present on an MX. I've had my fair share of rogue Sales persons, thinking an MX can simply replace an ASA, without having looked into the running configuration.

 

You can not assign an IP address to an physical interface of an MX (or any other Meraki product). So in order to obtain what you are depicting, you'll have to create a VLAN on the MX, and assign it an IP, and a SVI interface on your core switch. Just as others already have mentioned. 

 

Basically, what you are doing is, a Layer 3 topology as described in https://documentation.meraki.com/Architectures_and_Best_Practices/MX_and_MS_Basic_Recommended_Layer_...

 

Assuming you are handling DHCP somewhere else, then creating the VLAN on the MX, remember to disable the DHCP server, that is created by default. 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

Hi @rhbirkelund 

Thank you for the guidance

As you can see, I will definitely have to replace Cisco ASA 5525-X and Elfiq Link Balancer by Meraki MX100.

The issue I am getting now is connecting VPN router (10.10.254.10) and VoIP router (10.10.254.18) to Meraki MS390 as shown bellow, to assign an IP address to Meraki device is impossible.

We are using this VPN router because all other field officeS get internet through our HQ

What might be the way forward?

 

 

mugrene_0-1600082721448.png

 

Thank you

 

rhbirkelund
Kind of a big deal

Why is it impossible to assign an IP address to your MS390?

Create a new VLAN on the MX100 for Meraki Management, and either assign the Meraki switch an IP statically, or use DHCP on the Meraki Management VLAN.

rbnielsen_0-1600281220342.png

 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

Hi @rhbirkelund 

 

The challenge I am facing is to assign an IP address to ports of meraki MS390 that will be connecting to those two routers (VPN and VoIP router). Find bellow the current configs I have as per below topology:

 

 

CORE SWITCH to VPN ROUTER

===========================

interface FastEthernet0/23

    description LINK TO VPN ROUTER
    no switchport
    ip address 10.10.254.9 255.255.255.248

 

 

interface GigabitEthernet0/0
   description LINK TO CORE SWITCH
   ip address 10.10.254.10 255.255.255.248
   duplex auto
   speed auto

 

 

CORE SWITCH to VoIP ROUTER

===========================

interface FastEthernet0/21

    description LINK TO VoIP ROUTER
    no switchport
    ip address 10.10.254.17 255.255.255.248

 

 

interface GigabitEthernet0/0/0

   description LINK TO CORE SWITCH
   ip address 10.10.254.18 255.255.255.248
   ip helper-address 10.10.0.4
   negotiation auto
   h323-gateway voip interface
  h323-gateway voip bind srcaddr 10.10.254.18

 

 

How can I configure the MS390 as well as VPN and VoIP router, remember routers have route ports

 

 

mugrene_0-1600325764166.png

 

rhbirkelund
Kind of a big deal

There are no such thing as routed ports in Meraki.
You'll have to create a VLAN on the MS390, and assign IPs to that. It is not possible to assign IP addresses to ports on Meraki.

The only "routed port" there is, is the WAN uplink on the MX Security Appliance.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

Hi @rhbirkelund 

Thank you for quick reply;

If I create VLAN on MS390, that means I have to have switchport on another hand i.e for neighbor routers unfortunately routers I have don't have switchport, they have routed ports. How can I handle this?
Thank you!

rhbirkelund
Kind of a big deal

It shouldn't be neccessary to have a switchport at both ends.
Create an SVI on the MS390, assign a port as access to that VLAN, and connect the VoIP router to said access port.
You should be able to ping between the VoIP router and SVI.
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels