Static Route on MX can route IPs on same VLAN but not for a different VLAN

h_p
Conversationalist

Static Route on MX can route IPs on same VLAN but not for a different VLAN

So I'm fairly new to Meraki, mostly I've been handling the MR line of devices and just recently started a deployment for an MX 250.

I've successfully created the addressing and VLANs and all of that is working just fine. The issue is when I'm trying to reach the routes that the MX is knowing through a static route through one of the interfaces, this interface (not a WAN interface) is plugged in to a Mikrotik Router and the Mikrotik has a LAN segment 10.16.2.224/28 with the GW being 10.16.2.225 all of that is configured on the interface that goes directly to one of my MX interfaces.

 

On the other hand, the MX has the following configuration:

VLAN 10 - 10.16.2.224/28 | MX IP: 10.16.2.226

VLAN 40 - 192.168.1.0/24 | MX IP: 192.168.1.1

Static Route for a Subnet: 10.16.0.0/24 with Gateway IP: 10.16.2.225 (Mikrotik's interface IP)

 

The 10.16.0.0/24 subnet is because it reaches a Virtual PBX through the 10.16.0.26.

I can successfully reach the 10.16.0.26 when trying to ping with a VLAN 10 source, but when I try to use VLAN 40 as a source I'm unable to reach those routes.

We need the phones that will be registering to the PBX to have an IP from the 192.168.1.x subnet.

The PBX has the 192.168.1.0/24 subnet allowed, and the PBX provider has turned off all firewall settings so we could do some testing but still no luck.

 

Worth mentioning that the customer was previously using a Fortigate device and they had this configuration and it was working just fine for them.

 

I'll appreciate any input from the community.

 

Thanks.

 

8 Replies 8
MyHomeNWLab
A model citizen

Is routing to 192.168.1.0/24 configured in Mikrotik?
I was curious if there is a return path for communication.

h_p
Conversationalist

I'm assuming it is, considering the Fortigate which was previously connected to the Mikrotik was able to reach the 10.16.0.26 with any of the 192.168.1.0/24 IPs.

 

 

MyHomeNWLab
A model citizen

Is it possible that Source NAT was configured in ForiGate?
I think FortiGate had a Source NAT (LAN-to-WAN) setting in the default configuration depending on the model.

 

For LAN-to-LAN communication, Meraki MX does not Source NAT.
So, if routing is not configured, communication may not be possible.

h_p
Conversationalist

I'm not sure, but I'll look into it.

 

If this were to be the case, how would I go around it? Can I configure something similar on Meraki?

MyHomeNWLab
A model citizen

I think you should organize the information.

My understanding is that the current situation is as follows

 

01.jpg

 

If you want Meraki to do something similar to FortiGate, the question arises. how does it connect to the Internet?

 

02.jpg

 

Without information on the entire network, the optimum cannot be found.

Mike6116
Getting noticed

i see you have the IP 10.16.2.225 as the GW for the Mikrotik  but this has to be the MX IP wich will be  10.16.2.226 

h_p
Conversationalist

I have the 10.16.2.225 as a gateway for the static route, it's my next hop IP, that's why I'm using that instead of 10.16.2.226. The static route is working, but only for IPs on VLAN 10: 10.16.2.224/28.

 

jsanchez-dattic
New here

@h_p Were you able to solve this issue? We're having a similar issue.

Get notified when there are additional replies to this discussion.