I have a MX-85
i have it setup and working.. Site to site, VPN and Local connections.
I keep an eye on the event logs, Here are some events i need help fixing or understanding..
- DHCP problem not enough addresses. (needing to expand the subnet to /23) when i try to do this it appears one of the site to site communications doesn't work..
- VLAN mismatch - Its on default VLAN 0
- Security & SD-WAN -> Route Table: shows some red on local connection.
I would like some help configuring to become more stable and reliable.
check system logs for more details..
Can you show your configurations? Do you have a topology? Do you have a switch below MX?
ok I will try to lay it all out to easily see and understand the setup..
Internet--> 1.MX85 - Downlink to SW1->downlink to SW2 & SW3..
my setup and network isn't complex.. i have 3x 48 port switches
LAN is 192.168.1.0/24
I have remote/cloud access to all equipment.. if need to maybe do a remote session sometime to look at things closer.. I know pictures can be tough at times..
Hi,
Well, It's non Meraki peer VPN, do you have access to Peer? On peer probably is configured subnet 192.168.1.0/24 as interesting traffic, so who configured it, needs to change the interesting traffic for 192.168.1.0/23 after change your configuration mask on MX.
On Vlan Mismatch I can see that It's another IP range 192.168.137.x. Do You have another DHCP server on your network? If not, you have to investigate it.
ok, makes sense
- i will have to check into the peer, Our heaquaters in korea has established that vpn.
- DHCP i re-structured our whole building, upgraded to cat6a and updated all network equipment..
there are only those devices listed. MX85, Unify switches and Ap's, ( i have taken all netgear routers and other devices they had everywhere ) I will investigate and see if i can locate it.. the MX-85 should be only one thats DHCP server..
I have looked for any DHCP server and i can not seem to find it anywhere..
- i have located device in the client list..shows online and has correct IP, Look at pic
i dont know what the other IP range is. i looked in to route tables. I can not seem to identify it..
d
I can see tow different IPs for the same Mac Address:
192.168.137.2 and 192.168.137.5, according Mac Vendors the MAC Address 04:7b:cb:15:ed:59 Is a Universal Global Scientific Industrial Co., Ltd., It looks like an Access Point (I'm not sure).
Do you have some access point with this MAC?
Any chance it's a static IP host?
Have you tried to find this mac on MAC address table of your switches?
So i discovered where it is located
Sw2 on port3..It appears to be a VOIP phone Yealink SIP-T46S i will check tomarow to see what settings it is.. its possible it was setup useing a static IP..
So i found Sw2- port 3 connecting to Voip phone -> Pc port from phone connecting to -> a 8port switch and from switch -> going to printer (MAC we been searching for) and lenovo labtop (setup as static IP 192.168.137.1)
Solution: Made sure both printer and labtop is DHCP..
Great 😄
Thank for your help with understanding what was going on with issue i don't see that coming up anymore.
this is what's showing now,
- Non-Meraki / Client VPN negotiation (not sure if this is a normal msg just stating a non-Meraki connection being made) It must be a peer config on korea end..
- I need to re-subnet to a /23 because we are reaching the threshold. less than 30% (not critical but i would like to work on what i need for doing that)
It looks fine now.
Now you just need to change the interesting traffic for 192.168.1.0/23 after change your configuration mask on interface VLAN on MX.