Subnetting

DerekSR
Here to help

Subnetting

I have a MX-85

 

i have it setup and working.. Site to site, VPN and Local connections.

 

I keep an eye on the event logs, Here are some events i need help fixing or understanding.. 

 

- DHCP problem not enough addresses. (needing to expand the subnet to /23) when i try to do this it appears one of the site to site communications doesn't work..
- VLAN mismatch - Its on default VLAN 0
- Security & SD-WAN -> Route Table: shows some red on local connection. 

 

I would like some help configuring to become more stable and reliable. Capture4.JPG


check system logs for more details..

11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal

Can you show your configurations? Do you have a topology? Do you have a switch below MX?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
DerekSR
Here to help

ok I will try to lay it all out to easily see and understand the setup.. 

 

Internet--> 1.MX85 - Downlink to SW1->downlink to SW2 & SW3..

my setup and network isn't complex.. i have 3x 48 port switches

LAN is 192.168.1.0/24

 

I have remote/cloud access to all equipment.. if need to maybe do a remote session sometime to look at things closer.. I know pictures can be tough at times.. 

 

MX85MX85Unify DevicesUnify DevicesSW2SW2SW1SW1SW3SW3DHCP StatusDHCP StatusScreenshot 2022-09-27 201619.jpgScreenshot 2022-09-27 201740.jpgScreenshot 2022-09-27 201619.jpg

alemabrahao
Kind of a big deal
Kind of a big deal

Hi,

 


Well, It's non Meraki peer VPN, do you have access to Peer? On peer probably is configured subnet 192.168.1.0/24 as interesting traffic, so who configured it, needs to change the interesting traffic for 192.168.1.0/23 after change your configuration mask on MX.


On Vlan Mismatch I can see that It's another IP range 192.168.137.x. Do You have another DHCP server on your network? If not, you have to investigate it.

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
DerekSR
Here to help

ok, makes sense

- i will have to check into the peer, Our heaquaters in korea has established that vpn. 

- DHCP i re-structured our whole building, upgraded to cat6a and updated all network equipment.. 

there are only those devices listed. MX85, Unify switches and Ap's, ( i have taken all netgear routers and other devices they had everywhere ) I will investigate and see if i can locate it.. the MX-85 should be only one thats DHCP server..

DerekSR
Here to help

I have looked for any DHCP server and i can not seem to find it anywhere.. 

 - i have located device in the client list..shows online and has correct IP,  Look at pic 

i dont know what the other IP range is. i looked in to route tables. I can not seem to identify it..

 

 

device is online, Mac address compare to event log.device is online, Mac address compare to event log.event log.event log.

ddid not find any DHCP server on that IP rangedid not find any DHCP server on that IP rangeuseing the IP addressuseing the IP addresscorrect DHCP server..only 1correct DHCP server..only 1

alemabrahao
Kind of a big deal
Kind of a big deal

I can see tow different IPs for the same Mac Address:

alemabrahao_0-1664391616313.png

 

192.168.137.2 and 192.168.137.5, according Mac Vendors the MAC Address 04:7b:cb:15:ed:59 Is a Universal Global Scientific Industrial Co., Ltd., It looks like an Access Point (I'm not sure).

 

Do you have some access point with this MAC? 

 

Any chance it's a static IP host?

 

Have you tried to find this mac on MAC address table of your switches?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
DerekSR
Here to help

So i discovered where it is located

Sw2 on port3..It appears to be a VOIP phone Yealink SIP-T46S i will check tomarow to see what settings it is.. its possible it was setup useing a static IP.. 

 

Found the MAC/Device - I Disabled portFound the MAC/Device - I Disabled port

DerekSR
Here to help

 

So i found Sw2- port 3 connecting to Voip phone -> Pc port from phone connecting to -> a 8port switch and from switch -> going to printer (MAC we been searching for) and lenovo labtop (setup as static IP 192.168.137.1)   

 

Solution: Made sure both printer and labtop is DHCP.. 

 

 

 

HP PrinterHP Printer

 

Lenovo LabtopLenovo Labtop

alemabrahao
Kind of a big deal
Kind of a big deal

Great 😄

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
DerekSR
Here to help

Thank for your help with understanding what was going on with issue i don't see that coming up anymore. 

 

this is what's showing now, 

 

- Non-Meraki / Client VPN negotiation (not sure if this is a normal msg just stating a non-Meraki connection being made) It must be a peer config on korea end..

- I need to re-subnet to a /23 because we are reaching the threshold. less than 30% (not critical but i would like to work on what i need for doing that)

 

 

Screenshot 2022-09-29 120025.jpgScreenshot 2022-09-29 120123.jpg

alemabrahao
Kind of a big deal
Kind of a big deal

It looks fine now. 

 

Now you just need to change the interesting traffic for 192.168.1.0/23 after change your configuration mask on interface VLAN on MX.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels