Meraki

Community

Traffic is routing from my 10gig switch back through the MX

Solved
RumorConsumer
Head in the Cloud
‎Dec 1 2021 5:48 PM
‎Dec 1 2021 5:48 PM

Traffic is routing from my 10gig switch back through the MX

Hello!

 

I have an MX68 set up with multiple VLANs.

 

I have the network hardware and APs on 1, the clients on 4, and a special VLAN 12 set up for me for a specific purpose.

 

I have a Synology with 2 10gig LAN ports, both connected to a 10gig Mikrotik switch acting in switch mode. One port is set to VLAN 4 and it properly pulls the VLAN 4 IP, no problem. The other port is set to VLAN12, and it properly pulls that VLAN IP. The issue is I just noticed that if I am doing a copy from another 10gig client on VLAN 4 to a SMB share logged into via IP on that VLAN12 NAS port, the traffic is not staying within the MikroTik switch. It is going all the way back to the gigabit port on the MX and then back out. What causes that route to get picked? 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
0 Kudos
1 Accepted Solution
MilesMeraki
Head in the Cloud
‎Dec 1 2021 6:42 PM
‎Dec 1 2021 6:42 PM

Sounds like the Mikrotik is just acting as a layer 2 switch. As you have created multiple different VLAN's (Broadcast domains/Virtual networks) which terminate on to the Meraki MX, if a client from network A tries to communicate with a client in network B it must go through the MX appliance regardless of the shortest physical path. This is called network segmentation. Normally as the MX acts as a firewall you can firewall the traffic to deny or allow it.

 

To overcome this the NAS and client must be on the same VLAN/Network.

 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

View solution in original post

6 Replies 6
MilesMeraki
Head in the Cloud
‎Dec 1 2021 6:42 PM
‎Dec 1 2021 6:42 PM

Sounds like the Mikrotik is just acting as a layer 2 switch. As you have created multiple different VLAN's (Broadcast domains/Virtual networks) which terminate on to the Meraki MX, if a client from network A tries to communicate with a client in network B it must go through the MX appliance regardless of the shortest physical path. This is called network segmentation. Normally as the MX acts as a firewall you can firewall the traffic to deny or allow it.

 

To overcome this the NAS and client must be on the same VLAN/Network.

 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
In response to MilesMeraki
RumorConsumer
Head in the Cloud
‎Dec 1 2021 6:47 PM
‎Dec 1 2021 6:47 PM

Damn it. Ok. The switch has a router mode but I don’t love it. But it sounds like it would be aware enough to avoid this problem. Is there any other way to fix this?

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Dec 1 2021 6:45 PM
‎Dec 1 2021 6:45 PM

For the traffic flow you described, it sounds like the default gateway for VLAN 4 or VLAN 12 (or both) reside on the upstream MX.

0 Kudos
In response to Brash
RumorConsumer
Head in the Cloud
‎Dec 1 2021 6:48 PM
‎Dec 1 2021 6:48 PM

Correct. 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
0 Kudos
In response to RumorConsumer
Brash
Kind of a big deal
Kind of a big deal
‎Dec 1 2021 6:58 PM
‎Dec 1 2021 6:58 PM

In that case, to keep the network traffic on the Mikrotik switch, you'll need to create a VLAN interface on the Microtik switch for the VLAN's and set it as the default gateway instead. 
Otherwise you can connect both the NAS and the client on the same VLAN.

In theory you can also 

0 Kudos
In response to Brash
RumorConsumer
Head in the Cloud
‎Dec 1 2021 7:13 PM
‎Dec 1 2021 7:13 PM

I just put them on the same VLAN. its fine. I was trying to avoid the chance that somebody uses the wrong port (I want to keep one open) and this was my attempt which failed. its ok this works fine.

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.