I have two sister companies in the same building. Our ISP provided us two WAN IPs but the modem only has 1 uplink port.
We have a Meraki ms125 switch. What would be best practice for a setup like this:
1. Port 1 = WAN UPLINK from ISP
2. Port 2 = Internet 1 port on First MX
3. Port 3 = Internet 1 port on Second mX
4. Each MX internet port configured with the WAN IP from the ISP
In this setup, how would I have to create a VLAN on ports 1 2 and 3 on the switch? Trunk or access? Or would I only do access port on PORT 1, and then tag on the UPLINK port on the MX to use VLAN on that section?
You need to know whether the ISP is separating the IP addresses on different VLANs, if they are then you need to use VLANs, if they’re not then you won’t. If they are using VLANs then you’ll need a trunk on Port 1 that allows the VLANs that the ISP is providing, then you use access ports to the MXes, one acess port assigned to each VLAN. If the ISP isn’t using VLANs then you just use access ports - the VLAN for those access ports doesn’t matter so long as they are all the same.
Thanks for this - I got it working how I originally suggested. I am about to call the ISP though but wanted to see if you or anyone thinks this is an issue. Now on the client list I see devices from the ISP, not sure what they are, looks like all their stuff and mostly public IP addresses. If I click on my port 1 on the switch and look at current clients there is a list that keeps changing with new IPs.
If the addressing of the ISP comes from the same pool then it's going to be a flat VLAN.
But I don't see any problem here.
Just define an external VLAN on the switch and put both MX'es and the ISP router on their own ACCESS ports on that VLAN. Or if it's tagged, then TRUNK but only allow the external VLAN.
Then make sure your switch if it is also serving internal clients all trunks towards other switches DO NOT allow the external VLAN across them.