multi subnet NAT on MX100

ciscofan
New here

multi subnet NAT on MX100

Hi,

Can meraki do muliple subnet NATing ?  in other words can it do this - https://www.tp-link.com/us/faq-887.html ?

 

my setup is:

 

2960 --- MX100 --- Internet

 

2960 has multiple VLAN svi X, Y, Z etc.  only the native VLAN subnet - X has internet, others don't.

 

on meraki i have LAN port configured as trunk to 2960 with subnet X as the native vlan.  also added static route on MX for each of subnet Y, Z etc with next-hop of 2960 X subnet ip

7 REPLIES 7
ww
Kind of a big deal
Kind of a big deal

yes, and you don't need a layer3 switch to use multiple subnets. a MX + layer2 switches is enough.

 

https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Networking_fundam...

Adam
Kind of a big deal

What specifically are you trying to accomplish/NAT?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

ability to NAT subnets Y,Z

thanks but this is router-on-a-stick setup....my L3 sw does the inter-vlan routing.  All i want is the non-manage/non-native vlans to be able to NAT using the same MX internet uplink

MRCUR
Kind of a big deal

As long as your 2960 switch has a static default route to the MX and the MX has static routes back to the 2960 subnets, this will work fine. You can leave the MX in the default "single LAN/no VLAN" mode when doing this setup. 

 

All of the 2960 subnets will be NAT'd the MX's WAN IP. 

MRCUR | CMNO #12

ok, if i disable routing and use "single LAN", would the LAN port (under 'Per-port VLAN) be set as "access" port towards 2960 sw port ?

MRCUR
Kind of a big deal

Single LAN does not disable routing on the MX. You'll still need to define an appropriate subnet for the single LAN so there is connectivity between the MX and 2960. I typically set up a /30 for this since it's just a point to point connection. 

 

You can leave the MX LAN port as an access port though. 

MRCUR | CMNO #12
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels