Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

2 MXs with multple VLANs

Solved
Aztec_Ninja
Getting noticed
‎Sep 6 2023 9:12 AM
‎Sep 6 2023 9:12 AM

2 MXs with multple VLANs

Hello

We have TWO MXs configured with multiple VLANs.  I need to a device to access device across the MXs.  Is this possible without adding the VLAN to each MX?  Sorry if this is confusing or I am not explaining properly, but I am attaching a diagram to help.  Thank you for your help. 

 

Aztec_Ninja_0-1694016727089.png

 

0 Kudos
Subscribe
1 Accepted Solution
In response to Aztec_Ninja
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 6 2023 11:38 AM
‎Sep 6 2023 11:38 AM

No, the subnet must be the one you want to access from the peer side.

Like the image I sent, if on the MX1 you want to reach the 100.x.x.x network that is on the Mx2 then your route has to be as follows.

Subnet 100.x.x.x/24 (just an example) next hop 172.16.1.2 (MX2 interface IP).

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
Subscribe
11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 6 2023 9:20 AM
‎Sep 6 2023 9:20 AM

You need to add routes on each MX, but for that each MX needs to be on a link VLAN to be able to point the next hop.

So you can create vlan 999 (for example) with a /30 address on each MX and then just add the static routes.

 

alemabrahao_0-1694017158816.png

 

Or just configure  SD-WAN.

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 6 2023 9:24 AM
‎Sep 6 2023 9:24 AM

If you consider using SD-WAN (in my opinion it's the best way) don't forget that one of the MXes must be the HUB.

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
ww
Kind of a big deal
Kind of a big deal
‎Sep 6 2023 9:28 AM
‎Sep 6 2023 9:28 AM

I would choose static routes.

It saves you the impact/load of tunnel encryption on the mx, less latency on you sessions, and no mtu reduction

0 Kudos
Subscribe
In response to ww
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 6 2023 9:37 AM
‎Sep 6 2023 9:37 AM

Yes, I agree, but he also asked for a way without having to create another SVI, in which case SD-WAN "would be" the best way.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to ww
Aztec_Ninja
Getting noticed
‎Sep 6 2023 10:41 AM
‎Sep 6 2023 10:41 AM

To confirm the static route would live on the MX configured without the VLAN I need to reach, correct? 

 

Ill give this a shot, thanks again.

0 Kudos
Subscribe
In response to Aztec_Ninja
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 6 2023 10:45 AM
‎Sep 6 2023 10:45 AM

Yes, but you need to have a common VLAN on each MX with a configured IP, to point the next hop.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 6 2023 10:53 AM
‎Sep 6 2023 10:53 AM

Some thing like this.

alemabrahao_0-1694022774988.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
Aztec_Ninja
Getting noticed
‎Sep 6 2023 11:29 AM
‎Sep 6 2023 11:29 AM

I configured the common VLAN with a uniquire Gateway IP will save no issues.

 

The issue is now when I add the static Route, I use the subnet of the VLAN and next Hop IP, I get the following message:

 

  • Static lan route subnets cannot be contained by (or be equal to) a VLAN subnet.

Which subnet should I use when adding the static route to MX 2?  MX 2 is where I am adding the common VLAN. In your example I am using the VLAN 999 subnet 172.16.1.0/30 next hop 172.16.1.1

 

On MX1 I just added static route 172.16.1.0/30 next hop 172.16.1.2, this saved without error.

 

0 Kudos
Subscribe
In response to Aztec_Ninja
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 6 2023 11:38 AM
‎Sep 6 2023 11:38 AM

No, the subnet must be the one you want to access from the peer side.

Like the image I sent, if on the MX1 you want to reach the 100.x.x.x network that is on the Mx2 then your route has to be as follows.

Subnet 100.x.x.x/24 (just an example) next hop 172.16.1.2 (MX2 interface IP).

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Aztec_Ninja
Getting noticed
‎Sep 6 2023 12:04 PM
‎Sep 6 2023 12:04 PM

Ah I now see my mistake.  Static route is working, thank you for the help kind sir!  Virtual pint on me!!

 

 

 

 

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 6 2023 1:34 PM
‎Sep 6 2023 1:34 PM

The two MXs would need VLANs with unique subnets to make this work.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.