2 MXs with multple VLANs

Solved
Aztec_Ninja
Getting noticed

2 MXs with multple VLANs

Hello

We have TWO MXs configured with multiple VLANs.  I need to a device to access device across the MXs.  Is this possible without adding the VLAN to each MX?  Sorry if this is confusing or I am not explaining properly, but I am attaching a diagram to help.  Thank you for your help. 

 

Aztec_Ninja_0-1694016727089.png

 

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

No, the subnet must be the one you want to access from the peer side.

Like the image I sent, if on the MX1 you want to reach the 100.x.x.x network that is on the Mx2 then your route has to be as follows.

Subnet 100.x.x.x/24 (just an example) next hop 172.16.1.2 (MX2 interface IP).

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal

You need to add routes on each MX, but for that each MX needs to be on a link VLAN to be able to point the next hop.

So you can create vlan 999 (for example) with a /30 address on each MX and then just add the static routes.

 

alemabrahao_0-1694017158816.png

 

Or just configure  SD-WAN.

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

If you consider using SD-WAN (in my opinion it's the best way) don't forget that one of the MXes must be the HUB.

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ww
Kind of a big deal
Kind of a big deal

I would choose static routes.

It saves you the impact/load of tunnel encryption on the mx, less latency on you sessions, and no mtu reduction

alemabrahao
Kind of a big deal
Kind of a big deal

Yes, I agree, but he also asked for a way without having to create another SVI, in which case SD-WAN "would be" the best way.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Aztec_Ninja
Getting noticed

To confirm the static route would live on the MX configured without the VLAN I need to reach, correct? 

 

Ill give this a shot, thanks again.

alemabrahao
Kind of a big deal
Kind of a big deal

Yes, but you need to have a common VLAN on each MX with a configured IP, to point the next hop.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

Some thing like this.

alemabrahao_0-1694022774988.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Aztec_Ninja
Getting noticed

I configured the common VLAN with a uniquire Gateway IP will save no issues.

 

The issue is now when I add the static Route, I use the subnet of the VLAN and next Hop IP, I get the following message:

 

  • Static lan route subnets cannot be contained by (or be equal to) a VLAN subnet.

Which subnet should I use when adding the static route to MX 2?  MX 2 is where I am adding the common VLAN. In your example I am using the VLAN 999 subnet 172.16.1.0/30 next hop 172.16.1.1

 

On MX1 I just added static route 172.16.1.0/30 next hop 172.16.1.2, this saved without error.

 

alemabrahao
Kind of a big deal
Kind of a big deal

No, the subnet must be the one you want to access from the peer side.

Like the image I sent, if on the MX1 you want to reach the 100.x.x.x network that is on the Mx2 then your route has to be as follows.

Subnet 100.x.x.x/24 (just an example) next hop 172.16.1.2 (MX2 interface IP).

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Aztec_Ninja
Getting noticed

Ah I now see my mistake.  Static route is working, thank you for the help kind sir!  Virtual pint on me!!

 

 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

The two MXs would need VLANs with unique subnets to make this work.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels