I am having an issue the is related to an issue that @BrechtSchamp solved about a year ago. This has some added complexity to it though.
https://community.meraki.com/t5/Switching/Meraki-and-Comcast-EDI/m-p/36808
We have a Comcast EDI connection where Comcast provides a non-routable "WAN" /30 network and a routable public "LAN" /27 network. They are doing this to save more IP addresses. See the community post I linked above for details,I have setup my MS250-48 the same way, but I have and IPS appliance that my data passes through that is causing the DNS to fail. During this time, though ICMP pings and access via IP address is successful.
Because DNS is failing, I cannot get to the URL of my sites and my Meraki MX250 Firewall is showing the WAN status is in a "failed state."
My physical routing is as follows (All switchports are access ports)
Comcast ISP - switchport 1 on VLAN 2000
MS250 L3 Interface VLAN 2000 -This allows access to the /30 Comcast provided.
MS250 L3 Interface VLAN 2002 - This allows access to the /27 Comcast provided.
IPS Appliance Ext Interface - switchport 2 on VLAN 2002 - This allows the IPS to be inline with the /27 ISP connection.
IPS Appliance Int Interface - switchport 3 on VLAN 2004 - This is a different VLAN so that my MX firewall traffic is forced through the IPS appliance.
MX250 Firewall WAN 1 - switchport 4 on VLAN 2004.
The really strange part is that when I run a packet capture on switchport 1, during the entire time of the packet capture, DNS begins to work, but when the capture finishes, it stops again.
I contacted support and they stated that because I am using the IPS to go from VLAN 2004 to 2002, that routing isn't possible, but I wanted to reach out to the community since routing is working, just not DNS...except when I run a packet capture.
