I have trunked a connection on an external VLAN to our Meraki MS225 (10.4.2.0/24). Our layer 3 routing on the Meraki devices is carried out at the MX level, which contains the VLAN's and subnets. Should i create a layer 3 interface on the external network/VLAN on the switch or do I add this as a routed subnet on the MX?
I have tried both, with the interface created on the MS I have connectivity on the external network and can get to the gateway (10.4.2.1) when sourced from it's own interface (10.4.2.10). However, there is no inter-VLAN routing as I can't get to the network from the AP's which are based on the 192.168.10.0 network. The whole point of this is to have access to a RADIUS server on 10.4.2.0 for Wireless authentication.
I look forward to a response.
Looks like you would need to configure a static route for the routing. I believe in your scenario you would configure the static route for the subnet 192.168.10.0 and have the Next Hop IP as that of your gateway (10.4.2.1).
Do you also have a default route configured for traffic?
I have tried this with the layer 3 interface on the switch, this interface can then communicate with the 10.4.2.0 network as expected but the AP’s and other devices can’t route to this network/don’t get a ping response. I’m guessing this is because there’s no route on the MX, which is where all of our VLAN’s and gateways are based. I have tried having a L3 interface on the switch, having a routed VLAN on the MX as well as a combination of both, I still can’t get this to work. With this created on the MX in the ‘addressing and VLANs’ section, I don’t get any connectivity with 10.4.2.0 at all.
I have also tried adding static routes, this gives me an error telling me that it can't be contained within an existing VLAN (when on the MX). When the interface is on the MS and not the MX I can't add a static route as it doesn't know the network.
Should the L3 interface be on the MX or on the MS?
It sounds to me like it might be easier just to do all your inter-VLAN routing on your MX and have your switch(es) just switching at layer-2..? If all the servers being accessed are remote anyway, then all the traffic must transit the MX, so there's no real performance gain from routing on your switch. If this makes sense, then connect the MS and MX using a trunk, with just the VLANs that you want to be accessible from your switch(es) allowed, then add all the routable VLANs on the MX that you need (Security & SD-WAN > Configure > Addressing and VLANs). Note that MX doesn't support LACP, nor does it participate in Spanning Tree, so if you create a physical loop, in order to create resilience, you'll be relying on the switch(es) to resolve it.
Thanks for your response. I have the VLAN created on the MX now with an MX IP of 10.4.2.10. I can ping this interface from the MS and other devices, however, I can't communicate with anything else on the 10.4.2.0 network. This I could do with the Layer 3 interface on the switch - proving that it is an issue on the Meraki and not the connectivity behind it.
I can see clients on the 10.4.2.0 network and there is a MAC table built up, not sure why it isn't routing this traffic properly?