Meraki

Community

Meraki switch management and public internet connected to a pass through vlan.

Justin-
Conversationalist
‎Dec 4 2025 6:30 AM
‎Dec 4 2025 6:30 AM

Meraki switch management and public internet connected to a pass through vlan.

We currently use ms250's for a mdf, and a pair of mx devices for sdwan, at each of sites.  We are using an ha pair of meraki mx's, so to multiplex/split the circuit to both mx devices we are using a pass through vlan and three ports.  The issue I'm seeing is the switch is grabbing some of these ips.  Example is my mx has no ipv6, because the switch has them.  We don't use ipv6 internally, so it will never releases it. We do have the option to use ipv6 in the mx to connect to other sites, over the public internet.  It can do the same behavior with the ipv4, if the mx is down long enough, cause by the same ip grabbing contention.  Is it possible to setup a ACL to block the switch from looking at specific vlan, but still allow the layer 2 vlan traffic to continue through it.  I'm assuming not. 

0 Kudos
4 Replies 4
Mloraditch
Kind of a big deal
Kind of a big deal
‎Dec 4 2025 8:00 AM
‎Dec 4 2025 8:00 AM

So are you saying your ISP only allows/provides 2 IPv6 addresses and sometimes your DMZ switch gets one of the two, preventing it from working on the MX? Can the ISP increase your IPv6 pool? The whole point of IPv6 was to provide more addresses and if I can still easily get a /29 of IPV4 space, you'd think you'd be able to get plenty of IPv6 space.

I can't think of a way around that permanently as even if you setup the DMZ to be managed behind the MX  it could still try to DHCP on any available vlan during a LAN outage and since you don't have IPv6 internally it's never going to have a valid IP and thus try on other vlans all the time.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
Justin-
Conversationalist
‎Dec 5 2025 7:37 AM
‎Dec 5 2025 7:37 AM

That is what I am seeing.  It seems to treat the ipv4 and ipv6 separately too, for management.  So, even though the ipv4 has internet and dashboard connectivity, it seems view the ipv6 management as "No I don't have dashboard or internet connectivity".  Since we don't push ipv6 internally at this time, it seems to stay in that state.  Anyways we have decided to put another switch up just for the internet circuit pass through connections. In the future we will make sure we have two hand offs from the dmarc.  We added the second mx devices after the putting in the circuits, after seeing how hot the mx68w get with normal use.

0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Dec 4 2025 9:35 AM
‎Dec 4 2025 9:35 AM

This is why I always use an unmanaged switch for the ISP splitting.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
Justin-
Conversationalist
‎Dec 5 2025 7:38 AM
‎Dec 5 2025 7:38 AM

That is the direction we are having to take.  

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2026 Cisco Systems, Inc.