Public IP on MS120-8

BWestlake
Conversationalist

Public IP on MS120-8

Evening All

 

Just looking for some advice and guidance on a theoretical setup, just trying to get my head round it.

 

Say you have a MS120-8 acting as a L3 switch and have a /29 allocated by ISP; 

 

Site 1 has the connection coming into the MS120-8 with two MX100's in Warm Spare; with then a fibre going to site 2 from the MS120-8.

 

Site 2 has the fibre coming in which goes into a single MX67.

 

Want to give the MX100's a Public IP each and will need a Virtual IP and then want 2 IPs that can be used for NAT then give the MX67 a Public IP too.

 

 

Can anyone give quick run down of how this can be setup within Meraki? 

- Stuck more on how to allocate the Public IPs

 

 

 

7 REPLIES 7
jdsilva
Kind of a big deal


@BWestlake wrote:

 

Say you have a MS120-8 acting as a L3 switch and have a /29 allocated by ISP; 

 

 


Nope. It's L2 only.

jdsilva
Kind of a big deal

Sorry, I should have read more... You don't need it to be L3... You only need an L2 switch out there.

 

In my experience Meraki switches do not make great WAN breakout switches due to their persistent nature in trying to talk to the cloud at all costs. You're better off to get another inexpensive switch for this purpose.

 

As for your IP's, you don't have enough IP's to do it the way you're asking. If you want to do that you need more IP's. Plain and simple.

 

Your other options could be to put site 2 behind the MX's of site one, and make it part of your LAN instead of your WAN. You might want to use the No-NAT feature in version 15 of the MX at that site in this scenario.

 

Other than that... Get more IP's? 🙂

BWestlake
Conversationalist

/29 is 8 IPs which gives you 6 usable?

 

1 - GW

2 - MX100  (Primary)

3 - MX100 (Spare)

4 - Virtual IP

5 - 1:1 / 1:Many NAT

6 - 1:1 / 1:Many NAT

7 - MX67

8 - Broadcast

BrandonS
Kind of a big deal


@BWestlake wrote:

/29 is 8 IPs which gives you 6 usable?

 

1 - GW

2 - MX100  (Primary)

3 - MX100 (Spare)

4 - Virtual IP

5 - 1:1 / 1:Many NAT

6 - 1:1 / 1:Many NAT

7 - MX67

8 - Broadcast


Duh, yeah you are right (almost). 1 and 8 are not usable.  They are network and broadcast.  The other 6 are usable and one is the gateway leaving you with 5 to use for whatever you want.

- Ex community all-star (⌐⊙_⊙)
BrandonS
Kind of a big deal

I am working on the same setup right now and support advised me to make sure the MS120 you are using as a "breakout" switch between the provider side and the MX is assigned an internal IP statically to ensure it does NOT get a public IP.  You don't really want or need your MS120 having a public IP for any reason.

- Ex community all-star (⌐⊙_⊙)
BrandonS
Kind of a big deal

And @jdsilva is also correct you do not have enough IP's. I am fighting with Comcast now that has assigned my customer a /30 and also a /28 that are contiguous in a /27, but they refuse to change their WAN handoff from a /30 and is preventing me from setting up a warm spare with VIP..

- Ex community all-star (⌐⊙_⊙)
jdsilva
Kind of a big deal


@BrandonS wrote:

I am working on the same setup right now and support advised me to make sure the MS120 you are using as a "breakout" switch between the provider side and the MX is assigned an internal IP statically to ensure it does NOT get a public IP.  You don't really want or need your MS120 having a public IP for any reason.


Yeh, this has caused me grief in the past. The problem with making sure the MS doesn't get an IP is that if it loses connectivity it will start to DHCP for an address on every port, and on any and every VLAN it can find. If your provider assigns addresses via DHCP, or if you have a limited amount of dynamic IP's available, there's a good chance the MS will grab one and use it to talk to the cloud. 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels