Splitting ISP connection between basic router and managed meraki router

DigitechSam
Just browsing

Splitting ISP connection between basic router and managed meraki router

I work as tech support in a small town. 

 

I have a business that has a Meraki managed router in place for their Point of Sale - Toast Network. They need to have a seperate network for the cameras, televisions, staff network. These devices cannot be connected to the Meraki - Toast network.

 

The network map is 

Coax from ISP -> Modem -> simple switch -> ERX Router and Meraki Router. 

 

When either one is connected, everything works properly, when both are connected both go offline. 

 

I have confirmed with my ISP that we have no limit to multiple public IP addresses, but something is causing the routers to conflict with each other. We are currently considering a managed switch to eliminate crosstalk between the routers on their way out to the internet.

 

Any thoughts/support would be appreciated.

4 Replies 4
kYutobi
Kind of a big deal

When you say Meraki router do you mean an MX firewall? If so I would put the MX in the front of the modem, create your cameras, televisions, staff network VLANs, to separate traffic. You would be able to add 2 connections then split it but you would have to add to static addresses per WAN. Not too sure what the ERX Router is doing. 

Enthusiast
DigitechSam
Just browsing

Yes, the Meraki is an MX firewall. That is owned and operated by Toast. I cannot access or configure for any other devices. Need a seperate network. 

 

kmcgaugh
Getting noticed

I understand that you can't access the Meraki MX appliance belonging to Toast, but have you considered the possibility that the ERX router and MX appliance are using the same WAN IP address? If so, there could be a conflicting connection. You would have to change the static WAN IP address of the ERX router to test this.

 

It doesn't really make sense your ISP is telling you you don't have a limit to multiple public IP addresses - they will normally hand you a block (i.e. if you have multiple static IP addresses, you could get a /29 block), there will always be a limit. 

 

The biggest thing I would consider, given you don't have insight into the Toast Meraki MX appliance, is the possibility of a WAN IP conflict between the ERX router and the Meraki MX. If applicable, I would consider changing the ERX's WAN IP address to a different public IP in the range your ISP provided, and see if this makes a difference.

 

Finally, you mention using a managed switch to eliminate "crosstalk" between the Meraki MX and the ERX device; a managed switch will not inherently do this unless you configure separate layer 2 VLANs for each switch port, and because this switch sits on the internet edge - that configuration will not suffice unless the ISP modem has an 802.1q trunk configuration on the other end of the connection and you can match what ever VLANs are allowed on its trunking interface. In some of my client environments, we have run the data network separate from the voice network, and I've used an unmanaged Cisco switch to split internet traffic between the Meraki MX, and a proprietary voice gateway, and we had no issues with crosstalk for the devices. The Meraki MX is a stateful firewall and will by default block all inbound traffic from the internet, so you shouldn't need to worry about crosstalk from your network to the Meraki Toast network. If you want to put a managed switch in to have visibility into the traffic, that is a great option; however, it is not a solution to preventing crosstalk between your network and the Meraki Toast network.

Kaleb Mohr, CCNA. | Network Engineer
https://www.linkedin.com/in/kaleb-mohr

I am not an employee of Cisco or Cisco Meraki.
PhilipDAth
Kind of a big deal
Kind of a big deal

Are you able to ask the Toast people if they can create an additional VLAN on the MX for you to use for the cameras, televisions, staff network, and to keep that traffic separate from the POS system?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels