Switch MS120 does not support configuring a port with network /31?

iagoaas
Here to help

Switch MS120 does not support configuring a port with network /31?

Switch MS120 does not support configuring a port with network /31?

 

I am trying to configure an MS120 port with a mask of 254, but I get the message below.

 

ERROR: Static IP should not equal broacast, gateway must be valid IP address.

 

MS120.png

8 REPLIES 8
alemabrahao
Kind of a big deal
Kind of a big deal

This won't work, /31 is a unique address and you need at least 2 valid IPs (host and gateway). Are you sure it's this mask?
 
This is networking basics.
 
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Regarding networking basics ... /31 is allowed for over 20 years on P2P links. But I am not sure the MX supports it. At least the ASA can handle it.

The MX can support /31 on the WAN Link. I have set one up and it does work.

 

WAN.png

KarstenI
Kind of a big deal
Kind of a big deal

Good to know!

GIdenJoe
Kind of a big deal
Kind of a big deal

You're no configuring a port but the management address of the switch.  You can't have L3 interfaces on an MS120.
It would also not make sense to have a management VLAN with a /31.

If you would however have an MS2x or higher you can create VLAN interfaces and those will need to have a /30 or less.

iagoaas
Here to help

OK, got it, thanks for the feedback.

Actually my internet provider is giving me a /31 network. with that I'm trying to put an MS120 before two MX to get a balance.

 

 

MS120-1.png

alemabrahao
Kind of a big deal
Kind of a big deal

I think it's not a /31, It's probably a /30. For Warm spare you need at least a /29 or you need to put it behind a NAT.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GIdenJoe
Kind of a big deal
Kind of a big deal

Oh yes that is a typical one.  If you have a public subnet behind the ISP router you will need to run a /29 if you want a primary/standby firewall.  You only need to configure the external vlan on your switches.

 

The other possibility is just to have the ISP run a private subnet behind their router like the typical 192.168.0.0/24 and you use 192.168.0.2 as virtual IP on your HA pair and have the ISP port forward every incoming flow to that IP.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels