"Routing & DHCP"

J_Howard
Here to help

"Routing & DHCP"

SWITCH: MS120-48LP

 

Feature: "Routing & DHCP"

 

What does this feature do. I understand the DHCP options, but why do I have to "create an interface" with an IP address. What does this accomplish?

12 REPLIES 12
Adam
Kind of a big deal

I believe the interface IP would become the gateway for your clients. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

That makes sense to some degree, but I am still uncertain (especially since I cannot find documentation anywhere).
I am used to assigning a 'next hop' hop interface or 'default gateway' so clients no how to get to the Internet or to another subnet; but just creating an "interface" with no subnet mask or anything else seems strange.

I assume what I am supposed to do is to assign an unused IP address to the switch but is it supposed to be an IP within the Vlan the switch is on or within the Vlan that the DHCP server is on?

I feel like all I can do is make an educated guess. I am familiar with an ip-helper on a Cisco router, but I don't thing this is the same thing.

I am still unclear how this actually works.
PhilipDAth
Kind of a big deal
Kind of a big deal

Lets start with a more basic question.  Do you have just a single VLAN by chance?  And is something already doing DHCP on site (such as an MX)?

I wish!

 

I inherited a small network with (too) many Vlans. Eventually, I will be consolidating. But, at this point all I am doing is replacing 2 aging Cisco 3750s with the Meraki. Mostly things are working, but still lacking connectivity do the 'General User' Vlan which is the one I need to access the most and is where the DHCP server lives (on a Server 2012)

 

I came across the 'Routing & DHCP' feature and thought perhaps this would be helpful in the overall scheme of things, but hard to say, since I am not 100% clear how this feature works. (Would be helpful if Meraki would create documentation that corresponded to specific features - unless I just cant find it)

PhilipDAth
Kind of a big deal
Kind of a big deal

Actually, I don't think MS120's support layer 3 routing.  Are you sure it is an MS120, and not something like an MS210?

 

Does your 3750 have configured layer 3 interfaces for each VLAN?  If so, you'll need to transfer them to something before you can get rid of the 3750 - but you wont be able to do it using an MS120.

1. Yes it is an MS120.

2. You are correct, it does not really have layer 3 capabilities but apparently there is a limited layer 3 feature on a link called "Routing & DHCP". The 'brilliant' Meraki tech that replied when I asked how this feature works said the switch is capable of "both layer 2 and layer 3"  -  which is complete rubbish.

3. Yes, the 3750 does have configured layer 3 interfaces.

4. Yes, I know that I will need another device on which to define these interfaces. I have a Meraki MX84 for that.

 

In the meantime I would really like to get a clear explanation from someone at Meraki or in the 'community' what the "Routing & DHCP" feature actually does. (I understand to a point, but am not clear on exactly how it works)

 

Here is what the page looks like:

Routing&DHCP.PNG

PhilipDAth
Kind of a big deal
Kind of a big deal

It lets you define layer 3 routable interfaces for all the switches in the network.  For the MS210 and above it lets you configure the switch to be a DHCP server or forwarder for each VLAN.  The MS120 only supports being a DHCP forwarder.

 

You can also configure static routes.  If you have OSPF enabled you can also configure route redistribution on this page. The MS120 does not support OSPF.

 

As long as the flows between the VLANs is not to great, you can probably move the layer 3 gateways from the 3750 to the MX84.  Then you need to configure a trunk port to your MS120, and then configure the different ports to be in the appropriate VLAN.

Thanks. A lot of interesting information with regards to "the MS210 and above" etc. but most of this information is outside the scope of my rather simplistic question.

 

My question is only one small part of a larger overall redesign of an overly complex network. But all I really want to know at this point is this one thing. How this "Routing & DHCP" feature works.

 

You said it, "supports being a DHCP forwarder". Yes, I know that, it states that clearly on the page. But exactly how it does that I don't fully understand. Why do I have to define a new "interface" with an IP address to enable DHCP forwarding? Do I just pick any available/unused IP address.

PhilipDAth
Kind of a big deal
Kind of a big deal

I don't believe you will need to configure it as a DHCP forwarder.  Move the layer 3 interfaces from your 3750 to your MX84.  The MX84 will directly process the DHCP requests.  The MS120 does not need anything to forward the DHCP requests.

 

MRCUR
Kind of a big deal

If your MX84 is going to be running DHCP or have DHCP relay configured, you don't need to do anything with the MS120's as @PhilipDAth said. The MX84 will see the DHCP requests and handle them accordingly. The MS120's won't do anything with those requests. 

MRCUR | CMNO #12
PhilipDAth
Kind of a big deal
Kind of a big deal

This guide walks through setting up layer 3 routing for those switch models that support it:

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Layer_3_Switching_Overview

 

NetworkingGuy
Here to help

Cisco Meraki MS120 switches provide Layer 2 access switching and doesn't have any Layer 3 access. 

That is, you can setup VLANs and a default gateway for the switch but you can't setup OSPF, BGP, etc. 

You would need an MS225+ for Layer 3 routing protocols. 

 

It sounds like you need help with your network setup. Can you provide us a diagram of your network?

It would help us help you out. 

 

The routing and DHCP section is where you setup VLANs on the Meraki switches. 

 

When you make a network you will need the following:

-A default gateway.

-DHCP or manually set Static IPs. 

-DNS because its hard to remember 50 IPs but easier to remember 50 names.

 

Before you really dive into that you need to identify what VLANs you have to setup and you should probably setup the general settings first. That is, on your MX84. 

 

Make sure your MX84 is setup so that you have a management VLAN (I call it NOC VLAN), and your other VLANs that you are going to consolidate. Under the MX84's menu go to Security Appliance > Address and VLANs. 

 

It is here that you will set the Default Gateways for your VLANs and the VLAN's ID. Going with defaults VLAN 1 would be the default VLAN and what I would call the NOC VLAN. I suggest setting it to something else as VLAN 1 is the default for every network so it might conflict with what you have now and its also not secure to use the default VLAN for anything. 

 

Here is an example of a VLAN: 

1.PNG

 

Creating the VLANs is not enough. You have to check your port settings as well. So, on the same page scroll down. Port 1 or 2 should be setup to use your ISP. Lets say its port 1 and they use DHCP so just plug in your ISP. Now, port 3 is your link to your MS120s. I made 2 VLANs - NOC and Guest to show you how to setup the interface. 

 

2.PNG

 

This will allow the VLANs I need for management and my users to get from the MX firewall to the MS120s. You could set the Native VLAN to be the NOC if you want but I do not for other setup reasons beyond the scope of your question. You will have different VLAN IDs than me and more VLANs. Just add as many as you want like mine. You could say to use ALL but the issue with that is DMZ networks would get on the LAN if you make them. 

 

Before you leave, do DHCP. Do you need DHCP for the VLANs you created? Then, before going to the MS120 go to DHCP and setup your DHCP. Meraki devices come with DHCP enabled for the NOC subnet so you are going to want to turn DHCP on for at least the NOC subnet so subsequent switches you connect at least get an IP. 

 

The default firewall configuration should deny all incoming by default and allow all outgoing. So your users can do everything and nothing can hurt them. For now, that's fine. Enable the Hub setting in Site to Site VPN if you need it to reach other sites.

 

After that, you should have configured your firewall to at least work with your MS120 switch(s). You'll want to make sure that after you plug up your MS120 into Port 3 of the firewall. Set the port up like the below:

3.PNG

This will at least allow you to connect to the firewall and accept any VLAN you allowed on the firewall. If you didn't follow my configuration exactly at set a Native VLAn then make sure to adjust accordingly. Now, this allows the VLANs on the MS120 and the rest of the LAN but the MS120 wont know what to do with them until you till it. 

 

That is what the Routing and DHCP section is for. The Routing and DHCP section will help you set some of this up. 

 

So, add the same VLANs to the MS120 that you added to the MX firewall. The MX firewall is your VLAN's default gateway so you just need to use a free IP on the firewall for the VLANs you setup. If the NOC is VLAN 100 like mine then you are going to want to adjust your LAN IP to DHCP from the NOC VLAN and under Network Wide > General ensure the Management VLAN is correct. 

 

After that, you can add more switches but you'll have to ensure you use the same steps above so that the VLANs are created on all switches and the firewalls. The links between switches can be native VLAN NOC and allow ALL vlans. The security we did for the firewall will keep unwanted VLANs out allowing an easier setup for the LAN. If security is a concern though then just tag the uplink interfaces with all user VLANs (not DMZ) and native NOC. 

 

Do you have more Cisco gear in there? If you are new to Meraki one thing to keep in mind about meshing multi-vendor gear with Meraki it to pay attention to STP. Older Cisco gear might be configured with PVST and Meraki supports RSPT. This will cause a conflict if you do not pay attention to STP. 

 

Hope that helps. 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels