Feature: "Routing & DHCP"
What does this feature do. I understand the DHCP options, but why do I have to "create an interface" with an IP address. What does this accomplish?
I believe the interface IP would become the gateway for your clients.
Lets start with a more basic question. Do you have just a single VLAN by chance? And is something already doing DHCP on site (such as an MX)?
I inherited a small network with (too) many Vlans. Eventually, I will be consolidating. But, at this point all I am doing is replacing 2 aging Cisco 3750s with the Meraki. Mostly things are working, but still lacking connectivity do the 'General User' Vlan which is the one I need to access the most and is where the DHCP server lives (on a Server 2012)
I came across the 'Routing & DHCP' feature and thought perhaps this would be helpful in the overall scheme of things, but hard to say, since I am not 100% clear how this feature works. (Would be helpful if Meraki would create documentation that corresponded to specific features - unless I just cant find it)
Actually, I don't think MS120's support layer 3 routing. Are you sure it is an MS120, and not something like an MS210?
Does your 3750 have configured layer 3 interfaces for each VLAN? If so, you'll need to transfer them to something before you can get rid of the 3750 - but you wont be able to do it using an MS120.
1. Yes it is an MS120.
2. You are correct, it does not really have layer 3 capabilities but apparently there is a limited layer 3 feature on a link called "Routing & DHCP". The 'brilliant' Meraki tech that replied when I asked how this feature works said the switch is capable of "both layer 2 and layer 3" - which is complete rubbish.
3. Yes, the 3750 does have configured layer 3 interfaces.
4. Yes, I know that I will need another device on which to define these interfaces. I have a Meraki MX84 for that.
In the meantime I would really like to get a clear explanation from someone at Meraki or in the 'community' what the "Routing & DHCP" feature actually does. (I understand to a point, but am not clear on exactly how it works)
Here is what the page looks like:
It lets you define layer 3 routable interfaces for all the switches in the network. For the MS210 and above it lets you configure the switch to be a DHCP server or forwarder for each VLAN. The MS120 only supports being a DHCP forwarder.
You can also configure static routes. If you have OSPF enabled you can also configure route redistribution on this page. The MS120 does not support OSPF.
As long as the flows between the VLANs is not to great, you can probably move the layer 3 gateways from the 3750 to the MX84. Then you need to configure a trunk port to your MS120, and then configure the different ports to be in the appropriate VLAN.
This guide walks through setting up layer 3 routing for those switch models that support it:
Thanks. A lot of interesting information with regards to "the MS210 and above" etc. but most of this information is outside the scope of my rather simplistic question.
My question is only one small part of a larger overall redesign of an overly complex network. But all I really want to know at this point is this one thing. How this "Routing & DHCP" feature works.
You said it, "supports being a DHCP forwarder". Yes, I know that, it states that clearly on the page. But exactly how it does that I don't fully understand. Why do I have to define a new "interface" with an IP address to enable DHCP forwarding? Do I just pick any available/unused IP address.
I don't believe you will need to configure it as a DHCP forwarder. Move the layer 3 interfaces from your 3750 to your MX84. The MX84 will directly process the DHCP requests. The MS120 does not need anything to forward the DHCP requests.
If your MX84 is going to be running DHCP or have DHCP relay configured, you don't need to do anything with the MS120's as @PhilipDAth said. The MX84 will see the DHCP requests and handle them accordingly. The MS120's won't do anything with those requests.
Cisco Meraki MS120 switches provide Layer 2 access switching and doesn't have any Layer 3 access.
That is, you can setup VLANs and a default gateway for the switch but you can't setup OSPF, BGP, etc.
You would need an MS225+ for Layer 3 routing protocols.
It sounds like you need help with your network setup. Can you provide us a diagram of your network?
It would help us help you out.
The routing and DHCP section is where you setup VLANs on the Meraki switches.
When you make a network you will need the following:
-A default gateway.
-DHCP or manually set Static IPs.
-DNS because its hard to remember 50 IPs but easier to remember 50 names.
Before you really dive into that you need to identify what VLANs you have to setup and you should probably setup the general settings first. That is, on your MX84.
Make sure your MX84 is setup so that you have a management VLAN (I call it NOC VLAN), and your other VLANs that you are going to consolidate. Under the MX84's menu go to Security Appliance > Address and VLANs.
It is here that you will set the Default Gateways for your VLANs and the VLAN's ID. Going with defaults VLAN 1 would be the default VLAN and what I would call the NOC VLAN. I suggest setting it to something else as VLAN 1 is the default for every network so it might conflict with what you have now and its also not secure to use the default VLAN for anything.
Here is an example of a VLAN:
Creating the VLANs is not enough. You have to check your port settings as well. So, on the same page scroll down. Port 1 or 2 should be setup to use your ISP. Lets say its port 1 and they use DHCP so just plug in your ISP. Now, port 3 is your link to your MS120s. I made 2 VLANs - NOC and Guest to show you how to setup the interface.
This will allow the VLANs I need for management and my users to get from the MX firewall to the MS120s. You could set the Native VLAN to be the NOC if you want but I do not for other setup reasons beyond the scope of your question. You will have different VLAN IDs than me and more VLANs. Just add as many as you want like mine. You could say to use ALL but the issue with that is DMZ networks would get on the LAN if you make them.
Before you leave, do DHCP. Do you need DHCP for the VLANs you created? Then, before going to the MS120 go to DHCP and setup your DHCP. Meraki devices come with DHCP enabled for the NOC subnet so you are going to want to turn DHCP on for at least the NOC subnet so subsequent switches you connect at least get an IP.
The default firewall configuration should deny all incoming by default and allow all outgoing. So your users can do everything and nothing can hurt them. For now, that's fine. Enable the Hub setting in Site to Site VPN if you need it to reach other sites.
After that, you should have configured your firewall to at least work with your MS120 switch(s). You'll want to make sure that after you plug up your MS120 into Port 3 of the firewall. Set the port up like the below:
This will at least allow you to connect to the firewall and accept any VLAN you allowed on the firewall. If you didn't follow my configuration exactly at set a Native VLAn then make sure to adjust accordingly. Now, this allows the VLANs on the MS120 and the rest of the LAN but the MS120 wont know what to do with them until you till it.
That is what the Routing and DHCP section is for. The Routing and DHCP section will help you set some of this up.
So, add the same VLANs to the MS120 that you added to the MX firewall. The MX firewall is your VLAN's default gateway so you just need to use a free IP on the firewall for the VLANs you setup. If the NOC is VLAN 100 like mine then you are going to want to adjust your LAN IP to DHCP from the NOC VLAN and under Network Wide > General ensure the Management VLAN is correct.
After that, you can add more switches but you'll have to ensure you use the same steps above so that the VLANs are created on all switches and the firewalls. The links between switches can be native VLAN NOC and allow ALL vlans. The security we did for the firewall will keep unwanted VLANs out allowing an easier setup for the LAN. If security is a concern though then just tag the uplink interfaces with all user VLANs (not DMZ) and native NOC.
Do you have more Cisco gear in there? If you are new to Meraki one thing to keep in mind about meshing multi-vendor gear with Meraki it to pay attention to STP. Older Cisco gear might be configured with PVST and Meraki supports RSPT. This will cause a conflict if you do not pay attention to STP.
Hope that helps.