Meraki

Community

About Eds89

Re: NAT to Microsoft NLB not working

by in Security & SD-WAN
‎Nov 3 2022 9:11 AM
‎Nov 3 2022 9:11 AM
I have managed to get this working now with Unicast NLB in a dedicated VLAN.   The issue seemed to be something to do with our gateway configuration between core switch and Meraki MX, which I have worked around for the moment and will investigate separately.   Many thanks for your input. Regards James ... View more

Re: NAT to Microsoft NLB not working

by in Security & SD-WAN
‎Nov 1 2022 3:27 PM
‎Nov 1 2022 3:27 PM
Sorry, I was mistaken, they do indeed have gateways set on them. Is it possible that, because there are two interfaces both with gateways, it may be sending a response out via the wrong interface and the MX is dropping the packets because of a VLAN mismatch?   I have had a similar issue before that turned out to be a machine replying via the wrong interface.   I have adjusted the rule to point directly to the adapter IP rather than NLB, with no effect.   I have a case open with Meraki, so might be that they can interpret some packet captures and see what may or may not be happening here. ... View more

Re: NAT to Microsoft NLB not working

by in Security & SD-WAN
‎Nov 1 2022 3:08 PM
‎Nov 1 2022 3:08 PM
Well, this is what I thought!   Can confirm that the service is accessible internally on that IP address from a separate VLAN. As I'm testing, the new IP/NLB is on a secondary adapter on the VM, and has no gateway set on it. It can ping the Meraki appliance.   When natting to this IP, does it need to have a gateway in order to route back out to public internet clients, or only to the MX appliance? If the former, then I guess my next test would be to disable the old adapters temporarily, and set a gateway on the new test adapters.   Cheers James ... View more

Re: NAT to Microsoft NLB not working

by in Security & SD-WAN
‎Nov 1 2022 7:38 AM
‎Nov 1 2022 7:38 AM
I have my NLB cluster in unicast mode, with the adapters in their own VLAN. The MX appliance has an interface on that VLAN, and can ping the IP of the cluster, but the NAT mapping does not allow me to establish a connection externally.   Anyone have any thoughts on what else I can do here? I have a new ticket open with support, but am not helpful they'lll be able to help me progress this.   Cheers James ... View more

Re: NAT to Microsoft NLB not working

by in Security & SD-WAN
‎Sep 29 2022 6:23 AM
‎Sep 29 2022 6:23 AM
Anyone able to suggest any other options before I dive too deeply into segregating these into their own VLAN?   Cheers James ... View more

Re: NAT to Microsoft NLB not working

by in Security & SD-WAN
‎Sep 21 2022 3:52 AM
‎Sep 21 2022 3:52 AM
Thanks Philip,   Trying in Unicast mode with a dedicated VLAN is on my list to test, but is a bit more hassle for us currently than multicast mode. I may try to expedite the test to see if it helps this situation, but otherwise will cross my fingers someone may have a workaround for using it with Meraki in Multicast mode.   Many thanks. James ... View more

NAT to Microsoft NLB not working

by in Security & SD-WAN
‎Sep 20 2022 3:17 AM
‎Sep 20 2022 3:17 AM
Hello,   I have a couple of Microsoft NLB clusters that I want to NAT publicly (remote desktop gateway for example), on my MX84 security appliance. They are in Multicast mode, and have static ARP and MAC entries on my Cisco Catalyst 9200 switches internally. This is the only setup I could get working internally, as we are not quite in a position to setup a dedicated VLAN with Unicast mode instead (although I am not sure it would help in this situation anyway).   The issue I am having, is if I change my NAT rule from pointing to a single host, to the IP of the NLB cluster, there is seemingly no communication when sending traffic to the NAT'd public IP. The remote access to these NLBs just does not work when the rule is changed to this.   Meraki support have not been all that helpful in figuring out what is going on, and have simply said: "Also they have confirmed that cluster IP should show up in the client list as well as the ARP table."   I have had this setup working before at a previous company, with the only difference being there we had Meraki switches instead of Catalyst. Is there a way I can get this setup working, given that Meraki stubbornly refuse to give us the ability to add static ARP entries on their gear?   Many thanks. James ... View more

Re: Advice transitioning from /30 to /29 subnet but with HA

by in Security & SD-WAN
‎Dec 6 2021 12:44 PM
‎Dec 6 2021 12:44 PM
Is another option to simply add the IP from my subnet I want to use as my virtual IP, as an extra IP under 1:Many NAT. Configure my rules and migrate my services, decomission the old subnet, then configure the virtual IP? I'm not sure what happens to that NAT rule if the IP becomes in use by the virtual IP? ... View more

Re: Advice transitioning from /30 to /29 subnet but with HA

by in Security & SD-WAN
‎Dec 6 2021 12:16 PM
‎Dec 6 2021 12:16 PM
Ah I see. So configure old and new subnets on primary device, Configure new subnet only on secondary device, Configure HA setup with just the "Use MX Uplink IP" option, Use swap button to make secondary the active device which only has new subnet configured, Change HA config to use virtual IP on the new subnet interface, Use swap button to make the orignal device the primary.   This should leave it with new subnet configured using virtual IP, and old subnet using MX uplink IP?   Many thanks James ... View more

Re: Advice transitioning from /30 to /29 subnet but with HA

by in Security & SD-WAN
‎Dec 6 2021 9:46 AM
‎Dec 6 2021 9:46 AM
Sorry but I don't quite follow the process?   You mean physically swap the primary and secondary appliances over? I don't quite see how this would allow me to configure the VIP for WAN2, as surely WAN1 would still be configured on the spare and also expect me to assign a VIP to it? ... View more

Advice transitioning from /30 to /29 subnet but with HA

by in Security & SD-WAN
‎Dec 6 2021 9:22 AM
‎Dec 6 2021 9:22 AM
Hi,   We have a /30 subnet with only 1 usable host address in it, which is assigned to our current Meraki MX appliance. We want to transition our inbound NATs to the virtual IP of an HA configuration, using our new /29 subnet.   As the dashboard only allows us to configure virtual IP settings for both interfaces at once, it doesn't seem like it will be possible for me to configure the virtual IP before transitioning the NATs, as I don't have sufficient IPs in the /30 subnet in order to assign that interface a virtual IP.   It looks like I will have to setup the new subnet without HA, transition the services to the new IP of the Meraki, then decomission the old subnet and configure HA. Once HA is configured and I have a virtual IP for the HA cluster, I will need to transition the services a second time from the primary Meraki IP to the virtual.   Can anyone think of any way around this, so I can have the virtual IP configured first, allowing just a one step inbound NAT transition?   Cheers James ... View more

Re: Meraki VS Cisco 9200L for network refresh

by in Switching
‎Jun 7 2021 1:25 AM
‎Jun 7 2021 1:25 AM
Thanks.   The costings were fine, I was just curious on the models that clostest resembled each other from each manufacturer. This was so that when we compiled our pricing, we were comparing the most like for like setups possible. When comparing the MS250 to the 9300L and the MS120 to the 9200L, the total costs came out pretty much the same for both setups, which to me suggests those model comparisons are accurate.   Sadly, our parent company has asked us to standardise on Cisco native kit to match what they are doing, so it's all moot anyway.   Thanks for all the input. Eds ... View more

Is it possible to link devices from SFP to SFP+ ports?

by in Full-Stack & Network-Wide
‎Jun 4 2021 7:39 AM
2 Kudos
‎Jun 4 2021 7:39 AM
2 Kudos
Hi,   We have an MX84 appliance, which has SFP ports. Is it possible to create a downlink to a device that has SFP+ ports?   As I understand it, SFP modules work in SFP+ ports, so would we use SFP modules on both ends, or would the SFP+ device need an SFP+ module? My assumption is the transceivers need to be the same so I'd run 1Gb SFP modules in both ends?   Cheers Eds ... View more

Re: Meraki VS Cisco 9200L for network refresh

by in Switching
‎Jun 4 2021 5:47 AM
‎Jun 4 2021 5:47 AM
Thanks but those price lists mainly look to revolve around licensing and I'm more interested in the hardware and capabilities rather than pricing.   As for the other forum post, I did come across that, but there is only one person with one mention of the MS250 comparison to the 9200L vs 9300L.   I just want to be sure I am comparing appropriate models, which I believe to be (but need people to confirm explicitly); MS210 - 9200L MS250 - 9300L   My planned design is a 2x MS250 stack, with 1G fibre uplinks to MS120 switches around our site.   Many thanks. Eds ... View more

Meraki VS Cisco 9200L for network refresh

by in Switching
‎Jun 4 2021 3:36 AM
1 Kudo
‎Jun 4 2021 3:36 AM
1 Kudo
Hi all,   I've just taken over the sys admin role for a company, and one of the first things on my list is looking at network design and switch refresh. We are comparing options between Meraki and Cisco 9200L gear.   All the 9200L series seems to support Layer 3 functionality, so when comparing to Meraki models, I would consider the MS250 to be the closest equivalent. Pricing for Merakis come in at about double that of Cisco, before licensing.   Is this a fair comparison of models? I can't believe the Meraki gear is more expensive than Cisco, let alone double the price!   Cheers Eds ... View more
My Accepted Solutions
View all
© 2024 Cisco Systems, Inc.