Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About ScottWinCO
ScottWinCO
Here to help
Member since Apr 20, 2018
09-18-2019
Community Record
11
Posts
5
Kudos
3
Solutions
Badges
09-18-2019
09:37 AM
We ended up removing the MX84 from service but good to know this is resolved. We were told by Meraki that this was expected behavior and would never be resolved. Thank you for letting me know!
... View more
06-07-2018
10:30 AM
You're right, the VLANs would be present on the MX but the .249 addresses in the diagram would be assigned to interfaces on the MPLS routers. Still, those routers don't exist in many implementations and the subnet is the same on both sides of the circuit.
... View more
06-07-2018
10:25 AM
2 Kudos
Correct, they would be VLAN interfaces on the MX on either side of the MPLS circuit. In some scenarios those routers don't exist, and the subnet is the same on both sides of the private circuit.
... View more
04-23-2018
08:57 AM
2 Kudos
It's not documented by Meraki, but there is a way and it does occupy one of the addresses in your /29. You'd create a VLAN (say VLAN 2) and assign one of your public addresses to that internal VLAN. The hosts on the inside can then use the public addresses directly and they'd use the address assigned to the LAN side of the MX as a GW instead of the ISP provided GW. You'd also have to create a 1:1 NAT mapping and allow specific (or ANY) ports through. It's not exactly the same way you'd do it on a Sonicwall, but it does allow you to use the publicly routable addresses on your hosts without having to physically put them on the WAN. As far as I know there is not a "zone" equivalent in the MX config.
... View more
04-20-2018
09:49 AM
Here's the guide that I followed when configuring the PTP circuit. I added to this a physical link from WAN2 to an access port on the PTP VLAN to facilitate the remote site being able to use the PTP circuit for internet via HQ. https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN The guide shows an MPLS router in the middle. My PTP circuit is MOE and there's no router in the middle, so the subnet is the same on both sides for me.
... View more
04-20-2018
09:45 AM
Griz, that's exactly right. I have a warm spare on one side of my PTP circuit and haven't needed any specific configuration to accommodate that. On the side where there's a warm spare, the PTP circuit is connected to a downstream switch so that if a failover occurs, or if I reboot the primary, traffic still flows over the PTP circuit. Would be happy to do a diagram if that helps.
... View more
04-20-2018
09:42 AM
Philip, in this scenario HQ is able to access the LAN on the far end because the PTP circuit is physically connected to the LAN side of the MX with an address assigned to the PTP VLAN. An additional LAN port in access mode on that VLAN is used to pass the traffic through to the WAN2 port. So essentially the WAN2 port is using the PTP VLAN to get back to HQ and out to the internet. You'll have a static route in place to make sure internally destined traffic to/from either side of the PTP circuit doesn't pass through the WAN interface.
... View more
04-20-2018
09:32 AM
The MX is not dual connected to a switch. When the MX was initially implemented we were using Dell switches with STP disabled across the board. Since then we've implemented the MS220-48 with RSTP enabled and the issue was the same in both scenarios. I did as a test disable STP in my network and added a test VLAN and experienced 2 timeouts during a constant ping. The bouncing of the ports is something that support mentioned. However I don't experience the lapse in connectivity at any of my other sites where I'm running MX100 and MX64 both with STP enabled and disabled. I think this is a flaw with the MX84 but would like to know if this is an issue with all MX84 deployments or just in my network. Meraki did at one point replace my MX with another but the issue persisted. We also tested with all infrastructure disconnected from the MX and just a laptop connected to a LAN port and same result.
... View more
04-20-2018
07:02 AM
I have an MX84 that stops passing traffic anytime I make a change to the addressing and VLANs page. Even if it has nothing to do with existing flows such as adding a VLAN, the issue occurs. I had a ticket open with Meraki for more than 2 years and earlier this month they finally came back and said this is by design. I do not have this issue on my MX100s or any other model for that matter. Seems like a function of an enterprise grade firewall to be able to make a config change and have traffic not stop for 3 to 5 seconds and then start up again. This problem also happens if I make a change to the DHCP page. Say I change DNS for one DHCP scope, once again the MX completely stops passing all traffic momentarily while the change is implemented. Can anyone who has an MX84 confirm whether or not this is happening to you?
... View more
04-20-2018
06:50 AM
1 Kudo
Another way of achieving your desired result: Assuming the PTP circuit is on a dedicated VLAN connected to the MX at the remote site, configure one LAN port as an access port on that VLAN. Connect WAN2 (still at the remote site) to the LAN port that's on the PTP VLAN with DHCP running at HQ. Now you have WAN2 routing over the PTP circuit and then out to the internet via the MX at HQ. I have this setup in my environment and it's working perfectly. I'm actually using WAN2 as the primary uplink for the remote site because the PTP --> Internet at HQ provides more bandwidth than WAN1.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 3671 | 06-07-2018 10:25 AM | |
| 4570 | 04-23-2018 08:57 AM | |
| 7845 | 04-20-2018 06:50 AM |
My Top Kudoed Posts
