Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About J_Howard

Re: "Routing & DHCP"

by in Switching
‎Apr 25 2018 4:30 PM
2 Kudos
‎Apr 25 2018 4:30 PM
2 Kudos
Cisco Meraki MS120 switches provide Layer 2 access switching and doesn't have any Layer 3 access.  That is, you can setup VLANs and a default gateway for the switch but you can't setup OSPF, BGP, etc.  You would need an MS225+ for Layer 3 routing protocols.    It sounds like you need help with your network setup. Can you provide us a diagram of your network? It would help us help you out.    The routing and DHCP section is where you setup VLANs on the Meraki switches.    When you make a network you will need the following: -A default gateway. -DHCP or manually set Static IPs.  -DNS because its hard to remember 50 IPs but easier to remember 50 names.   Before you really dive into that you need to identify what VLANs you have to setup and you should probably setup the general settings first. That is, on your MX84.    Make sure your MX84 is setup so that you have a management VLAN (I call it NOC VLAN), and your other VLANs that you are going to consolidate. Under the MX84's menu go to Security Appliance > Address and VLANs.    It is here that you will set the Default Gateways for your VLANs and the VLAN's ID. Going with defaults VLAN 1 would be the default VLAN and what I would call the NOC VLAN. I suggest setting it to something else as VLAN 1 is the default for every network so it might conflict with what you have now and its also not secure to use the default VLAN for anything.    Here is an example of a VLAN:    Creating the VLANs is not enough. You have to check your port settings as well. So, on the same page scroll down. Port 1 or 2 should be setup to use your ISP. Lets say its port 1 and they use DHCP so just plug in your ISP. Now, port 3 is your link to your MS120s. I made 2 VLANs - NOC and Guest to show you how to setup the interface.      This will allow the VLANs I need for management and my users to get from the MX firewall to the MS120s. You could set the Native VLAN to be the NOC if you want but I do not for other setup reasons beyond the scope of your question. You will have different VLAN IDs than me and more VLANs. Just add as many as you want like mine. You could say to use ALL but the issue with that is DMZ networks would get on the LAN if you make them.    Before you leave, do DHCP. Do you need DHCP for the VLANs you created? Then, before going to the MS120 go to DHCP and setup your DHCP. Meraki devices come with DHCP enabled for the NOC subnet so you are going to want to turn DHCP on for at least the NOC subnet so subsequent switches you connect at least get an IP.    The default firewall configuration should deny all incoming by default and allow all outgoing. So your users can do everything and nothing can hurt them. For now, that's fine. Enable the Hub setting in Site to Site VPN if you need it to reach other sites.   After that, you should have configured your firewall to at least work with your MS120 switch(s). You'll want to make sure that after you plug up your MS120 into Port 3 of the firewall. Set the port up like the below: This will at least allow you to connect to the firewall and accept any VLAN you allowed on the firewall. If you didn't follow my configuration exactly at set a Native VLAn then make sure to adjust accordingly. Now, this allows the VLANs on the MS120 and the rest of the LAN but the MS120 wont know what to do with them until you till it.    That is what the Routing and DHCP section is for. The Routing and DHCP section will help you set some of this up.    So, add the same VLANs to the MS120 that you added to the MX firewall. The MX firewall is your VLAN's default gateway so you just need to use a free IP on the firewall for the VLANs you setup. If the NOC is VLAN 100 like mine then you are going to want to adjust your LAN IP to DHCP from the NOC VLAN and under Network Wide > General ensure the Management VLAN is correct.    After that, you can add more switches but you'll have to ensure you use the same steps above so that the VLANs are created on all switches and the firewalls. The links between switches can be native VLAN NOC and allow ALL vlans. The security we did for the firewall will keep unwanted VLANs out allowing an easier setup for the LAN. If security is a concern though then just tag the uplink interfaces with all user VLANs (not DMZ) and native NOC.    Do you have more Cisco gear in there? If you are new to Meraki one thing to keep in mind about meshing multi-vendor gear with Meraki it to pay attention to STP. Older Cisco gear might be configured with PVST and Meraki supports RSPT. This will cause a conflict if you do not pay attention to STP.    Hope that helps.      ... View more
© 2024 Cisco Systems, Inc.