I can use some assistance with this since I've not created anything like this before. From the B2SW04 we are connected to our internet router. The Cisco switch is on the 6th floor with a connection to B2SW It is at the top of a new server rack supporting UCS-Mini. We want to implement vlans for our network and have been advised that the Cisco switch would be the best solution. The question I have is can we do that when we don't have a direct connection between the and the router?
Is it as simple as creating the transit vlan and then tagging the port on B2SW04 that is connected to the router to only allow traffic from the transit vlan? We are trying to avoid a new run from the 6th floor to the 1st floor for now.
Our plans will be to move the router and internet connection to the 6th floor and also add redundant connection between the meraki switches. Thanks in advance for suggestions and assistance.
Go to Solution. View solution in original post. But your diagram shows it connecting to a Cisco switch. Which is correct? Your description of the environment does not indicate where routing for the LAN vlans is being done.
Is it done in the Meraki switches? Being done in the Cisco switch? Being done on the router? Can you clarify? It looks like vlan 1 is being used as a management vlan. But it also describes vlan 1 as a transit vlan which suggests that data traffic is combined with management traffic.
Is this correct? You describe the switch as a top of rack and seem to indicate that new vlans will be defined for the servers and their traffic in this rack. You do not indicate where you want routing for these new vlans to be done. Do you want this routing to be done on the ?
On the existing switch? On the router? Without knowing answers to these things it is difficult to give good advice. We can certainly say that one approach could be to do routing for these new vlans on the and to configure a new vlan connecting through the other switches to the router.
A variation on this approach would be to do routing for the new vlans on the and to use vlan 1 as a transit vlan to get data back and forth to the Internet router. Another alternative could be to configure the connection from to Meraki as a trunk assuming that connections between Meraki switches is also a trunkand to extend the vlans to wherever you want routing to occur.Before proceeding, please refer to the Layer 3 Switch Overview for general information and configuration options.
The MX is using an IP address of This leads down to a distribution switch that connects to both an access switch and a one-armed-router performing inter-VLAN routing for the network:. On the Distribution Switch, three layer 3 interfaces will be required.
Configure the uplink interface first using the following steps:. To allow for the downstream access switch and connected clients to take advantage of the routed interfaces, the switch port going to the access switch will need to be configured as a trunk to allow for both VLANs to traverse it. The uplink port on the access switch should be configured identically, otherwise VLAN mismatches will result.
The access switch will also need to be configured appropriately to place client traffic in the voice and data VLANs. Now that the distribution switch is performing inter-VLAN routing for the network, we will need to perform some additional configuration steps on the firewall to allow full network connectivity:.
Layer 3 switch overview. MS Switch port configuration.
Configuring multiple switch ports on the same VLAN. Best practices for Click to Learn More. You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor. Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.
In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own. Sign in Forgot Password. Dashboard Support Contact Sales. Layer 3 Switch Example. Configuring the Layer 3 Interfaces On the Distribution Switch, three layer 3 interfaces will be required.
Configuring the Switch Ports To allow for the downstream access switch and connected clients to take advantage of the routed interfaces, the switch port going to the access switch will need to be configured as a trunk to allow for both VLANs to traverse it.
Save as PDF Email page. Last modified. Related articles There are no recommended articles. Layer 3.Hoping someone in here can assist me please in getting a static route setup as i'm currently trialling 2 MX65Ws, one setup at our main office and one setup on a home connection. Head Office - 2 connections coming in, 1 via MPLS which connects all of our offices together, 1 is the internet. There are 4 main network subnets in our head office, The first MX65W is connected via Internet 1 into one of our access switches and has an ip of Dashboard picks it up fine.
MX is configured with an ip of Meraki support have checked all the settings and they all look fine i. The issue is that the laptop at home can't ping anything on the Also no clients can ping the other MX device, i.
Meraki support have said that the issue is no static route in our ASA and a static route needs setting up from How is this done? Outside Go to Solution. View solution in original post.
No, i'll look into that when i get home but thank you for the suggestion as it wasn't something i had thought of at all. We think there was a static route configured in the core switch somewhere that was causing problems for any The tracert from my machine to The bottom screenshot is what i've put in the ASA.
Ok, I'm a little confused now as to where the Layer 3 is setup on the work network. Does the core switch own the default gateways to all of the Then the core switch has a route up to the ASA?
We are fine on the remote network just need to get the routes figured out on the work side and this will start working. Think i'm getting there, i'm in the process of learning the cisco side of it and we've got some old static routes from a previous network that were brought over.
I understand our network a lot better this morning than i did yesterday but what was essentially happening yesterday was, as i understand it now.
I've put the static route in the Core Switch now and removed it from the ASA, so anything connecting to As it stands now, i can ping the Meraki Home from my work client but can't ping the laptop plugged into it. I also can't ping the laptop at home either from the Meraki device at home so will look tonight when i'm back at home.
Thank you for your patience but think we're there. Thought i had managed to sort it but still struggling a bit and i'm sure it's a simple routing issue somewhere.I have been using Meraki devices in many different networks now and different setups. The Switches rock and the APs are very good but for our market residential the drawback of it all will stop working if they don't renew the licence is a hard sell so we normally just use the MX device and use cisco switches and Ruckus APs as they don't need a licence to keep working.
Now on to my Question: how to setup the MX so that it can still get all the reporting but use a Layer 3 switch below it. I have decided to configure the MX as I connect the firewall to the switch on a trunk port. Is this a good setup? It is the only thing I can think of to use a layer 3 switch and the MX but still track all clients by MAC address and get the good reporting.
I would like to take the Layer 3 routing from it and move it to a cisco switch. I use my MX60 in a similar configuration. I have a L3 switch that serves as my core router in a collapsed-core setup here. My meraki is set at NAT, and I have what I like to call my "internal edge" subnet between the meraki and my L3 switch and all that is on that subnet is internet traffic to and from the meraki and the L3.
No need to dip into each internal subnet. I had similar thoughts when first deploying and decided all I really cared about internet traffic. Having on the LAN would mean lesser performance not acceptable and reporting wise I could see file transfers and internal traffic that I really dont care as much about having granular reporting on.
Sounds like this is what you are looking to avoid though. Again, if you dont have AD then I can see your dilemma here. Also, you can create a MDM network and install their client and get great stats etc. That would be OK, Scott, if Meraki support didn't throw that same number back at you on support calls.
Even when a third of them are servers, their own AP's and switches, or other devices that aren't consuming internet bandwidth but still show in the Clients list.
Configure IPv4 Static Routes Settings on a Switch through the CLI
Pieter, we ran into the same thing, we have under the number of actual PC's that Meraki say the MX60 is suitable for but when you include the servers, AP's, etc it's over.
And then with IPS on it frequently becomes unresponsive. Don't disclose user counts to them. None of their business.
Tell them that the client list is inaccurate and throw that in their faces. Tell them that detecting an IP address does not a client make and that if they can't get things to work sensibly that they need to fix that before using it as a reason to not provide support. Sure it is. Lots of devices have limitations on routing tables, ARP entries, MAC address tables, and all the other places where a network device stores information required for doing its job properly.
Experts and Users, I am in process of switching to MX with all security license, but noticed a problem with using Juniper MDF with all vlans and routing option about 40 vlans. I have a dilemma either leave like it is and use just static routes on MX or move all vlans to MX - and make it one box in charge of all?
I can't just tell management now buy Meriaki switches because it is a way just it works. I am having also difficulties with setting up DMZ.
Oh I dunno. I like Meraki for SMB deployments, especially as part of a managed service offering. Setting up complex firewall rules is a nightmare compared even to Cisco ASDM but it's pretty nice for simpler setups and the auto-VPN feature is pretty incredible. Can't remember if it was a 3-year or 5-year calculation but I was pretty surprised.
And no annual fees. Let me talk to ANY client about switching from Meraki. Let me show them the real cost difference. We always pull out Meraki anywhere we are - the cost of supporting it is higher than the cost of keeping it.
It's just sunk cost.I just want to make sure I'm not missing something here. I'm implementing a new MX64 at a car dealership and that is setup with basically a dealership network and then a bunch of different networks that relate to the DMS system and CRM system. Because of this I need to create a bunch of static routes. I don't have much experience with static routes except for the ones I've had to create at this dealership in the past and one other dealership but this was all done on Sonicwalls and we all know Sonicwalls have their own way of doing things compared to everyone else.
Here is an example of a static route. In the sonicwall there is an address object that's X.
Specify a Next Hop IP Address for Static Routes
Now the reason for the question is I want to make sure I did this correctly on the MX64 since I have a bunch of other routes to create. I did add a static route. Then in the subnet field I entered X. And is that setup correctly? Static routes are used to communicate with subnets or VLANs that are not defined or "owned" by the MX, but are reachable through another layer 3 device on the network. Static routes require a next hop IP address be specified within the scope of a configured VLAN or subnet to be able to successfully route traffic to another layer 3 device.
So the MX64 is handling the subnet X. It says this for next hop IP:. Next hop IP: IP address of the device such as a router or layer 3 switch that connects the MX appliance to the static route subnet. This is also sometimes referred to as the 'route gateway IP'. Which would make me think that would be the IP address given to the DMS company to configure on their switches that's inside my main subnet.
Subnet: Use this option to enter the remote subnet that is reached via this static route in CIDR notation. To continue this discussion, please ask a new question. Get answers from your peers along with millions of IT pros who visit Spiceworks.
Popular Topics in General Networking. Which of the following retains the information it's storing when the system power is turned off? Spike Jan 24, at UTC. Spike wrote: if you look here And this is what is says for subnet: Subnet: Use this option to enter the remote subnet that is reached via this static route in CIDR notation.
This topic has been locked by an administrator and is no longer open for commenting. Read these nextOur client who has a separate network wants to share Internet with us.
We are currently using Cisco MX How do I configure it on Meraki? They want to go through your MX? Why not just connect their firewall directly to the provider's router? Sorry just beginning to understand this. Basically, they have their own setup.
They have router. Sorry, but apparently they don't want it be NATed. My firm typically uses an MS for clients already using Meraki equipment, since then we can just manage it from the dashboard. Pretty easy setup. Put them all on the same vlan with a random number. ISP device goes into port 1. Set port 8 to whatever your management vlan is, and connect it back into your LAN for mgmt purposes.
Our client who are leasing on our office has separate network and decided to use our internet. So they have their own router and switch. They are asking for a Public Ip routed from Meraki to their router not going to a NAT process because they are having issue with the UDP port and they don't want to bother us everytime there is some changes they will make because that means we also have to change config also.
We put a third party security appliance aka Kharon in front of our MX. NAT-ing may be disabled on Kharon. I have no issues with connecting from the MX environment to the Internet.
I mention this because the cost of Kharon is nether here nor there, and it allows me to sort the sheep from the goats, as far as network security is concerned. This isn't a marketing exercise, it was the most cost effective solution to several problems, and provided some capabilities we did not have previously. Just to give an update. I have done all of your advice. Our main ISP is now working on both Meraki and client. I just have concern with my failover.
On the original set-up,my failover is connected to WAN2 port of Meraki. Please note that my failover is working perfectly with Meraki.
On the new set-up, I configured a Layer 3 switch and connect both the client and Meraki in there. I connected WAN2 to our Layer 3 switch first.I was wondering if we are able to add multiple more than one static routes on Cisco Meraki MX When i am trying to add more than one route here, i get only the option to update the already existing route attached screenshot.
Go to Solution. View solution in original post. Certainly you can add multiple static route. I have tried to add an extra static route and as soon as i pressed "Update" the new route replaces the old one instead of adding it as a new one.
I don't get if i am doing something wrong although it seems to be as simple as everor it is just some kind of bug or something like that.
Is the I suppose that this IP belongs to a connected L3 device. I was simply trying to replicate your case on the same box.
Afterwords when i tried again from Google Chrome, i was able to make changes from Chrome as well. So, seems like you have to add the subnets for the static routes first. In general, there was no problem in configureing, more than one static route. Register or Sign in. Turn on suggestions. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. Showing results for.
Did you mean:. Go to solution. Here to help. Hello, I was wondering if we are able to add multiple more than one static routes on Cisco Meraki MX All forum topics Previous Topic Next Topic. Accepted Solutions. Head in the Cloud. I tried doing this again on my PC. I found no issues. How about making sure about the following. Create 1 Route at a Time.