Solved: Re: MX Configuration

soypablocr · ‎01-08-2019

I will setup two Netowrks in the same organization and thinking of doing the LAN config as follows:

MX1

LAN Segment 10.175.255.136/29

MX IP 10.175.255.138

MX2

LA Segment 10.175.255.136/29

MX IP 10.175.255.139

Am I right?

Philip D'Ath · ‎01-09-2019

Yes, you can re-use the existing VLAN (and setup the ports on your switch the same), and yes, just use a new free IP address such as 10.175.255.139.

View solution in original post

simple818 · ‎01-08-2019

What are you trying to accomplish? In most setups the same LAN shares the two WANs load balanced. You can set an internet preference if something LAN side needs to stick to a certain LAN interface.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

soypablocr · ‎01-09-2019

Hi Adam, what I’m trying to do is to connect the MX2 to my CORE

Currently MX1 is connected to the Core with the values I showed in my post.

My Core switch has an Interface VLAN with IP Address 10.175.255.136/29 and two ports of the MX1 are connected to it. That segment is part of a OSPF.

I don’t know if I need to create another Interface VLAN for MX 2 and the segment that I’m creating added to the current OSPF.

MX2 needs to be part of a different organization than MX1 but should have the same accesses.

Let me know if this is a little bit clear or is more confusing.

thanks

Philip D'Ath · ‎01-09-2019

If you mean two MX's, rather then two networks, and you mean warm spare mode - then the two MXs share the same IP address.

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

BrechtSchamp · ‎01-09-2019

@Philip D'Ath wrote:
If you mean two MX's, rather then two networks, and you mean warm spare mode - then the two MXs share the same IP address.
https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

And you only need one MX license, saves you some money.

andrew-w · ‎01-09-2019

The MX's need different IPs so each of them can communicate with the cloud. If you have a third IP address available, the MX's can share a Virtual IP (VIP) so then network's public IP (and incoming connections) don't change in a failover situation.

I would configure it like this:

LAN Segment 10.175.255.136/29

MX1 IP 10.175.255.138

MX2 IP 10.175.255.139

VIP 10.175.255.140

Philip D'Ath · ‎01-09-2019

I still don't clearly understand what you are trying to do. Could you attach a diagram (even something hand drawn and take a photo of it)?

Are you MX's in VPN concentrator mode perhaps?

soypablocr · ‎01-09-2019

Hi PhilipDAth

Let me try to explain myself again.

Currently MX1 is up and running it has IP segment 10.175.255.136/29 and the LAN IP address 10.175.255.138 interface 1 and 2 are connected to my CORE Switch connected to interface VLAN 2102, here is the configuration of the VLAN 2102 at the CORE:

interface Vlan2102
no shutdown
ip address 10.175.255.137/29
ip router ospf 1 area 0.0.0.1

Now I want to connect to my CORE a new MX (MX2) also connecting Interface 1 and 2 in the MX to the CORE, my question is for this new MX can I assign IP segment 10.175.255.136/29 LAN IP 10.175.255.139 and setup the ports in VLAN 2102 same as MX1 or do I need to create a new Interface VLAN and add that to the OSPF that I have

MX1 belongs to a different organization and I will setup MX2 to a new organization.

Also MX1 it is setup as a Hub for site-to-site VPN and I will setup MX2 the same way

MX1 and MX2 will have different Public IP Addresses

I'm also adding a hand writing diagram:

Philip D'Ath · ‎01-09-2019

Yes, you can re-use the existing VLAN (and setup the ports on your switch the same), and yes, just use a new free IP address such as 10.175.255.139.

soypablocr · ‎01-09-2019

Perfect. Thank you!