Solved: Do Meraki MX devices support Multi-Nets

trevorsmith · ‎04-15-2023

Hi all,

Bit of a networking novice, so hope someone can help. Due to supply shortages, I had to purchase a non-Meraki PoE switch (in this case a TP-Link switch with L2+ features, model TL-SG3452P) and I am having the following issue...

I have Servers on VLAN 10 and Clients on VLAN 20. When the client and servers default gateways are setup as the L3 interfaces on the TP-Link switch I can get near Gigabit speed during file transfer, however I cannot get any device on VLAN 10 or 20 to reach the internet, even though I have a static route setup setup on the switch (0.0.0.0/0 next hop 192.168.1.254) pointing to the default VLAN interface for VLAN1 on the MX.

When I configure the clients / server default gateway as 192.168.1.254, internet access is recovered, however I drop performance between the client and server to 150 Mbps, presumably as the routing is being managed by the SVI's on the MX device.

I have puzzled over this for many days, and would appreciate any help you can provide, feels like this must be something simple I have overlooked. Having said that, TP-Link support have told me that I need a router capable of Multi-Net NAT, a term I have not come across before.

Has anyone out there come across this scenario before? Is what I am trying to do even possible? Have I missed an obvious step? Is Multi-Net NAT is the answer, can the MX be configured to support. Is the best approach to put clients and servers on the same VLAN and forget about VLAN's altogether?

Any help, much appreciated, if I'm being daft, please tell me and stop me fighting an unwinnable fight

TIA,

Trevor

trevorsmith · ‎04-16-2023

Hi Karsten,

Many thanks for your support and advice. So the issue was resolved after considering all the comments I received, when I realised that the dafault route out was working however there was no return traffic route.

Two things I had not done correctly...... I had the VLAN's setup on the MX and the TP-LINK switch, and although I though static route might be required, I couldnt figure out how to set it up as the Meraki rightly objected.

Long story short, deleted the VLAN's from the MX so they were only present on the TPLINK and added static routes to the MX pointing to the VLAN interfaces on the TPLINK switch. Now have full speed file transfer between client and server and both client and server has access to the internet.

Job done, thanks again.

Trevor

View solution in original post

Flavio Miranda · ‎04-15-2023

Hi

It seems Multi-NET NAT is a TP-Link concept. Never heard either.

"Sometimes we may need to divide an internal network into several subnets that
can share the same gateway router for I nternet connection. However, by default
settings, TP LINK router abandons packets from IP addresses in different subnets
from its LAN. So in order to achieve this, the gateway router is required to be
able to translate (NAT) and deliver packets from LAN, w hich have IP addresses in
different subnets. Multi nets NAT is the feature on TP LINK router that makes this
possible."

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjOg4mJ3Kv-AhUsrpUCHTGgBqQQFnoECBIQAQ&url=https%3A%2F%2Fstatic.tp-link.com%2Fres%2Fdown%2Fdoc%2FMulti-nets_NAT_Config_Guide.pdf%3FconfigurationId%3D2987&usg=AOvVaw3Qfqz-_w55cZNs...

But, I dont believe this apply to your scenario as no NAT should happen on the TP-Link.

If I understood right, you used to use Meraki switches to plug devices and everything was fine. Then, you added TP-Link switch to your topology to perform Layer2 to PCs and Servers and you noticed low performance in traffic transfer between then, right?

You tried to bring the TP-Link to be a Layer3 device by creating Interface vlans and using the Meraki as default gateway but then you lost Internet connectivity. Although you fixed the performance problem between PCs and servers.

The question here is how you Internet exit works, and that may be the answer for you problem. You probably have a gateway somewether and possibly a firewall or they can be both.

Have you checked if this network you created on TP-Link needs to be allowed in some Access List? And, on the NAT rule on the gateway or firewall?

Keep in mind that, create a default route on TP-Link point to Meraki only tells TP-Link to where send traffic but the packets from your PC and servers will try to leave you network with its original IP address that I am assuming you just created on TP-Link.

I guess the problem can be related to permission on firewall rule or ACL or lack of NAT rule on your gateway.

Now, about keeping the TP-Link as Layer2 and having the traffic being routed through Meraki causing low performance in transfering data between vlans, this can possibly be a incompatibility between those two vendors. You probably had to create a trunk between them, right? The traffic is going UP to Meraki and then going down back to TP-Link and crossing the trunk twice.

If I were investigate something here, I´d take a close look on this trunk.

Good luck!

trevorsmith · ‎04-16-2023

Hi Flavio

So the issue was resolved after considering all the comments I received, when I realised that the default route out was working however there was no return traffic route.

Two things I had not done correctly...... I had the VLAN's setup on the MX and the TP-LINK switch, and although I though static route might be required, I couldnt figure out how to set it up as the Meraki rightly objected.

Long story short, deleted the VLAN's from the MX so they were only present on the TPLINK and added static routes to the MX pointing to the VLAN interfaces on the TPLINK switch. Now have full speed file transfer between client and server and both client and server has access to the internet.

Thanks again for taking the time to help, I was tying myself up in knots

Trevor

Flavio Miranda · ‎04-16-2023

Glad you sorted it out.

Karsten Iwen · ‎04-15-2023

For the first problem regarding the internet reachability: You say you have a default route on the TP-Link pointing to the MX. But do you also have a static route for VLANs 10 and 20 on the MX pointing to the TP-Link? The MX will automatically do NAT for everything leaving the WAN interface.

The throughput-problem: This likely depends on the MX model. With a lower end model you are quite limited but with the higher models you get more speed. Just remember that the MX always applies stageful inspection and doesn't just forward the packets in hardware as the switch does.

trevorsmith · ‎04-16-2023

Hi Karsten,

Many thanks for your support and advice. So the issue was resolved after considering all the comments I received, when I realised that the dafault route out was working however there was no return traffic route.

Two things I had not done correctly...... I had the VLAN's setup on the MX and the TP-LINK switch, and although I though static route might be required, I couldnt figure out how to set it up as the Meraki rightly objected.

Long story short, deleted the VLAN's from the MX so they were only present on the TPLINK and added static routes to the MX pointing to the VLAN interfaces on the TPLINK switch. Now have full speed file transfer between client and server and both client and server has access to the internet.

Job done, thanks again.

Trevor

paul driver · ‎04-15-2023

Hello
Sounds like your new switch shouldn’t be doing any routing the MX would be doing it.

Also it seems thsoe L3 subnets are new as such the MX isn’t aware of them and cannot NAT for them

You need to gain access to your meraki dashboard and create those client / server subnets on the MX then make your new switch just an host switch connecting to that MX via a trunk port

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

trevorsmith · ‎04-16-2023

Hi Paul,

So the issue was resolved after considering all the comments I received, when I realised that the default route out was working however there was no return traffic route.

Two things I had not done correctly...... I had the VLAN's setup on the MX and the TP-LINK switch, and although I though static route might be required, I couldnt figure out how to set it up as the Meraki rightly objected.

Long story short, deleted the VLAN's from the MX so they were only present on the TPLINK and added static routes to the MX pointing to the VLAN interfaces on the TPLINK switch. Now have full speed file transfer between client and server and both client and server has access to the internet.

Job done, thanks again.

Trevor