Handling SGT on MX from LAN to LAN

Vahid-Farahani
New here

Handling SGT on MX from LAN to LAN

Dear community,

 

Does anybody know that Meraki MX will handle traffic with SGT tags (Cisco MetaData) without enabling Adaptive Policy on it ? the current version is 17.10. 

 

I know that MX version 18.1 only supports preserving and propagating SGTs over autoVPN on NAT mode MXs, I need that MX handle traffic with SGT tag from LAN to LAN. 

 

Thanks and greetings,

Vahid

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

Have you tried with this doc?

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Adaptive_Policy/Adapt...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Vahid-Farahani
New here

Thanks for your relpy.

Yeah, I have read this doc, it has been mentioned that: 

"MX version 18.1 only supports preserving and propagating SGTs over autoVPN on NAT mode MXs."

In my network the Meraki is between two Cisco devices.

KarstenI
Kind of a big deal
Kind of a big deal

Most important question here: Do you have LAN-switches that can handle SGTs? In the Meraki world this is only the MS390. On the Catalyst line it's 3650+ or the 9k line.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Vahid-Farahani
New here

Yes LAN switch is handling the SGTs, 

FYI: The traffic is coming to the Meraki with CMD, but not forwarded with Meraki to down stream switch. 

If I upgrade the apliance to the 18.1+ , do you think that it will handle the traffic? 

Without SGT tag, everything is working. 

PhilipDAth
Kind of a big deal
Kind of a big deal

I think you will need to use a super new firmware to stand a chance of this working.

 

I would kinda expect this to require an "SD-WAN Plus" licence for this to work ... I wouldn't expect Meraki to support this without that licence.  I am only guessing at this bit.

 

 

Could you not plug the two Cisco switches directly into each other and side step the issue?

Get notified when there are additional replies to this discussion.