Hi,
I have a remote site with extremely limited internet connection options.
There are currently no DSL or Fibre runs in the area so we are limited to a long range P2P satellite system - with a 4 port NTD. For some reason each port can only deliver a 20mb connection, this means that the customer has to order 4 separate connections (totalling 80mb) across the 4 ports - which means 4 public IPs etc. We can't order 1 x 80mb connection on one port - not sure why.
Anyway my question is: The MXs offer only 2 physical WAN ports + USB for SD-WAN, Is there a way to do SD-WAN with up to 4 separate connections using an MX? If not, can anyone recommend a alternative way forward here.
Thank you,
Jason
Not with using Meraki hardware that I can think of without the setup being messy. The MX’s only have 2 WAN ports and that is the limitation across all the hardware. To use 4 you’d need 2 individual MXs but these would have to reside within 2 separate Networks within the dashboard.
Do Cisco offer a 4 port equivalent?
Hi thanks for the reply. I haven't looked into normal Cisco yet. The cloud management of Meraki is an extremely appealing feature given the location of the site and business workflow.
We are hoping we may be able to cut down to 2 connections.
As for using two MXs on 2 two separate network; Presumably this would be putting different VLANs across the two appliances e.g. voice on one MX, general data on the second MX etc ? The devices wouldn't be working together at all.
Jason
Exactly, it just wouldn’t work for you.
if you can trim your connections then great I would highly recommend going SD-WAN with the MXs. Simple to setup and manage.
Thanks, we will shoot for that.
hope the project goes well. There’s a project gallery on this site - I’ll keep an eye out for your post there 😁
Thanks, I'll definitely put some pictures up.
How is mobile data coverage in that area? Maybe an MG21 fitted to the outside of your building, pointing at your nearest mast? This could give you up to 300 Mbps
No cellular coverage in the area whatsoever unfortunately.
Hi,
The solution is not straight forward. You can use 2 MX firewalls (in separate network), would also require separate licenses, not HA. Terminate four WAN links on these 2 MXs. Now, you would also need to do PBR on the Core SW to send traffic to either MX1 or MX2.
Another way to achieve 3 WAN links is to connect 2 WAN links on MX1, MX1 Lan connects to WAN1 of MX2. MX2 WAN2 port connects to Internet link. MX2 LAN connects to the Core Switch.
Both solutions are not that great, simple and not cost effective, but if you really need WAN links more than 2.
Exactly that's the point where I'm telling my colleagues: we want customers, not victims. 😉
Shall we all make a wish for more WAN ports?
@DarrenOCwe asked for that over a year ago and were told it wasn't a roadmapped item...
I think so, doing it now
Thanks for that info, I would definitely keep that as a last resort.
You specifically mention SD-WAN. I'm going to assume your only concern is around using AutoVPN for connectivity.
You could run dual active headends (in seperate Meraki networks), with two Internet circuits plugged into each. They would need to run a stub network (with no VLANs on the MX side) to a L3 switch, and you would need to use OSPF to link everything together.
https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets
You would connect half of your remote sites to one head end (as a hub), and half to the other. OSPF would tell the layer 3 switch which head end the remote site was connected to.
https://documentation.meraki.com/MS/Layer_3_Switching/MS_OSPF_Overview
Our intention is to pool / load balance the bandwidth.