3+ WAN Port SD-WAN

roesljas
Here to help

3+ WAN Port SD-WAN

Hi,

 

I have a remote site with extremely limited internet connection options.

 

There are currently no DSL or Fibre runs in the area so we are limited to a long range P2P satellite system - with a 4 port NTD. For some reason each port can only deliver a 20mb connection, this means that the customer has to order 4 separate connections (totalling 80mb) across the 4 ports - which means 4 public IPs etc. We can't order 1 x 80mb connection on one port - not sure why.

 

Anyway my question is: The MXs offer only 2 physical WAN ports + USB for SD-WAN, Is there a way to do SD-WAN with up to 4 separate connections using an MX? If not, can anyone recommend a alternative way forward here.

 

Thank you,

 

Jason

16 REPLIES 16
UCcert
Kind of a big deal

Not with using Meraki hardware that I can think of without the setup being messy.  The MX’s only have 2 WAN ports and that is the limitation across all the hardware.  To use 4 you’d need 2 individual MXs but these would have to reside within 2 separate Networks within the dashboard.

 

Do Cisco offer a 4 port equivalent?

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Hi thanks for the reply. I haven't looked into normal Cisco yet. The cloud management of Meraki is an extremely appealing feature given the location of the site and business workflow.

 

We are hoping we may be able to cut down to 2 connections.

 

As for using two MXs on 2 two separate network; Presumably this would be putting different VLANs across the two appliances e.g. voice on one MX, general data on the second MX etc ? The devices wouldn't be working together at all.

 

Jason

UCcert
Kind of a big deal

Exactly, it just wouldn’t work for you.

 

if you can trim your connections then great I would highly recommend going SD-WAN with the MXs. Simple to setup and manage.

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Thanks, we will shoot for that.

UCcert
Kind of a big deal

hope the project goes well.  There’s a project gallery on this site - I’ll keep an eye out for your post there 😁

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Thanks, I'll definitely put some pictures up.

GreenMan
Meraki Employee

How is mobile data coverage in that area?   Maybe an MG21 fitted to the outside of your building, pointing at your nearest mast?   This could give you up to 300 Mbps

No cellular coverage in the area whatsoever unfortunately.

Sushil
Meraki Employee

Hi, 

The solution is not straight forward. You can use 2 MX firewalls (in separate network), would also require separate licenses, not HA. Terminate four WAN links on these 2 MXs. Now, you would also need to do PBR on the Core SW to send traffic to either MX1 or MX2.

 

Another way to achieve 3 WAN links is to connect 2 WAN links on MX1, MX1 Lan connects to WAN1 of MX2. MX2 WAN2 port connects to Internet link. MX2 LAN connects to the Core Switch. 

 

Both solutions are not that great, simple and not cost effective, but if you really need WAN links more than 2.

CptnCrnch
Kind of a big deal

Exactly that's the point where I'm telling my colleagues: we want customers, not victims. 😉

UCcert
Kind of a big deal

Shall we all make a wish for more WAN ports?

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
cmr
Kind of a big deal
Kind of a big deal

@UCcertwe asked for that over a year ago and were told it wasn't a roadmapped item...

I think so, doing it now

Thanks for that info, I would definitely keep that as a last resort.

PhilipDAth
Kind of a big deal

You specifically mention SD-WAN.  I'm going to assume your only concern is around using AutoVPN for connectivity.

 

You could run dual active headends (in seperate Meraki networks), with two Internet circuits plugged into each.  They would need to run a stub network (with no VLANs on the MX side) to a L3 switch, and you would need to use OSPF to link everything together.

https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets 

 

You would connect half of your remote sites to one head end (as a hub), and half to the other.  OSPF would tell the layer 3 switch which head end the remote site was connected to.

https://documentation.meraki.com/MS/Layer_3_Switching/MS_OSPF_Overview 

 

Our intention is to pool / load balance the bandwidth.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels