Auto VPN Hub and Spoke Summerization... is it possible?

ToryDav
Building a reputation

Auto VPN Hub and Spoke Summerization... is it possible?

Hello,

 

Is it possible to summarize branch routes with AutoVPN?

 

Let's suppose my branch site VLANS are all /24s that could be summarized into a single larger prefix.

 

When I turn on AutoVPN and configure the branch as a spoke, all the enabled /24s propagate to the hub MX or vMXs.

 

So is it not possible to summarize these routes?

 

Let's say the hubs are vMXs that peer eBGP with another device. The vMX passes the specific prefixes to that device. 

 

Any thoughts? 

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

The answer is not, just static routes.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
cmr
Kind of a big deal
Kind of a big deal

You can do it by changing the topology.  At most sites we have one network with all the switches, wireless accesspoints, cameras etc. in and then use a transit VLAN to connect to the MXs that are in a different Meraki dashboard network. On the MX network we add a static route saying that the summarised subnet (a /16) is available via the other end of the transit VLAN.  That way the Auto VPN tables are cleaner and adding and removing subnets on the LAN doesn't lead to any rebuilds of the WAN tables.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
ToryDav
Building a reputation

Genius! Okay so let me ask you this, the VLAN Gateways live on a layer 3 switch then? 

cmr
Kind of a big deal
Kind of a big deal

Yes, the plus is performance, the minus is no stateful firewall rules.  There is a compromise to be had...

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels