Can you designate a LAN port as "non advanced security?" to utilize full bandwidth?

RumorConsumer
Head in the Cloud

Can you designate a LAN port as "non advanced security?" to utilize full bandwidth?

Hey all

 

I am getting a new 1Gbps fiber connection and will be connecting it to a new MX85. 

 

I will have a normal full stack Meraki LAN with maybe 10-12 APs behind the MX's Advanced Security License.

 

However, the MX85 only does Adv Sec to LAN at 500Mbit. So that leaves 500Mbit on the table. Is there a way to designate a single or multiple LAN ports on the MX as "non advanced security" ports that draw on the full 1Gbps capacity if I want to do a fast download or upload using a "secure enough" device?

 

My ISP says they can also just give me another ethernet cable that uses the same bandwidth but if possible I though this might be cleaner.

 

Thanks

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
14 REPLIES 14
GreenMan
Meraki Employee
Meraki Employee

No - I'm afraid you can't be selective about how Advanced Security features are applied to different ports.   From a security perspective, I'm not sure that's a great idea anyway.   If you need more throughput, better to get a more powerful MX, I'd have thought..?

The rest of my network will be just fine with 500mbit. It’s really going to be for the one off situations where i need a lot of bandwidth. I’ll just use the extra Ethernet from the isp

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.

Oh and as an aside I would be more than happy to buy a bigger MX. I love Meraki gear but its easy to come across bandwidth these days but harder to find an MX that can take advantage of it at a reasonable cost. Im not some industry pro but Im wondering if you know how much it costs to take advantage of a 1Gbps line using your gear with adv security? From what I can see, its the MX95 which, out the door with a 3 year adv sec license can be yours for only.... $17,000 US MSRP. 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
ww
Kind of a big deal
Kind of a big deal

You can tweak and turn of things(like amp) by using a group policy attached to a vlan. But you cant turn of ips

RumorConsumer
Head in the Cloud

would that give me more bandwidth on certain clients listed under the policy? what does that give me?

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
cmr
Kind of a big deal
Kind of a big deal

@RumorConsumer as far as I know the only hard bandwidth limits are the stateful firewall throughput and VPN one  - i.e. 1Gbps and 500Mbps for the MX85.  The advanced throughput is an expected level of performance, though it is actually 750Mbps according to the datasheet:

 

cmr_0-1651186975285.png

 

RumorConsumer
Head in the Cloud

Oh interesting. This document seems to suggest that with security options it will drop to 500Mbit:

https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file

 

How should we interpret the disparity?

 

Plus, I am going to have a paltry 20 users max all doing relatively little. I need the bandwidth for my own mad science. Is it likely I will see better performance w adv security with such little user weight? 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
cmr
Kind of a big deal
Kind of a big deal

The sizing guide is dated Feb 22 and the datasheet is dated March 22 so perhaps the MX95 got an uplift like the MX67/68 did?

RumorConsumer
Head in the Cloud

whats the MX68 uplift? are they finding more headroom for performance? any links? 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
cmr
Kind of a big deal
Kind of a big deal

The MX67/68 originally maxed out at 450Mbps and now goes to 600Mbps.  There was a post here showing the changes.

RumorConsumer
Head in the Cloud

Oh wow. Thats cool. I have a 68 currently that these very 0s and 1s are traveling through. 

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
cmr
Kind of a big deal
Kind of a big deal
RumorConsumer
Head in the Cloud

@Ryan_Miles any info on whether MX85 got a similar treatment or what kind of adv sec performance I *might* see given that Ill mostly have barely any traffic on this 1Gbps line with adv sec on? Do you think Id see more than 750?

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.

This change only applied to MX67 & 68.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels