Hello, I am after some advice on how to configure a MX84 for our new office network.
We have an MPLS connection to our WAN and a ADSL connection to the internet.
What I would like to do is to have 3 cables from the MX84 – One to the MPLS router, One to the ADSL router and One to the Core switch.
All local network clients will be connected to the Core switch.
I have configured a Site to Site VPN at our main office. (192.168.49.0/29)
What I would like is for all traffic from our core switch on vlan’s 100(Corp LAN), 200 (Corp Wireless), and 5 (Management) to use the MPLS as the default route, but then to use the ADSL (site to site VPN) connection if the MPLS goes offline. However, traffic from the core switch on vlan 999 must ALWAYS go via the ADSL for Internet access and NEVER use the MPLS or Site to Site VPN.
Proposed vLANs and Private IP's for the local network are:-
(Corp LAN) – vLAN 100 - 10.49.64.0/19
(Corporate Wireless) vLAN 200 - 10.149.64.0/19
(Management) vLAN 5 - 10.49.96.0/19
(Guest Wireless) vLAN 999 - IP address from ADSL router.
DHCP will be configured on the Meraki Switch to allocate IP's to the corporate LAN clients and the Corporate Wireless devices. Guest Wireless devices will get IP from the ADSL router.
Is what I am asking possible and can anyone advise on the configuration settings that I need to make on the MX84 and help advise on which ports to use on the MX84 to connect to the following devices :-
The part I think you won't be able to do is isolating VLAN 999 to just go out the Internet... You can exclude VLAN 999 from the Auto VPN, but if you have a 0.0.0.0/0 pointing over the MPLS then you won't be able to stop traffic from going that way. Maybe someone else here can chime in on how this can be done...
Many thanks jdsilva 🙂 Yes, I am struggling to see how I can exclude the Guest Wireless traffic from using the Auto VPN. Maybe if the ADSL router has two ports then I can connect the second port directly to the Meraki core switch (vlan 999) and then bypass the MX84 althogether for guest wireless traffic?
Port one of the ADSL router will remain connected to the MX and be used for VPN failover.