Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Deploying Vmx with HA on AWS

Edu_Chico
Here to help
2 weeks ago
2 weeks ago

Deploying Vmx with HA on AWS

Helloa,

i want to deploy a Meraki solution in high availability on AWS, and we cannot find the correct configuration on AWS and the Meraki console. We have followed these URLs without satisfactory results:

https://aws.amazon.com/es/quickstart/architecture/cisco-meraki-vmx/

https://aws-quickstart.github.io/quickstart-cisco-meraki-sd-wan-vmx/

https://fwd.aws/6aN9v? <-- CloudFormation

 

We have 6 accounts, each with its own VPC, all connected with a Transit Gateway (1). The ranges used are within the supernet 10.111.0.0/18.

 

Using the CloudFormation from the link, we created a new VPC with the address 10.111.52.0/24. We divided this VPC into 4 subnets /26, 2 public where we deployed the Merakis, and 2 private. This VPC has a Transit Gateway (2).

 

At the moment we are only testing with the network 10.111.52.0/24. When the Merakis are working, we want to do a peering between Transit Gateway (1) and Transit Gateway (2). In the route table of Transit Gateway (1), we want to put that all the 10.0.0.0/8 traffic goes to Transit Gateway (2) and this sends it through the VPN via the Merakis.

 

In the Meraki console, we have created 2 sites. We configured both sites as a Site-to-site VPN of the Hub type. In Local Networks, we configured the network 10.111.52.0/24. Is this configuration correct?

 

We have deployed the CloudFormation, https://fwd.aws/6aN9v?, and we have a question about the "Meraki organization API key". Does it need write permissions, or is read-only sufficient? In the logs of the lambda "vMXTransitGatewayRTLambd" created by the CloudFormation, we see the following error:

 

--------------------------------------

[ERROR]              2024-06-10T15:24:55.943Z                        Exception: Meraki API key needs to be defined

Traceback (most recent call last):

  File "/var/task/lambda_function.py", line 240, in main

    update_rt()

  File "/var/task/lambda_function.py", line 195, in update_rt

    meraki_dashboard = meraki.DashboardAPI(meraki_api_key, suppress_logging=True)

                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  File "/var/task/meraki/__init__.py", line 68, in __init__

    raise APIKeyError()

meraki.exceptions.APIKeyError: Meraki API key needs to be defined

--------------------------------------

Labels:
0 Kudos
Subscribe
4 Replies 4
CarolineS
Community Manager
Community Manager
2 weeks ago
2 weeks ago

Hi @Edu_Chico! I saw you tried to post this a few times - apologies that our spam detector was being over-zealous. I’ve restored just one of your posts - this one!

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

It is highly probable it needs read/write access.  Having said that, the error message above is saying that the API key was not configured in the Lambda environment.

 

 

 

0 Kudos
Subscribe
In response to PhilipDAth
Edu_Chico
Here to help
2 weeks ago
2 weeks ago

Hello @PhilipDAth 

 

Regarding the Meraki configuration, it is enough to announce the same ads from both networks, configure it as a HUB and little else... or I need something additional that I am not doing in the Meraki dashboard. Documentation of the Meraki Dashboard part is very little and I don't know if there is anything else missing to configure.
thank you very much for your help

0 Kudos
Subscribe
In response to Edu_Chico
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Correct, you just need to announce the same networks from both hubs.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.