Is it possible to have Dynamic routing Protocol Like BGP or OSPF peering with Cisco IOS Router through the LAN ports of an MX or Z3s in NAT mode.?
I have a client who would like to achieve the above set up for all the branches running as spokes and at the same time would like to implement seamless failover to SD WAN over internet incase MPLS is down.
So the connections to the branch will be MPLS on LAN port 3 and Internet LINK on WAN Port 1. and VPN Concentrator located in the Data Centre
But I can find a documentation on meraki saying it is possible to achieve dynamic routing through LAN ports of MX and Z3s.
Yes, but it only has a specific use-case and is quite limited.
Without VLANs configured you can announce AutoVPN learned subnets through OSPF. Thats all.
You should also look into the route-tracking that can be used on the MX. With that you can add a static route that is only active while the next-hop or a host in the destination is reachable.
@KarstenI So it is possible to to have OSPF neighborship between MX and a cisco router on LAN. I know it is possible on MS switches but not sure on MX devices
Assume you’re asking due to your proposed design of landing MPLS on a MX LAN port. While you can land MPLS on LAN that route is then primary and only upon failure will it take the internet/autovpn path.
You should consider landing the MPLS connection on a WAN port. Then you get SDWAN and autovpn over the MPLS path.
@rymiles Thanks a lot. I would propose the same.
But I would like to know if the client use case can actually work. Since the Branch MXs will be in NAT mode, is it possible to have CE-PE routing protocol being BGP or OSPF peering on the LAN Port of the MX/Z3 in NAT mode.? and have the MX/Z3 as the gateway for LAN user traffic
@wwThanks . Have seen it is possible to do OSPF when the MX is put on VPN mode.
But the client needs to have the branch MX/Z3s in NAT mode, have the gateways here for LAN traffic and at the same time route the LAN traffic to Data Centre via MPLS CE-PE routing protocol being either OSPF of BGP. is this achievable?
Yes, but not using the design you are proposing. You need to use one of the Meraki designs.
This is the simplest design offering the least SD-WAN capabilities but will achieve your ultimate goal.
A more difficult but more sophisticated design that exposes more SD-WAN capabilities is:
@PhilipDAth Thanks. Have checked on several MXs in NAT mode and have observed below.
1. On the uplink section(Internet port 1 and 2) it only has options for static assignment.
2.On the IP addressing section cant see anywhere to configure either BGP or OSPF.
So in summary this means the clients requested design is not achievable not unless we do the routing over Auto VPN?
> So in summary this means the clients requested design
Correct. They are not using a workable design for a Cisco Meraki solution. They should use a Cisco Meraki validate design instead (such as the ones I have posted a link to).
@PhilipDAth Thanks Understood. The document you have shared have also explained it pretty well. To use MPLS as primary and failover to AutoVPN will only work with static routing with MPLS link connected on the LAN port of MX.
But since static routing will mean they do some redistribution of the static routes within the MPLS network, This makes the design complicated and the better option will be Meraki Validated design.