Looking for a layer 2 circuit, without having to buy a layer 2 circuit

JethroCrates
Here to help

Looking for a layer 2 circuit, without having to buy a layer 2 circuit

I used to work for an ISP, so I've seen this done before.

 

I have a box in location A, and a bunch of remote devices in 12 other locations that need to connect to the box in location A.

 

The remote devices need to be on the same subnet as location A.

 

I've seen this: Using Site-to-site VPN Translation - Cisco Meraki Documentation 

 

Ideally, I'd just like the subnet in location A to push DHCP through the VPN.  But I guess that isn't a thing?

 

Thanks for the answers in advance!

10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal

Theoretically it is possible to do this, I just don't know if it is a good idea. I say what if you lose communication via VPN? The network will be inoperative.
 
Why do you need to leave it on the same subnet?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
JethroCrates
Here to help

I'm trying to reduce boxes running server software.  The model is: device collects data -> connects to server on LAN -> then server sends data to cloud.  I don't want 12 boxes running this software, I just want one box.  

 

So i'd like all devices to send data to one box over VPN.

alemabrahao
Kind of a big deal
Kind of a big deal

I understand, the only advice I can give you is to think carefully about whether this will actually be a benefit or a problem?
 
In your place, I would do a POC first to validate if this really is what you want.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
cmr
Kind of a big deal
Kind of a big deal

We have that by using VPLS circuits, are they not an option for you?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
JethroCrates
Here to help

Don't think so.  We're using Starlink.

GreenMan
Meraki Employee
Meraki Employee

This won't work.   The devices at the branches may look like they're in the same subnet as each other, but they can't be in the same subnet as the host at the central site, using subnet translation;  subnet translation still involves a routing hop.

JethroCrates
Here to help

Ok, anything stopping me from using static routes and Source-based routing to get this done?

Source Based Default Routing - Cisco Meraki Documentation

Thanks

GreenMan
Meraki Employee
Meraki Employee

I don't think MX <-> MX will work with this, either way - it's always a routed tunnel.

I am wondering if you placed all the devices behind the wired port of an MR36H and used the Teleworker VPN functionality, dropping them all in the same VLAN, that might work..?   Never tried it though.  Safe to say - it was not designed for this!
https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/Port_Profiles

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/MR_Teleworker_VPN

You would need both an MX (to concentrate tunnels) and an MR (for the server) at the hub location

ww
Kind of a big deal
Kind of a big deal

Mx autovpn doesn't do layer2. 

 

Maybe if you connect all devices using client vpn setup.

 

Or build gre tunnels from your devices ( not sure what devices you run) to a vpn server you host in your server subnet

JethroCrates
Here to help

Ok, so Layer2 is out of the question.  That's fine.  These devices will connect to the server as long as there are routes setup.  So I can have the server on a different subnet, as long as it's in the same network.  Like, I think I should be able to do this through the site-to-site VPN.  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels