Meraki

Community

MW SD-WAN with DIA and Evpl

Rich_Messinger
Conversationalist
Wednesday
Wednesday

MW SD-WAN with DIA and Evpl

I have a possible design for a customer that wants to use the MX for creating an SD-WAN environment between their 6 sites.

they have a DIA circuit at each site and a private EVPL ELAN that connect the six sites in what looks like a non-broadcast LAN (currently on a Cisco Router).

Connecting the MX to the DIA is simple.

Can I connect WAN2 to the EVPL network to create the SD-WAN?

 

There was some threads from back in 2021 that said not easily but a lot might have changed.u

 

If someone can point be to some documentation that says one way or the other, I would appreciate it.

 

thank you

Labels:
0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
Thursday
Thursday

The MX expects WAN interfaces to have Internet connectivity for AutoVPN and SD-WAN features to work. If your EVPL circuit is a pure Layer 2 service without Internet access, you cannot use it as a standard WAN uplink unless you provide a default gateway and IP addressing on that link.

 

https://documentation.meraki.com/MX/Design_and_Configure/Deployment_Guides/MPLS_Failover_to_Meraki_A...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Rich_Messinger
Conversationalist
Thursday
Thursday

I have been reading more documentation and I am wondering if the following scenario might work.

On the MX have a WAN link to the Internet and then one of the LAN interfaces connected to the ELAN and create an iBGP mesh to the other MXs.  Then with routing preferences prefer the ELAN over the WAN?

0 Kudos
In response to Rich_Messinger
alemabrahao
Kind of a big deal
Kind of a big deal
Thursday
Thursday

You can connect the EVPL/ELAN to a LAN port on the MX and run iBGP between MX appliances across that private network.

 

Meraki MX supports iBGP only in VPN Concentrator mode (typically at the hub site), not in routed/NAT mode.

 

https://documentation.meraki.com/MX/Design_and_Configure/Configuration_Guides/Networks_and_Routing/B...

 

Meraki does not allow granular routing policies like Cisco IOS, it uses VPN route metrics and static routes with administrative distance.

If you want to prioritize the EVPL for site-to-site traffic, you can try creating AutoVPN tunnels over the EVPL (LAN interface) and the DIA (WAN1) and use VPN traffic control to prioritize the EVPL for internal subnets.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to Rich_Messinger
GIdenJoe
Kind of a big deal
Kind of a big deal
Friday
Friday

The design where you have SD-WAN via 1 interface and then use a private WAN solution and route via a LAN port of the MX will work but without SD-WAN features.

This means the MX will always route over the LAN port unless that route is no longer available.
So you can have a ping probe from the MX that will keep the static route alive.
So yes you will having routing via the E-LAN but you want be able to route based on latency, jitter, loss as you would if you would have if you connect the E-LAN to the WAN2 port.  So if you can have one E-LAN terminate at a location with a router to the internet to have your VPN registry connection then you could do a true SD-WAN.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.