Meraki

Community

MX Broadcast Multicast Control

FlyingFrames
Building a reputation
‎Jan 24 2019 3:39 PM
‎Jan 24 2019 3:39 PM

MX Broadcast Multicast Control

We are designing a 1000 site deployment with Z3 as the teleworker solution. There are 1000 sites with one Z3 on each site. As per the documentation, these will be L2 tunnels from MX in the datacenter. If all of them are in one VLAN, can the MX acting as tunnel concentrator, provide some broadcast multicast knobs for controlling that traffic? Or would each site be subject to broadcast from another site?

0 Kudos
7 Replies 7
NolanHerring
Kind of a big deal
‎Jan 24 2019 4:35 PM
‎Jan 24 2019 4:35 PM

I have no experience with multicast over or beyond the MX, but based on this document, multicast isn't supported over AutoVPN?

 

 

https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Multicast_support

IGMP Support on the Cisco Meraki Security Appliance

MX Security Appliances will forward IGMP traffic for a single broadcast domain. It does not forward multicast traffic upstream, between VLANs, or over a VPN.

 

 

I was under the impression that it was a new feature almost a year ago, so I'm not certain if they simply have not updated the documentation, or if you need to contact support to have them enable it (since it might be a hidden feature), which wouldn't surprise me.

 

 

Nolan Herring | nolanwifi.com
TwitterLinkedIn
BrechtSchamp
Kind of a big deal
‎Jan 25 2019 12:01 AM
‎Jan 25 2019 12:01 AM

As far as I know Site-to-site VPN tunnels on MX are always L3 tunneling. All branches will have their own subnet (and if they don't you'll need to contact Meraki support to have them enable VPN subnet translation.

 

So you don't have to worry about broadcast traffic from one branch reaching all other branches. Do you need L3 multicast?

 

Make sure you use either MX250's or MX450's  (two or more for redundancy) as Concentrator/Hub to support those 1000 tunnels. And use Spoke mode on the Z's as Mesh mode would require too many tunnels.

In response to BrechtSchamp
FlyingFrames
Building a reputation
‎Jan 25 2019 12:52 PM
‎Jan 25 2019 12:52 PM

Thanks everyone for their detailed inputs & recommendations. However, as per the following link, MR creates an L2 tunnel! 😞

 

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/MR_Teleworker_VPN

 

“A Meraki AP at a remote site establishes a layer 2 connection using an IPSec-encrypted UDP tunnel back to the corporate LAN. Tunnels are established on a per SSID basis, and terminate at headquarters on a Meraki MX security appliance. “

0 Kudos
In response to FlyingFrames
NolanHerring
Kind of a big deal
‎Jan 25 2019 12:55 PM
‎Jan 25 2019 12:55 PM

Hmm...I think your confusing two different technologies here.

The AP (MR model) doing a tunnel I do not think is the same as the Z3 (which is an MX model) doing a tunnel (which does L3).
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
In response to NolanHerring
BrechtSchamp
Kind of a big deal
‎Jan 25 2019 12:57 PM
‎Jan 25 2019 12:57 PM

I'm with Nolan. And Teleworker Z1 and Z3's also do L3.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 25 2019 12:59 PM
‎Jan 25 2019 12:59 PM

You should reach out to a Cisco Meraki partner or a Meraki SE for assistance with designing a network of that size.

0 Kudos
In response to PhilipDAth
NolanHerring
Kind of a big deal
‎Jan 25 2019 1:03 PM
‎Jan 25 2019 1:03 PM

For reference, here is an older blog post but still good to read about using the MR tunnel mode (I don't recommend).

https://cantechit.com/2016/08/04/meraki-wireless-concentrator-tips-and-tricks/

Plus, you mentioned your using Z3 so that is AutoVPN (L3).
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.