MX LAN interfaces, VLANs, and management traffic

Solved
Kristof
Here to help

MX LAN interfaces, VLANs, and management traffic

Hi,

 

We're considering deploying few Meraki MX appliances for our new project, but I need few questions answered to make sure we can use Meraki for our setup.

 

  1. I understand that we can't create layer 3 interfaces on the MX and assign IP addresses to them, except WAN interfaces. Therefore, the only way to create a DMZ or another network is by using VLANs.
    So, we just need to create VLANs on MX and MX will take care of inter VLAN routing? Are VLANs assigned to LAN interfaces on the MX?
    What is the best approach: connect all servers and devices to switches and create trunks between switches and MX or is it better to connect different networks directly to the MX?
  2. We can't have all MX appliances connected to the Internet so I'm worried about management traffic. Can we assign a private IP to the MX for management and use another MX for Internet connectivity?

For example, let’s assume we have 2x MX65: MX1 and MX2.

Both can talk to each other over LAN. MX1 doesn’t have Internet connectivity but MX2 has.
To make it work, we would:

  • Add VLAN10 with MX IP of 192.168.0.1 to MX2.
  • MX1 IP: 192.168.0.10, default GW: 192.168.0.1, but WAN IP is different, say 10.0.0.1
  • Allow VLAN10 to talk to Meraki cloud via MX2

Will this work?

 

I hope all this makes sense.

 

Thanks

1 Accepted Solution
BrechtSchamp
Kind of a big deal

  1.  Have you seen this: 
    https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Creating_a_DMZ_with_the_MX_Security...
    Yes, the MX can do inter-VLAN routing between the VLANs.
    Basically both your ideas are possible.
  2. Yes you can do that.

To give you an idea, this is what the MX's Security & SD-WAN > Adressing & VLANs page looks like:

MX-vlan-and-addressing.PNG

 

So yes, you can assign VLANs to interfaces, by setting them to access. Or you can define trunks, with all or selected VLANs on them.

View solution in original post

3 Replies 3
BrechtSchamp
Kind of a big deal

  1.  Have you seen this: 
    https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Creating_a_DMZ_with_the_MX_Security...
    Yes, the MX can do inter-VLAN routing between the VLANs.
    Basically both your ideas are possible.
  2. Yes you can do that.

To give you an idea, this is what the MX's Security & SD-WAN > Adressing & VLANs page looks like:

MX-vlan-and-addressing.PNG

 

So yes, you can assign VLANs to interfaces, by setting them to access. Or you can define trunks, with all or selected VLANs on them.

Kristof
Here to help

Thanks for confirming @BrechtSchamp !

BrechtSchamp
Kind of a big deal

You're welcome :).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels