MX Management trafic flow

Phantomix
Comes here often

MX Management trafic flow

Dear all

 

i heard from support that all management trafic flow of Mx appliance pass trought the WAN (internet port) 

 

is there any way to force this type of traffic on LAN ports (going to mpls) since we have internet access via the mpls backbone 

 

till now if i dont plug my mx device to an internet acess (adsl for exemple) on internet port i lost the management on the dashboard

 

if anyone have an idea on this topic it will be helpful for me

 

br

9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal

The only way I can think to make it work is when you run AutoVPN over MPLS and plug the MPLS into the WAN port.

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

Thanks Philip

 

so if i understand well, if we have only MPLS Access on our branch, we need to add a new ADSL link just to can monitor the MX appliances ? even if our MPLS Backbone can route us to internet !  -_- very strange for me ! 

You do not need a local Internet break out, such as ADSL, when you use AutoVPN over MPLS and the MPLS circuit is plugged into the WAN port.

 

If you have already deployed your network without doing this or using AutoVPN then a design error has been made.

 

this is what i have in my case

 

2 MX 100 goes to MPLS Network via LAN port ( Interco with Vlan) and No autoVPN 

 

 

Adam
Kind of a big deal

We have a similar setup where we have a cheap WAN DSL connection and a private MPLS connection that is connected to a LAN port but it technically internet capable.  So we have a 0.0.0.0 route to send internet to that MPLS connection.  But unfortunately, the management and diagnostic traffic like doing pings from the interface goes out the MX's primary WAN uplink.  I haven't found a way around this so we have been starting to go to a model of just having two internet/WAN connections and utilizing the Meraki AutoVPN to connect back to our core.  Then failovers, load balancing etc are seamless and the AutoVPN doesn't add much overhead.  In many cases our MPLS connections were just converted from private to public/internet circuits so we get the same quality circuit.    

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

@PhilipDAth

 

Is this a case where having an explicit Management VLAN, no default VLAN, no native ports means that one merely has to route the Management VLAN out the appropriate port? Meraki always claims that their kit will always find a way I think I have even heard the illogical suggestion - automagically ?

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

@Uberseehandel you could achieve this in that case - but the management vlan would have to be via the WAN port.

@PhilipDAth

Management VLAN via the WAN port is what I presently have, and it is seamless, but were the Management VLAN to go out a LAN port that indirectly provides internet access?

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
MRCUR
Kind of a big deal

The MX sends all management traffic out the WAN port(s). There is currently no option to change this. I would follow @PhilipDAth's suggestion to use Auto VPN over MPLS. 

MRCUR | CMNO #12
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels