Dear all
i heard from support that all management trafic flow of Mx appliance pass trought the WAN (internet port)
is there any way to force this type of traffic on LAN ports (going to mpls) since we have internet access via the mpls backbone
till now if i dont plug my mx device to an internet acess (adsl for exemple) on internet port i lost the management on the dashboard
if anyone have an idea on this topic it will be helpful for me
br
The only way I can think to make it work is when you run AutoVPN over MPLS and plug the MPLS into the WAN port.
https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS
Thanks Philip
so if i understand well, if we have only MPLS Access on our branch, we need to add a new ADSL link just to can monitor the MX appliances ? even if our MPLS Backbone can route us to internet ! -_- very strange for me !
You do not need a local Internet break out, such as ADSL, when you use AutoVPN over MPLS and the MPLS circuit is plugged into the WAN port.
If you have already deployed your network without doing this or using AutoVPN then a design error has been made.
this is what i have in my case
2 MX 100 goes to MPLS Network via LAN port ( Interco with Vlan) and No autoVPN
We have a similar setup where we have a cheap WAN DSL connection and a private MPLS connection that is connected to a LAN port but it technically internet capable. So we have a 0.0.0.0 route to send internet to that MPLS connection. But unfortunately, the management and diagnostic traffic like doing pings from the interface goes out the MX's primary WAN uplink. I haven't found a way around this so we have been starting to go to a model of just having two internet/WAN connections and utilizing the Meraki AutoVPN to connect back to our core. Then failovers, load balancing etc are seamless and the AutoVPN doesn't add much overhead. In many cases our MPLS connections were just converted from private to public/internet circuits so we get the same quality circuit.
Is this a case where having an explicit Management VLAN, no default VLAN, no native ports means that one merely has to route the Management VLAN out the appropriate port? Meraki always claims that their kit will always find a way I think I have even heard the illogical suggestion - automagically ?
@Uberseehandel you could achieve this in that case - but the management vlan would have to be via the WAN port.
Management VLAN via the WAN port is what I presently have, and it is seamless, but were the Management VLAN to go out a LAN port that indirectly provides internet access?
The MX sends all management traffic out the WAN port(s). There is currently no option to change this. I would follow @PhilipDAth's suggestion to use Auto VPN over MPLS.