Meraki

Community

MX WAN Interface accepting multiple VLANs

KyleR-D
Here to help
Friday
Friday

MX WAN Interface accepting multiple VLANs

Hi everyone, I know I can set a VLAN ID on the WAN uplink of my MX. However is it possible to allow multiple VLANs or create sub-interfaces under the WAN uplink?

0 Kudos
9 Replies 9
Mloraditch
Kind of a big deal
Friday
Friday

No this is not possible. Depending on your use case, you could put a breakout switch in front of the MX and be able to create multiple access ports on the various VLANs that could then be used by devices, but the MX wan interfaces can not have sub-interfaces.

Can you explain more about what you are trying to do? 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
KyleR-D
Here to help
Friday
Friday

Understand, I need to pass down 3 VLANs from the ISP equipment for data, management, and VOIP to my MX. Would creating a trunk and using the trunk VLAN ID work or not?

0 Kudos
In response to KyleR-D
alemabrahao
Kind of a big deal
Friday
Friday

You can create a trunk on a switch and then select a switch port in access mode for each VLAN and logically one of these ports will be assigned to the WAN interface of the MX.

It should work without any problems.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to KyleR-D
Mloraditch
Kind of a big deal
Friday
Friday

What @alemabrahao said is right, but I'm not sure I am understanding what your ISP is providing. Kinda sounds like they are providing a managed firewall with a direct handoff for your LAN. I'd try to understand better there as I've often seen where what you want and what the ISPs sales team enters into the system are not translated properly.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
KyleR-D
Here to help
Friday
Friday

I'll get back to you on this.

0 Kudos
In response to KyleR-D
alemabrahao
Kind of a big deal
Friday
Friday

If possible, please share it here in the discussion, so we can try to help you.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Inderdeep
Kind of a big deal
Friday
Friday

You can connect the wan to a switch trunk port for example vlan x ,y on port 1.

Then port 2 you can use a port with vlan x( internet to mx).

And port 3 you can use vlan y( data to your lan?)

Cisco Awarded Blogs 2020/2021 https://www.thenetworkdna.com/
0 Kudos
In response to Inderdeep
alemabrahao
Kind of a big deal
Friday
Friday

I think this won't work for MX, because the WAN port doesn't support trunk. Correct me if I'm wrong.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to Inderdeep
KarstenI
Kind of a big deal
Kind of a big deal
yesterday
yesterday

With that approach, you build a physical bypass around your firewall. With the slightest mistake by the ISP your internal network is openly exposed to the internet. I would not do this.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.