Meraki Community

Jyrki_Halonen · ‎Mar 8 2024

I have MX95 connected to MS-switch: WAN1 interface for ISP IC-network and LAN9 port for multiple internal VLANs.

ISP is connected with 2x1G LACP channel to switch and LACP is configured to 802.1Q trunk with IC-network tagged to VLAN 10.

Picture of connection:

MX firewall WAN should be configured with static IP address provided by ISP.

My question is: should I configure VLAN 10 IP to MX under:

- Security & SD-WAN / Configure / Addressing & VLANs / Routing or

- Security & SD-WAN / Monitor / Appliance status / Uplink / WAN1

?

KarstenI · ‎Mar 8 2024

External Connections are always configured under Uplink/WAN. Addressing and VLANs is for all internal LANs and DMZs.

About your design: I would never configure it that way. In case of a switch failure, you build a physical bypass around your firewall and bridge the Internet into your internal LAN.

This really should be implemented with dedicated WAN-switches.

Jyrki_Halonen · ‎Mar 8 2024

About the design: I do have HA FW in place connected to switch-stack but I didn,t draw it to the picture since it is irrelevant for the problem.

KarstenI · ‎Mar 8 2024

It is not the HA; it's about having WAN and LAN on the same switch.

Jyrki_Halonen · ‎Mar 8 2024

Sure in ideal world everybody would HA everything, but as always it is the matter of cost and needs in small setups

Meraki Community

MX WAN interface static IP configuration

MX WAN interface static IP configuration