Meraki

Community

MX WAN interface static IP configuration

Jyrki_Halonen
Getting noticed
‎Mar 8 2024 5:53 AM
‎Mar 8 2024 5:53 AM

MX WAN interface static IP configuration

I have MX95 connected to MS-switch: WAN1 interface for ISP IC-network and LAN9 port for multiple internal VLANs.

ISP is connected with 2x1G LACP channel to switch and LACP is configured to 802.1Q trunk with IC-network tagged to VLAN 10.

 

Picture of connection:

Jyrki_Halonen_0-1709905642415.png

MX firewall WAN should be configured with static IP address provided by ISP.

 

My question is: should I configure VLAN 10 IP to MX under:

- Security & SD-WAN / Configure / Addressing & VLANs / Routing          or

- Security & SD-WAN / Monitor / Appliance status / Uplink / WAN1   

?

 

0 Kudos
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 8 2024 6:04 AM
‎Mar 8 2024 6:04 AM

External Connections are always configured under Uplink/WAN. Addressing and VLANs is for all internal LANs and DMZs.

About your design: I would never configure it that way. In case of a switch failure, you build a physical bypass around your firewall and bridge the Internet into your internal LAN.

This really should be implemented with dedicated WAN-switches.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
Jyrki_Halonen
Getting noticed
‎Mar 8 2024 8:30 AM
‎Mar 8 2024 8:30 AM

About the design: I do have HA FW in place connected to switch-stack but I didn,t draw it to the picture since it is irrelevant for the problem.

0 Kudos
In response to Jyrki_Halonen
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 8 2024 8:33 AM
‎Mar 8 2024 8:33 AM

It is not the HA; it's about having WAN and LAN on the same switch.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
Jyrki_Halonen
Getting noticed
‎Mar 8 2024 10:36 AM
‎Mar 8 2024 10:36 AM

Sure in ideal world everybody would HA everything, but as always it is the matter of cost and needs in small setups 

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.