MX and Umbrella Integration when L3 subnets are on the core and not the MX

Aousien
Here to help

MX and Umbrella Integration when L3 subnets are on the core and not the MX

Hi Folks, 

 

I am doing integration between Meraki MX and Umbrella, I don't have the VLANs/Subnets configured the MX, the subnets are configured on a core switch, and the MX has static routes to those subnets, the question is , How can I apply a group Policy with Umbrella to all traffic passing through the MX, if the subnets were on the MX it's easy, but not sure how to do it when the subnets are on the core and not the MX. thanks in advance.

5 REPLIES 5
georgebuzz01
New here

Can you eloborate your question as i didn't get you that what you want to have with MX after configured subnets with Umbrella. Do you wanna know that how you can attach these at once? Let me know             my-estub

 

Regards              my coles

George Buzz

Thank you, George, 

 

So I have LAN Subnets and SVIs configured on the core switch and not on the MX, how can I apply the group policy that has umbrella to those VLANs ? or do I have to move the L3 interface of the subnets to be on the MX to be able to use Umbrella?  

the network is something like below.

 

==Core with VLANs SVIs === /30 P2P link === MX ==== Internet

Bruce
Kind of a big deal

If you can live with a 'one size fits all' policy then you apply the policy to the P2P link subnet on the MX. If you want to go more granular (i.e. different policy per VLAN/SVI on the core switch) then you'll need to move those SVIs onto the MX.

 

EDIT: If you're using Umbrella then why not do this with the Umbrella VA?

Hi Brunce, thank you for the reply when I applied the group policy to the P2P link on the MX it did NOT affect the actual subnets, I think by doing that it will only apply if the source IP is from the P2P link which is not.

Bruce
Kind of a big deal

So long as you want to apply the Group Policy to all the subnets that are on the core switch then you should just be able to apply the Group Policy to the subnet that is between the MX and the core switch - that ends up being a one size fits all though. If you need more flexibility then you can apply Group Policy on MR (if you have Meraki wireless). 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels