Meraki

Community

MX sizing & feature specific data

Solved
iores
Here to help
4 weeks ago
4 weeks ago

MX sizing & feature specific data

Hi,

 

I was looking MX sizing principles:

 

  1. What does Maximum Device Count stand for? Is it maximum active simultaneous devices on the network OR maximum device in general (active and inactive) on the network?
  2. Does Maximum Site-to-Site VPN Tunnels count refer to AutoVPN tunnels?
  3. What does Maximum Number of Client VPN Tunnels stand for? Is it when MX is used for remote VPN?

 

Thank you!

Labels:
0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
4 weeks ago
4 weeks ago

HI,

 

1. What does Max Device Count mean?

It means the maximum number of active, concurrent client devices that are passing traffic through the MX.

This refers to devices that are actively generating traffic, not just connected or idle clients.

This includes wired and wireless clients (if the MX has Wi-Fi) that route traffic through the MX.

It does NOT refer to Meraki devices such as switches or APs, unless they are generating user data traffic themselves.

 

2. Does Max Site-to-Site VPN Tunnel Count refer to AutoVPN tunnels?

Yes, it refers to the maximum number of active site-to-site VPN tunnels, including AutoVPN tunnels and non-Meraki VPN peers.

If you are using AutoVPN in a mesh, each tunnel between MX hubs or spokes counts.

Each non-Meraki VPN peer also counts toward this limit.

 

3. What does Max Client VPN Tunnels mean?

Refers to the maximum number of active, concurrent Remote Access VPN users using the MX.
These are users who connect via VPN from their laptops, mobile phones, or remote devices using Meraki's built-in Client VPN (L2TP over IPsec) feature.
This limit does not apply to site-to-site tunnels, only to users who access the network remotely via a VPN client.

 

For more information, see the datasheet. I hope this helps you.

 

https://meraki.cisco.com/product-collateral/mx-family-datasheet/?file

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
4 weeks ago
4 weeks ago

HI,

 

1. What does Max Device Count mean?

It means the maximum number of active, concurrent client devices that are passing traffic through the MX.

This refers to devices that are actively generating traffic, not just connected or idle clients.

This includes wired and wireless clients (if the MX has Wi-Fi) that route traffic through the MX.

It does NOT refer to Meraki devices such as switches or APs, unless they are generating user data traffic themselves.

 

2. Does Max Site-to-Site VPN Tunnel Count refer to AutoVPN tunnels?

Yes, it refers to the maximum number of active site-to-site VPN tunnels, including AutoVPN tunnels and non-Meraki VPN peers.

If you are using AutoVPN in a mesh, each tunnel between MX hubs or spokes counts.

Each non-Meraki VPN peer also counts toward this limit.

 

3. What does Max Client VPN Tunnels mean?

Refers to the maximum number of active, concurrent Remote Access VPN users using the MX.
These are users who connect via VPN from their laptops, mobile phones, or remote devices using Meraki's built-in Client VPN (L2TP over IPsec) feature.
This limit does not apply to site-to-site tunnels, only to users who access the network remotely via a VPN client.

 

For more information, see the datasheet. I hope this helps you.

 

https://meraki.cisco.com/product-collateral/mx-family-datasheet/?file

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GIdenJoe
Kind of a big deal
Kind of a big deal
4 weeks ago
4 weeks ago

The reason for the active client limit is because the MX must track flows for it and report these to dashboard for traffic analytics and client view statistics.  It takes some CPU cycles for this.

While it is not a hard limit if you go above these you will find that the forwarding starts to slow down and people will start complaining about unstable network.

iores
Here to help
4 weeks ago
4 weeks ago

Have you ever tested it above recommended client count?

0 Kudos
In response to iores
jimmyt234
A model citizen
4 weeks ago
4 weeks ago

These firewalls can absolutely operate over the recommended client limit - I've seen MX67 in the 200-300 region and they are absolutely fine, where the datasheet says 50 clients. What you have to be prepared for is if you ever raise a Meraki support ticket this will be the first thing they point out - that you are "oversubscribed".

 

What is more important to consider is flow/session count, but we have no visibility of this in the dashboard (support does).

In response to jimmyt234
cmr
Kind of a big deal
Kind of a big deal
4 weeks ago
4 weeks ago

I've seen an MX64 with 1000 devices connected, but it wasn't pretty so we replaced it ASAP with a spare MX84 we had at the time...  Despite that having a 200 device recommendation as it was only for public Wi-Fi and most devices were idle or very low use, it actually worked perfectly well.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

What does Maximum Device Count stand for?

 

My understanding is that is the total number of devices - both active and inactive.  My understanding is that this is not concurrent.

 

The device still needs sufficient RAM to maintain the tracking data used for inactive devices.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.