I have a interesting tbc scenario in which a MX won't have anything connected to WAN1 or WAN2 or USB cellular.(until NBN is installed)
However there will be a MPLS link connected to a LAN port. The MPLS will provide site to site connectivity. The HQ which hangs off the MPLS has a proxy server and a local internet breakout.
I wish to deploy a MX in this fashion whilst leveraging the proxy server at the HQ not only for the MX management but for clients on the LAN.
This would be the mode of operation until the NBN service is installed.
Seeking some clarification that this would work. Not sure how the MX will behave if there is nothing connected to WAN1 / WAN2 or cellular.
Anyone had any exposure to this in the field?
Hello @General-Zod ,
I think MX will be online as long as cloud communication via proxy in HQ is available though both of Internet interfaces would be marked as failed until WAN services are provided.
If you create static route to the segment of proxy toward MPLS service, client can access to proxy server and internet access would be available.
Have a try and hope you can give internet access for the clients via MPLS & proxy until internet services are provided to the MX!
Was hoping someone else in the field had actually tried this already saving me being the guinea pig.
I will have to setup a lab otherwise, thought I'd try here first though.
AutoVPN is guaranteed not to work. But it doesn't sound like you need this,
We need someone to test this. Does the proxy support connections via the LAN interfaces only (as opposed to proxy via the WAN interfaces).
An option that will work is to use the MX in pass-through or transparent mode, where it operates like a layer 2 switch.
You would need to re-configure it again when you get your NBN circuit.
RE: Proxy, that is exactly what I want to confirm.
Passthrough no go, as the MX will be the MPLS router itself, so must be in routed mode. Could use WAN1 for MPLS but then it will NAT which isn't ideal for site to site traffic. Arrrrhh
When is the No-NAT feature going gold again? this would solve this issue and many others I have.
After raising a ticket I got the following:
This is not a supported design for MX devices.
MX may still be able to pass the traffic on the LAN side without any WAN or cellular connections.
However, this will be no visibility of the configuration and operation of the device and not able to modify any configurations.
Please review this documentation regarding the behavior of MX loss access to the Meraki Cloud. Thanks!
good to know!
As the 15.x release is in BETA, support will be limited and it wont fly with the customer. Glad it's functional for you though.
@General-Zod I understand your reservations as an integrator (we are lucky in that we are the customer) but I would say that we have found the opposite, in that support often push to use a beta...!
We have even been mixing 15.14,15,18 and 20 in the same SD-WAN...
Why not use firmware 15.x and enable no NAT? We use it for our 1500 user site to site SD-WAN over MPLS?
can this issue be fixed with the declartion from @cmr?
I mean, that a WAN-Interface configured with NO-NAT reaching over MPLS (central Internet-Breakout) the Meraki Cloud for the Control-Traffic, etc.?!