MX100 & Multiple WAN IP's?

Solved
wfurgason
Conversationalist

MX100 & Multiple WAN IP's?

I am trying to find out if it is possible to configure the MX100 to have multiple WAN IP's on its internet Interface.  I'd like to map each VLAN to its own WAN IP so that I can have different DNS filter policies per VLAN.

 

WAN IP: 222.22.2.20 => VLAN network 192.168.22.0/24

2WAN IP:111.11.1.10 => VLAN network 192.168.11.0/24

 

Can this be done on an MX100 (only one internet uplink port)

 

Maybe using a 1:Many NAT configuration?

1 Accepted Solution
Raj66
Meraki Employee
Meraki Employee

The MX100 comes with an Internet port and a dual purpose port (port 2 can be used as an Internet port or a LAN port; This setting needs to be changed from the local status page under the configure tab).

 

So, one way I can see you achieve this is by applying those two IPs to two uplinks respectively and then configure flow preference so that VLAN 2 will use WAN IP 2 while VLAN 1 will follow the default WAN IP 1

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

 

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it

View solution in original post

4 Replies 4
Raj66
Meraki Employee
Meraki Employee

The MX100 comes with an Internet port and a dual purpose port (port 2 can be used as an Internet port or a LAN port; This setting needs to be changed from the local status page under the configure tab).

 

So, one way I can see you achieve this is by applying those two IPs to two uplinks respectively and then configure flow preference so that VLAN 2 will use WAN IP 2 while VLAN 1 will follow the default WAN IP 1

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

 

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it
PhilipDAth
Kind of a big deal
Kind of a big deal

>I'd like to map each VLAN to its own WAN IP

 

On the whole no.  The only special exception is what @Raj66 has mentioned, which would let you configure a second WAN port and an IP address on that and use flow preferences to direct specific VLANs out specific WAN ports.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

 

But on the whole, unless you only have two WAN IP addresses, this wont be a solution.

whistleblower
Building a reputation

so it`s not possible to use a public IP-address (- which is not configured as a WAN-IP) for local-LAN -> Internet PAT as a whole?!

cmr
Kind of a big deal
Kind of a big deal

@whistleblowerthat is correct, you can only do 1:1 mapping, no PAT other than the interface IP

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels