Meraki

Community

MX450 with 5GB Internet Connection

Solved
TechB0SS
Here to help
‎Jun 30 2020 8:00 PM
‎Jun 30 2020 8:00 PM

MX450 with 5GB Internet Connection

I have a MX450, setup in HA pair, in a campus environment that is connected to a 1GB Internet connection. The MX450 is used exclusively for the student residential housing units, approximately (10) buildings with about 10,000 connected devices. In addition to using the MX450 as the security appliance and traffic shaping, the MX450 has all the VLANs, Layer 3 interfaces, and DHCP scopes configured for the residential housing units. In each residential housing unit there are (125) MS250 switches and (950) MR33 wireless access points.

 

Due to the increased number of devices on the network, the campus has decided to increase the Internet circuit to a 5GB connection. Based on the documentation that I have found, the MX450 is only capable of supporting a 4GB Internet connection with all the security features enabled, and 6GB connection with security features disabled. 

 

My question is, what is the best design or configuration to consider to implement the new 5GB Internet connection? Turning off the security features on the MX450 is not something we want to do. Can I split the traffic between the (2) MX450? It is my understanding that a MX450 can only be part of one network. If I choose to split the MX450, will I have to crate another network? Will the switches and wireless access points need to be moved to the new network? Not sure what the best path to choose...

0 Kudos
1 Accepted Solution
In response to TechB0SS
Prashant_India
Here to help
‎Jul 6 2020 9:22 AM
‎Jul 6 2020 9:22 AM

This thread may help you .

 

https://community.meraki.com/t5/Security-SD-WAN/MX450-loadbalancing/m-p/69886#M17573

 

 

View solution in original post

0 Kudos
5 Replies 5
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 2 2020 1:06 AM
‎Jul 2 2020 1:06 AM

Tough one. I guess you’ve already relayed your concerns that anything above 4Gbps is a no go as they simply wouldn’t get the throughput?

 

Quite rightly I wouldn’t turn off the security functionality either as that would expose your internal network. If you split the HA pair you’ll also require a further MX450 license as only a single one is needed in HA.

 

Are all users connecting wirelessly? Is this network connected to the main Uni campus network?  Could you turn off the firewall functionality and move this onto the AP’s?

 

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules

 

You’d get your desired throughput, don’t need to buy an additional MX license and you keep some security in place.

 

just my thought process at the moment...

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
TechB0SS
Here to help
‎Jul 6 2020 7:15 AM
‎Jul 6 2020 7:15 AM

In addition to wireless access points, I have Meraki MS250 switches for wired connections. All the wireless access points and switches are connected to the same network with the MX450 within the dashboard.

0 Kudos
Prashant_India
Here to help
‎Jul 6 2020 7:11 AM
‎Jul 6 2020 7:11 AM

So do you want to configure 5GB dual WAN links on each MX in redundancy .

0 Kudos
In response to Prashant_India
TechB0SS
Here to help
‎Jul 6 2020 7:17 AM
‎Jul 6 2020 7:17 AM

Yes.  I have a 5Gb Internet circuit that I am receiving from the ISP that needs to be connected to MX450. I need to be able to keep all the security features enabled on the MX450.

0 Kudos
In response to TechB0SS
Prashant_India
Here to help
‎Jul 6 2020 9:22 AM
‎Jul 6 2020 9:22 AM

This thread may help you .

 

https://community.meraki.com/t5/Security-SD-WAN/MX450-loadbalancing/m-p/69886#M17573

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.