According to the documentation like this one:
https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...
, OSPF is only available in concentrator mode.
However I have an org in our MSP list where I have a HA pair of MX-es that are in NAT mode in a datacenter but the OSPF configuration is available. The tooltip mentions that it is available for MX'es in AutoVPN that are in HUB mode.
Is it correct to assume the feature is available to use or is this some weird dashboard bug?
Solved! Go to solution.
In nat mode its available if you dont use vlans
Oh I didn't know that. Is that written in the documentation somewhere?
So if I follow the logic:
The limitation of the OSPF implementation on MX is that they don't support multiple interfaces.
Since concentrator mode only has one interface and NAT mode without VLANs basically has one inside interface.
So it's not just some weird rule that you had to use concentrator mode for OSPF.
https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets
"Note: MX devices in Routed mode only support OSPF on firmware versions 13.4+, with VLANs disabled. OSPF is otherwise supported when the MX is in passthrough mode on any available firmware version. This can be set under Security & SD-WAN > Configure > Addressing & VLANs.
Note: Please note that the MX will only advertise Meraki Auto VPN routes (including static routes shared into Auto VPN) with OSPF. The MX will need static routes configured for any other local subnets."
Hi All,
Does anyone know whether a branch NAT-Mode MX will advertise routes (to its OSPF neighbour) which originated in the data centre from a concentrator's BGP neighbour?
The documentation around this lacks detail
Update: lab tested and found that the BGP learned routes were not redistributed.
Called support; there is an NFO that can be applied to enable IBGP > OSPF redistribuiton.
Confirmed working in lab MX68 OSPF to 3750.
In this case, our branch MX is configured as a NAT Mode Hub (not spoke); it has full mesh tunnels to all the DC One-Armed concentrators, which are BGP peered to DC core router.
Cool setup there 😉