Meraki

Community

Simple question - AutoVPN with /30

Solved
JAlmeida
Here to help
Monday
Monday

Simple question - AutoVPN with /30

Dear All,
According to the topology, I have questions about how an AutoVPN works when I only need to propagate a /30 between endpoint A and endpoint B.
 
Endpoint A is my DC, and endpoint B is my branch office.
I need to broadcast a /30 to several branches because only one machine needs to have connectivity to my network.
 
How would this broadcasting work in Meraki with AutoVPN?
DC:
1st - Addressing & VLANs
Routed Mode
Single LAN - I would need to change the default address on the DC from 192.168.128.1/24 to my real network 192.16.168.1/30
Enable
 
Branch:
Is there any configuration, or should I just check if the prefix is ​​already being broadcast? In this case, should I just connect the PC to the Meraki port with the address 192.16.168.2 and it will work, or is there some configuration that needs to be done?
 
I have 30 other branches, and all of them will have this /30. Will it be the same for everyone?
Will the distribution only occur at the DC, or do I need to configure something at the branches?
 
It seems like a silly question, but since the client won't be using NAT or routing (it will be on the Fortinet), I'm left with these questions.

 

JAlmeida_0-1759164480791.png

 

Labels:
0 Kudos
1 Accepted Solution
In response to JAlmeida
alemabrahao
Kind of a big deal
Kind of a big deal
Monday
Monday

In your case, I understand that it is scenario 5 of the documentation, then Spokes will learn via ibgp within auto VPN.

 

https://documentation.meraki.com/MX/Networks_and_Routing/Border_Gateway_Protocol_%28BGP%29#Scenario_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
Monday
Monday

Will you be working with a hub and spoke topology?

If so, I believe the hub will be located in the main DC, correct?

The hub needs to have an interface directly connected to this network or a route. Once this is done, activate this /30 network in the auto VPN and set the hub to the spokes. This way, they will receive the route automatically.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshoo...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
JAlmeida
Here to help
Monday
Monday

Perfect, thanks for the feedback.
Yes! My topology is Hub x Spoke.
But in this case, I believe the internet connection will be local, and we won't be enabling the "default route" to be the Hub. I heard this from support; it makes sense, right?
 
Regarding this configuration, "Once this is done, activate this /30 network in the auto VPN and set the hub to the spokes," that would indeed be the step, right? 1st - Addressing & VLANs
Routed Mode
Single LAN - I would need to change the default address on the DC from 192.168.128.1/24 to my real network 192.16.168.1/30 (Enable)
 
I reviewed the documentation again and it was clear that the announcement will only occur on the HUB (DC).
 
I thought I would have to enable some network on the Branch side.
 
If that's all, thank you very much.
0 Kudos
In response to JAlmeida
alemabrahao
Kind of a big deal
Kind of a big deal
Monday
Monday

"But in this case, I believe the internet connection will be local, and we won't be enabling the "default route" to be the Hub. I heard this from support; it makes sense, right?"

 

Yes that is right.

 

"Regarding this configuration, "Once this is done, activate this /30 network in the auto VPN and set the hub to the spokes," that would indeed be the step, right? 1st - Addressing & VLANs
Routed Mode
Single LAN - I would need to change the default address on the DC from 192.168.128.1/24 to my real network 192.16.168.1/30 (Enable)"

 

Yes this should work.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
JAlmeida
Here to help
Monday
Monday

Thank you again!
 
If that's all, thank you very much.
Wow, that really cleared up my doubts.
 
Question 2 - Routing (if possible)
In this case, if a routing protocol is necessary, such as BGP,
it will only be enabled on the HUB, right?
Depending on the client's routing, this would be the configuration: only on the HUB/DC, but pointing to the neighbor (client's switch or router).
0 Kudos
In response to JAlmeida
alemabrahao
Kind of a big deal
Kind of a big deal
Monday
Monday

In your case, I understand that it is scenario 5 of the documentation, then Spokes will learn via ibgp within auto VPN.

 

https://documentation.meraki.com/MX/Networks_and_Routing/Border_Gateway_Protocol_%28BGP%29#Scenario_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to JAlmeida
ww
Kind of a big deal
Kind of a big deal
Monday
Monday

This route can only be used by branche/spokes that have the vlan/subnet enabled for vpn. Also note that when you enable this for.more branches all those subnets van communicate  with eachother.  You could use the vpn firewall to retrict this traffic if needed

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.