Meraki

Community

Unique vs. Hub-and-Spoke

Solved
mat1458
Getting noticed
‎Dec 6 2018 5:52 AM
‎Dec 6 2018 5:52 AM

Unique vs. Hub-and-Spoke

I have understood that for automatic address assignment in Site-to-Site VPN I have to use a template. With it each site gets its own IP addresses from a defined pool. For a hub and spoke network I need to configure the MXs as spokes. the hub site as I see it cannot be part of the template because of the selection of the type "Hub".

 

If I want to select an IP address for a VLAN on the hub out of a range in the template that is used in the spokes: does the dashboard track the used IP subnet so that it is never assigned to a spoke? Or do I have to assign IP addresses in a different IP address range? (reason for asking: FW rules would be easier in general if IP addresses for VLANs with the same purpose could reside in a common address range)

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 6 2018 11:01 AM
‎Dec 6 2018 11:01 AM

>does the dashboard track the used IP subnet so that it is never assigned to a spoke

 

Yes.

View solution in original post

7 Replies 7
MacuserJim
A model citizen
‎Dec 6 2018 7:09 AM
‎Dec 6 2018 7:09 AM

You'll want to assign the hub an IP range outside of the subnet used for the spoke sites to avoid overlap.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 6 2018 11:01 AM
‎Dec 6 2018 11:01 AM

>does the dashboard track the used IP subnet so that it is never assigned to a spoke

 

Yes.

In response to PhilipDAth
mat1458
Getting noticed
‎Dec 10 2018 1:41 AM
‎Dec 10 2018 1:41 AM

Hi Philipp

even though in some configuration situations I received error messages about overlapping IP subnets and I was not able to proceed I was able to configure my network in a way to have overlapping IP subnets. This was the case when I added a spoke site that used the pool of IP subnets out of the template. I do not know why the tests work when trying to add a hub site with overlapping IP addresses but not in the case where a spoke site gets an IP address out of the pool.

So I think that the best strategy is still to use non-overlapping address spaces for hub and spokes, but that was clear in the first place.

Thanks for taking the time for replying my (silly) questions.

Matthias

 

Screenshot 2018-12-10 at 10.40.37.png

0 Kudos
In response to mat1458
mat1458
Getting noticed
‎Jan 22 2019 11:46 PM
‎Jan 22 2019 11:46 PM

Hi Philipp

I have done further tests and I still can generate IP address overlaps. Just to make sure that I understand the concept of overlap checking in Meraki: Are the checks made per network bound to the same template (in which I define the uniqueness) or are the checks made based on the entire organization (all networks bound to a template and the ones that are not bound to a template)?

Thanks for reading and supporting people.

Mat

0 Kudos
In response to mat1458
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 23 2019 2:07 AM
‎Jan 23 2019 2:07 AM

The checks are done when AutoVPN is enabled (so the template should be configured to be a spoke).  The subnet must be unique amongst all AutoVPN networks (or will be rejected).

In response to PhilipDAth
mat1458
Getting noticed
‎Jan 23 2019 3:38 AM
‎Jan 23 2019 3:38 AM

Thanks Philip

 

That explains everything clearly and my tests prove that you're right.

 

Cheers

Mat

In response to mat1458
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 23 2019 10:40 AM
‎Jan 23 2019 10:40 AM

Stop it, I'll get a big head.:-)

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.