Join us for a month-long contest with heaps of swag to win!Learn More ›
I have understood that for automatic address assignment in Site-to-Site VPN I have to use a template. With it each site gets its own IP addresses from a defined pool. For a hub and spoke network I need to configure the MXs as spokes. the hub site as I see it cannot be part of the template because of the selection of the type "Hub".
If I want to select an IP address for a VLAN on the hub out of a range in the template that is used in the spokes: does the dashboard track the used IP subnet so that it is never assigned to a spoke? Or do I have to assign IP addresses in a different IP address range? (reason for asking: FW rules would be easier in general if IP addresses for VLANs with the same purpose could reside in a common address range)
Solved! Go to Solution.
even though in some configuration situations I received error messages about overlapping IP subnets and I was not able to proceed I was able to configure my network in a way to have overlapping IP subnets. This was the case when I added a spoke site that used the pool of IP subnets out of the template. I do not know why the tests work when trying to add a hub site with overlapping IP addresses but not in the case where a spoke site gets an IP address out of the pool.
So I think that the best strategy is still to use non-overlapping address spaces for hub and spokes, but that was clear in the first place.
Thanks for taking the time for replying my (silly) questions.
I have done further tests and I still can generate IP address overlaps. Just to make sure that I understand the concept of overlap checking in Meraki: Are the checks made per network bound to the same template (in which I define the uniqueness) or are the checks made based on the entire organization (all networks bound to a template and the ones that are not bound to a template)?
Thanks for reading and supporting people.
The checks are done when AutoVPN is enabled (so the template should be configured to be a spoke). The subnet must be unique amongst all AutoVPN networks (or will be rejected).