Meraki Community

Rafael_Souza · ‎Sep 20 2023

Senhores só explicando o cenário, estamos implementando Meraki em pequenos sites e inclusive já temos 2 sites utilizando Meraki, temos um vMX na AWS como concentrador e 02 MX68 já sendo utilizados em sites distintos em modo Routed como GW e etc...

Porem surgiu uma nova demanda para migrar outro site pequeno para Meraki utilizando MX68, porem queríamos antes analisar e tentar levantar algumas métricas desse site, utilização durante um período "trafego", aplicações e etc.. sendo assim eu pesquisei e vi que o Meraki tem um modo chamado "Passthrough Mode" eu dei uma pesquisada e não encontrei nenhum exemplo de configuração apenas um artigo que fala como funciona, e me parece que é algo exatamente que eu procuro. Ele trabalha como uma bridge em L2 "monitorando" ali a rede.. fica como uma ponte entre a LAN e o Router/Firewall que é o GW da rede.

Estou na duvida de como fazer isso? Nesse site que eu mencionei o GW das redes/internet seria um FW, mas como eu colocaria o MX68 no meio? Sobe 02 interface "trunk" liga o switch e o FW? e conecta um outro cabo com acesso a internet na interface WAN pro MX68 se registra na nuvem? alguém pode me dar uma luz?

Rafael_Souza · ‎Sep 27 2023

Hello darlings,

I managed to use "Passthrough Mode", I did a test here with an MX68 and 2 switches... 02 mode trunk interfaces, and it worked... the topology looked like this:

[Internet] -- [Fw-Edge] -- int trunk --> [Wan MERAKI_MX68 Lan] <-- int trunk --> [Switch2960-X] <--- [Access_port Notebook Client_Test].

I configured the trunk interfaces with 03 VLANs, I placed the Meraki in the middle between my access switch and the distribution switch and everything works. The only detail that I didn't find in any document is that you need to "set" the VLAN ID on the Meraki WAN interface, so it needs to know which VLAN of this trunk it will use to get the IP and register with the Meraki connector. After that I get a normal IP on 3 different Vlans on my access switch where my notebook is connected. Meraki worked perfectly in the middle between LAN and WAN, monitoring the network/clients. Thank you all for your help.

View solution in original post

Ryan_Miles · ‎Sep 20 2023

This thread contains a diagram of how to connect a passthrough mode MX https://community.meraki.com/t5/Security-SD-WAN/Physical-connections-for-MX-in-passthrough-mode/m-p/...

Rafael_Souza · ‎Sep 22 2023

Hello @Ryan_Miles Thanks for your reply!

I had already read this forum but I was still in doubt, because if I have a firewall as a gateway for my network... I would have to place the MX in the middle with 02 trunk interfaces? And connect an uplink with internet access to the MX's WAN interface to he is a registrar in vMX in the cloud. I'm still unsure if that's the case. I only found articles talking about the functionality of this "Passthrough" mode, but no "how to" documents or any example of implementation, much less showing what types of metrics we can collect from the network with the MX in this mode. For this reason, I have doubts about how to place it between the LAN and the Firewall, which is the GW of the network and the default route for the internet.

alemabrahao · ‎Sep 20 2023

@Rafael_Souza,

Não existe um how to mesmo, é configurar a caixa e testar. Provavelmente você já leu mas vou encaminhar dois links para você.

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Rafael_Souza · ‎Sep 22 2023

@alemabrahao Verdade não existe um "how to" e nem exemplos de implementação.. pior q nem sei como faria.. tipo coloco ele entre a lan e o FW que é o GT das redes.. tipo subo o MX com duas int trunk .. sei la.. estranho de mais.. ai pra ele se registrar no vMX conecta um link com acesso internet na interface wan? Tenho minhas duvidas.. Eu já tinha dado uma olhada nesses dois artigos.. vlw pela resposta.

alemabrahao · ‎Sep 22 2023

Opa @Rafael_Souza ,

Acho que esse documento vai ajudar você:

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Rafael_Souza · ‎Sep 27 2023

Hello darlings,

I managed to use "Passthrough Mode", I did a test here with an MX68 and 2 switches... 02 mode trunk interfaces, and it worked... the topology looked like this:

[Internet] -- [Fw-Edge] -- int trunk --> [Wan MERAKI_MX68 Lan] <-- int trunk --> [Switch2960-X] <--- [Access_port Notebook Client_Test].

I configured the trunk interfaces with 03 VLANs, I placed the Meraki in the middle between my access switch and the distribution switch and everything works. The only detail that I didn't find in any document is that you need to "set" the VLAN ID on the Meraki WAN interface, so it needs to know which VLAN of this trunk it will use to get the IP and register with the Meraki connector. After that I get a normal IP on 3 different Vlans on my access switch where my notebook is connected. Meraki worked perfectly in the middle between LAN and WAN, monitoring the network/clients. Thank you all for your help.

Meraki Community

MX68 - Passthrough Mode

MX68 - Passthrough Mode