Meraki

Community

Meraki's Hubs

Pnavarro
New here
4 hours ago
4 hours ago

Meraki's Hubs

Hola buenas tardes, vengo a pedir ayuda a esta maravillosa comunidad, estamos teniendo problemas en mi empresa donde coordinamos una cantidad de subsidiarias que están conectadas todas a través de MX cada una con su rango de IP's y VPN's, todas respondiendo a la principal la cual está conectada por Sonic Wall, el problema reside que todas los Meraki, comunican entre ellos y acaban solapándose, creando puentes innecesarios, trafico e incluso colgando puentes, los cuales tenemos que reiniciar diariamente. Hemos hecho una lluvia de ideas, la mas obvia a sido intentar cerrar los puentes entre Meraki's y conseguir que solo puedan comunicarse con Sonic Wall para poder salir a internet y si necesitan contactar con los demás Meraki, tengan que pasar si o si por Sonic Wall. No se si he sabido bien explicar el problema, espero respuesta, un saludo

Labels:
0 Kudos
12 Replies 12
alemabrahao
Kind of a big deal
Kind of a big deal
4 hours ago
4 hours ago

It wasn't very clear, but if you understand correctly, all the MXs are configured as a HUB (full mesh), right?

In that case, the expected behavior is that they all exchange routes with each other.

In your case, why don't you work with the Topology HUB and Spoke?

 

 

https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Design_and_Configure/A...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Pnavarro
New here
4 hours ago
4 hours ago

we tried out having one as hub and connecting the other 5 as spokes and created a really messy bottleneck of data really unstable

0 Kudos
In response to Pnavarro
alemabrahao
Kind of a big deal
Kind of a big deal
3 hours ago
3 hours ago

Which MX model do you have? This isn't common, and the vast majority (if not all) of my clients use the HUB and Spoke topology and it has always worked very well.

Perhaps you have a design problem.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
RWelch
Kind of a big deal
Kind of a big deal
3 hours ago
3 hours ago

If it were my project, I'd change the Meraki VPN Topology to "Hub-and-Spoke" then use non-meraki VPN peer configuration between the HUB and Sonicwall.

Meraki Hub-and-Spoke VPN Topology
MX to SonicWall Site-to-Site VPN Setup

 

You might consider adding a VPN concentrator to the HUB location if your MX seems to be undersized.  Or you could always replace the sonicwall with a MX appliance to streamline AutoVPN end to end.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
alemabrahao
Kind of a big deal
Kind of a big deal
3 hours ago
3 hours ago

From what I understand, the main MX  connects directly to the SonicWall, so I don't see the point in creating an S2S VPN between the two. In this case, it would be simpler to connect both via LAN and configure a static route.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Pnavarro
New here
3 hours ago
3 hours ago

our biggest problem is, our subsidiary companies are all around the world, idk if having it in VLAN it will work

0 Kudos
In response to Pnavarro
alemabrahao
Kind of a big deal
Kind of a big deal
3 hours ago
3 hours ago

Could you provide a simple topology of your network?

I believe that would make it easier to understand your situation and suggest what can be done.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Pnavarro
New here
3 hours ago
3 hours ago

 

I made this child'ish drawing to show, right now there's the "meraki's cloud" with all the subsidiary companies all with VPN bridges conected and overlapping IP's we want to remove those VPN bridges and only having the Sonic Wall as master firewall

0 Kudos
In response to Pnavarro
Pnavarro
New here
3 hours ago
3 hours ago

well, the image didn't upload...

0 Kudos
In response to Pnavarro
alemabrahao
Kind of a big deal
Kind of a big deal
3 hours ago
3 hours ago

But wouldn't doing that mean you lose the benefits of Auto VPN?

Or am I misunderstanding your idea?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Pnavarro
New here
3 hours ago
3 hours ago

we don't want auto VPN connection between subsidiary companies, sorry if my answers are vague or without much information, I'm the Junior IT of my company and I don't have much info of the Meraki's configuration

0 Kudos
In response to Pnavarro
alemabrahao
Kind of a big deal
Kind of a big deal
2 hours ago
2 hours ago

Don't worry, I understand you.

Excuse the question, but why did you choose Meraki if you don't want to use Auto VPN?

It's just that I personally don't see the point in concentrating all communication on the SonicWall when Auto VPN makes everything simpler.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2026 Cisco Systems, Inc.