Meraki

Community

About henleyjj

Re: Visio Shapes

by in Off the Stack
‎May 25 2023 9:57 PM
‎May 25 2023 9:57 PM
Still waiting on MX100-450 rear stencil. Also they're drawn incorrectly, rack ears have only 1 hole per side! ... View more

Re: Auto-VPN Hubs - Split Tunnel (Pri Hub) and Full Tunnel (Sec Hub)

by in Developers & APIs
‎Nov 23 2022 3:05 AM
‎Nov 23 2022 3:05 AM
Great, yeah I was planning on making sure the default route is advertised into SD-WAN VPN at HQ office location. ... View more

Re: 3,000 group policies - Dashboard performance?

by in Security & SD-WAN
‎Nov 22 2022 11:14 PM
‎Nov 22 2022 11:14 PM
Not in particular for group policies on MXs appliances but have implemented similar number L3 rules for two different model of MRs APs. I was told dashboard has a limit of 5000 entries in the GUI for html parsing reasons, so shouldn't be an issue viewing via Dashboard. I'd be more concerned about the possibility of device hitting a wall depending on what you're configuring in each group policy and beefiness of MX model being used, especially if you have AMP and IDP turned on as well. ... View more

Re: Auto-VPN Hubs - Split Tunnel (Pri Hub) and Full Tunnel (Sec Hub)

by in Developers & APIs
‎Nov 22 2022 6:14 PM
‎Nov 22 2022 6:14 PM
Ok understood, I got mixed up with terminology.  To clarify with proposed hub priority - Site-to-Site VPN settings for spokes on dashboard will look like this   1. DC-Hub (no default route selected) 2. HQ-Hub (default route selected)   I understand difference between split tunnel and full tunnel, however given what's written in doco regarding behavior when default route is selected and also explicit 0.0.0.0/0 route is configured on HQ-Hub. My interpretation is that public traffic from spokes will route through via HQ-Hub despite DC-Hub being higher in priority.   -------------------------------------------------------------------------------------------------------------------------------------------- Default Route When configuring Hubs for a Spoke, there is an option to select a hub as being a Default route. If this option is selected, then that hub will be configured as a default route for the Spoke (0.0.0.0/0). Any traffic that is not sent to a configured VPN peer network, static route or local network will be sent to the default route. Multiple hubs can be selected as default routes. Hubs marked as default routes take priority in descending order (first priority at the top).   https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings ... View more

Auto-VPN Hubs - Split Tunnel (Pri Hub) and Full Tunnel (Sec Hub)

by in Developers & APIs
‎Nov 22 2022 5:27 PM
‎Nov 22 2022 5:27 PM
Hello all, I have a hub-to-spoke design that I need to implement for a client where which is somewhat straightforward, however I've never done this design before so would appreciate if anyone could validate. The client has a requirement to tunnel all publicly destined traffic through their existing internet perimeter firewalls which has IPsec VPN tunnels to a cloud on-ramp web security service. Therefore my logic is to configure hub as the following priority & settings: Primary MX hub will be implemented in Split Tunnel mode (greenfield DC CoLo environment) Secondary MX Hub will be implemented in Full Tunnel mode with "Default Route" option selected (existing HQ Office, also regarded as customers existing DC environment). Secondary MX hub will also need to be in routed mode. Would this configuration work, so spokes for e.g would transit 10.x.x.x/8 networks via primary hub? And any network traffic destined to public addresses would transit via secondary hub, since the default route option is selected and static routes downstream to core switches/firewall are explicitly configured on secondary hub? I've based this logic as per documented (from Site-to-Site VPN doco) behavior when Default Route option is selected    Also done up a quick high-level diagram for further detail of proposed setup.       ... View more

Re: Unnecessary uplinks from switch stack to MX68-HA?

by in Security & SD-WAN
‎Oct 28 2021 12:21 AM
2 Kudos
‎Oct 28 2021 12:21 AM
2 Kudos
Thanks all. We decided to leave it as is. Yep we'll definitely be not dropping untagged frames. ... View more

Unnecessary uplinks from switch stack to MX68-HA?

by in Security & SD-WAN
‎Oct 27 2021 2:05 AM
‎Oct 27 2021 2:05 AM
Hi, I have a design question.  We're planning on deploying 2 x MS210-24P (stacked) with 4 x uplinks to MX68-HA pair (see diagram below). However, I thought the number of uplinks maybe that would be unnecessary since the switches are stacked. And would be better off with 1 uplink from each stack member to each MX68? What do you guys think?       ... View more

Re: Meraki Tools for Google Sheets add-on

by in Developers & APIs
‎Jul 13 2021 1:35 AM
1 Kudo
‎Jul 13 2021 1:35 AM
1 Kudo
Hi, the link to G sheets add-on 404'ed for me. I think link is dead? Can you please repost?   ... View more

MX250 - convert copper LAN port to WAN port?

by in Security & SD-WAN
‎May 26 2019 8:07 PM
‎May 26 2019 8:07 PM
Hi All, I have a question which might be pretty basic but I'm unsure of.... We have purchased a MX250 without any SFP+ modules for WAN connectivity for a customer. Therefore I was wondering if it's possible to convert one of the copper ports to a WAN port? I know this is possible on MX64 but again I'm unsure of MX250.     ... View more
© 2025 Cisco Systems, Inc.