Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About MerakiLife
MerakiLife
Comes here often
Member since Jun 7, 2022
2 weeks ago
Community Record
8
Posts
0
Kudos
0
Solutions
Badges
2 weeks ago
No we don't use concentrator mode and never have - we just used basic HUB mesh. I'm not sure I even understand the concentrator concept. Our network is quite simple - we have an MX 100 at each site and MS core switches. ALL sites were in a mesh topology but now I've removed them to hub spoke for branches but need to remove VPN connectivity between HQ and DC as we have P2P link.
... View more
2 weeks ago
I've changed our two branch office to Spoke only connecting to 2 exit hubs (DC and HQ) so this went well and I was thinking of just deleting the VPN between HQ and DC and essentially making all sites spokes and then putting the p2p circuit on a trunk VLAN on the core switch either end and switching/trunking traffic just like we do to a distribution switch. VLAN10 is the native VLAN and all VLANS are allowed. Essentially the L2/p2p link is basically just an ethernet cable.
... View more
2 weeks ago
Hi, We have a 4 site full Mesh. HQ - UK (server access) Data Center -UK (server access) Branch office Paris (no servers just clients) Branch office London (no servers just clients) All 4 are in a 4 site auto-VPN mesh. However we now have a Layer 2/Lan extension/p2p link between our data center and HQ so I want to remove the VPN participation of the Server VLAN (15) and route (well switch) traffic over that p2p link. The problem i'm guessing will happen is that if I remove the server VLAN from going over the VPN then our Paris and London branches will lose access to them. Is there anyway to just remove the VPN participation between HQ and DC and leave it in for the other sites? We are trying to stretch the Server VLAN 15 across HQ/DC via the p2p link for DR mainly but what i've found is if it is still participating over the VPN aswell you essentially have a loop and things stop working. Any idea? I think I also need to go from full mesh to a 2 site mesh (HQ/DC) and a Spoke London/Paris. Is that correct ? Cheers
... View more
04-26-2023
02:02 AM
Hi All, Just after some basic best practise and to see what everyone is doing out there. Switches and AP's....Do you..... Assign all devices with a static IP? Use Google DNS for each device? Or Use DHCP for each device with DNS registration locally so you can see your device MAC and name in DNS? or do you do a hybrid approach.... AP's on DHCP but switches on static? Does anyone use IP address reservations for devices (Based on MAC addresses)? Perhaps use 1 google address and one local for DNS? We've also have Umbrella UVA's so should we use them? OR doesn't it really matter?
... View more
04-17-2023
04:21 AM
Thanks - our GW for clients and servers is on the core switches at each site with a 0.0.0.0 route to the MX's for internet bound traffic. Logically I can see how and why we could move the solitary switch in our DC to the HQ but it scares me doing that. Never used the concentrator mode and not sure i fully understand it. We did use Meraki client VPN but now we use Cisco Anyconnect to an FTD NAT'd behind the MX's (which isn't the best setup).
... View more
04-17-2023
04:17 AM
Thanks Phillip, That's an interesting point about the dual circuits - we had an option for this but declined due to not properly thinking fully about it and cost. What I'm getting a little confused on is that we have things like Cisco ISE, DUO proxy's, Anyconnect FTD's at both sites in a failover capacity so if we stretch VLANs and trunks across both site are we going to end with routing issues? Without thinking fully about the cross site HA pairs and all that clever stuff, the real reason was to take backup and replication traffic out of the auto VPN and just shunt that stuff down the LAN Extn. It's typical though - now we have it it has opened up a whole can of worms as to what we can do. All our Switches are MS350's so fully routing switches and the LAN extension terminates into a port on each of the routing/gateway/core switches. I'm almost tempted to say i'm not worried about the MX's for now I just want to be able to move a VM from site A to B with the same IP address. I'd then like to move backup/rep traffic using Veeam over the LAN extn.
... View more
04-14-2023
06:53 AM
We are Meraki Full stack - MX, MS, MR, MV etc We have a HQ site with a production virtual server infrastructure. (Dell VXRail) We have an identical DR site in a data centre 30 miles away. We have a leased line and backup line at each site and a WARM spare HA pair of MX's We've got Auto VPN connecting all sites. We tried the NAt translation for DR and re-ip'ing etc and never really got it working for a few VM's that HAD to retain their IP address. So we bit the bullet and actually got a cheap Layer2 p2p QinQ link between HQ and our DC. Question now is how Meraki handles the layer 2 do we join all the meraki hardware in the DC to the HQ network in Meraki or do we trunk/route certain VLANs across the link or do we stretch the VLANs? Basically we want server A 10.10.10.1 to move from HQ to DR and stay on 10.10.10.1 (forget the gateway for now) At present the 10.10.10.x subnet at HQ is called VLAN10 'server vlan' In our DR site we also have a server VLAN but it's VLAN 20 and is on 10.10.20.x/24 I know that a layer 2 link is essentially no different now from the other distribution/Edge switches in HQ that hang off our core switches. e.g our Finance switch is connected with fibre in the to core switch in HQ and this is 100m away....in theory the DR switch and infrastructure is technically now just the same but is 30 miles away...? Normally everything between sites ran over the auto VPN for inter site traffic i.e backups, replication etc etc What's the best way to get this running over the Layer2 p2p link now and not over the auto VPN?
... View more
07-20-2022
06:16 AM
Hi All, After a few tips for the next stages of our Meraki Journey and WAN topology. We started as a 200 user org with a Meraki Full Stack (MX, MS, MR, MV, MDM) We are now at 500 users and the MX100 is squeeling and hitting 100% utilization on CPU frequently! We have 3 sites, MX100 (HA pair) at HQ with Production virtual servers MX84 at DataCentre (DR/failover site) MX84 at remote branch (no servers just users) All 3 sites are connected via Auto VPN. This has served us well for 3 years. We used to use the MX100 as a client VPN server and then played with Meraki Anyconnect but had no luck so we were sold 2 vFTD (Virtual Cisco Firepowers) to do the Anyconnect piece in a more reliable manner than Meraki. The MX's now NAT VPN traffic to vFTD's. I'm looking to re-design this all as I think we need bigger hardware and more bandwidth. - Do I get a p2p (LAN extension between the HQ and DC) and leave the MX for Internet and VPN only - this will make DR better as no-re-ip'ing of VMs) - Do I get a MX 250 or 105 and add second leased line - Do i use the virtual firepowers and retire the MX's as let's face it the MX isn't the best Meraki product - DO I get a rebate on the vFTD's and buy a physical FTD appliance? - Do I do something completely different? - Ideally I'd also like the anyconnect VPN to flip between sites if a heart beat is lost or we have an outage - i've been looking at cloudflare for DNS failover. Anyone have any better solutions/ideas?
... View more
