Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We've got 9300L's in the core do routing for all our subnets, and a pair of MX's in front of them with a transit subnet between. I've usually done unique client identifier with such a design, but only when it was MS switches. We have had intermittent...
According to the documentation, if the primary tunnel is up but the health check probe fails, it fails over to the secondary tunnel. Can the health check IP be a host inside the tunnel? That seems like the best design.
Example: subnet 10.1.1.0/24 behind the MX gets natted to 192.168.5.0/24 where the fourth octect remains unchanged in the NAT translation. The hosts on the far side of the tunnel address, for example, 192.168.5.3, and the MX translates this and sends ...
The 9300L switches don't appear to support option 15 (domain suffix) running in a DHCP pool on the switch. That is an odd thing to not support. Is there a comprehensive list of everything the 9300L's don't do? Using these seems to be a step back to t...
Do you have old firmware or old model APs? Speculating that might be a cause. Are some of these networks only running in guest mode with Meraki NAT? That would make a firewall unnecessary.
One caveat: LAN interfaces will not do DHCP relay to subnets not on the LAN. Which is fine because your DHCP server/s should usually never be anywhere else.
