Meraki recently sent me a MX64 Security Appliance, after watching one of their webinars, so I thought I’d rejig my home setup and try it out. The cool thing is that the MX64 comes with a 3 year Advanced Security license, which includes a few extra features such as Content Filtering.
The MX64 supports PPPoE on it’s WAN interface but it does not have a built in modem. To get around this you need a modem to place in-front of the MX which you can put into ‘bridge mode’. I considered a Vigor 130 but in the end settled for a cheaper Netgear DM200. Both of these support VDSL and will work with BT Infinity.
Meraki have plenty of documentation on configuring the MX, so I’ll only include the bits which are BT Infinity specific. Below is a screenshot from the configuration page of the MX64 (you can only configure these settings locally, not the Meraki Dashboard). The username and password aren’t important, I used ‘firstname.lastname@example.org’ and ‘bt’.
The Netgear DM200 is even easier to set up, navigate to ‘Device Mode’, under ‘Advanced > Advanced Setup’, and change the ‘Device Mode’ to ‘Modem (Modem only)’.
Your basic Internet functionality should now be restored. The fun started when I noticed PSN failing to sign-in and apps failing to open on a Sony TV, while everything on Windows and Mac laptops was working fine. This seemingly random behavior led me to believe it was an MTU issue on the WAN interface and a few short minutes later I discovered that on the MX you cannot modify this value yourself, but have to log a case with Meraki support. Once I found the optimal MTU value (see here), I logged a case with Meraki support and they made the change within a few minutes. I’ve got to say that Meraki support is pretty slick and I was pleasantly surprised no one asked me to restart any devices.
A few things to keep in mind regarding the MX.
- You cannot set custom DNS servers on the WAN interface if using dynamic IP assignment from your ISP.
- MTU value on the WAN interface has to be changed by Meraki support.
- I was expecting a better packet capture interface (like what you get with the ASA ASDM), as the one on the Meraki Dashboard is very basic.
- No SSL VPN support is a bit disappointing.