Looks like MX is configured as one-armed concentrator with passthrough mode if so the answer is C. A WAN appliance operating in one-armed concentrator mode sends and receives traffic on a singular interface. This interface will always be the the first Internet or WAN port on the unit. A secondary port is not supported when deployed as a VPN concentrator. When using the MX as a one-armed VPN concentrator for VPN endpoints, be sure to not connect anything to the MX's LAN ports. If the MX is simply being used as a passthrough device, using its LAN ports will not impact its performance.
...just adding some information, I´m sure that is C, I did a mistake some time ago, a customer environment has a HUB, working as routed mode, with lan and everything connected, and I changed the operation mode to VPN CONCENTRATOR with everyhing connected, lan included... and I crashed the environment !!! so, take care if yo´re thinking to do this, and I´m sure that the answer is C
This image shows set up a high-availability concentrator
Lan port is used for VRRP, therefore should not be disconnected.
The swap button is used to change the primary and spare roles between the two MXs and is not meant to test HA failover. For a failover test, complete disconnection of the uplink to the primary MX is required.
https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair
This it is C
MX VPN Concentrator - Warm Spare Setup
Before deploying MXs as one-arm VPN concentrators, place them into Passthrough or VPN Concentrator mode on the Addressing and VLANs page. In one-armed VPN concentrator mode, the units in the pair are connected to the network "only" via their respective ‘Internet’ ports. Make sure they are NOT connected directly via their LAN ports. Each MX must be within the same IP subnet and able to communicate with each other, as well as with the Meraki dashboard. Only VPN traffic is routed to the MX, and both ingress and egress packets are sent through the same interface.
https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MX_Security_and_SD-WAN/Meraki_Auto_VPN_General_Best_Practices
Should be option E: not enough information. This is a valid concentrator configuration in routed mode. If it is one-armed, then removing the LAN connection is accurate, but there isn't enough information to determine what mode this device is configured in.
I agree with this comment, but, in best practices says that VPN Concentrator (as the question says) should be configure as One-arm, in that case, the answer should be C.
“The recommended use case for the WAN appliance in passthrough mode is when it is acting as a VPN Concentrator for the Cisco Meraki Auto VPN feature.”
https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MX_Security_and_SD-WAN/General_MX_Best_Practices
Where is "Physically disconnecting all LAN ports" the documented solution to VPN Concentrator Issues
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sattori
1 month, 2 weeks agornunes1110
1 year, 2 months agornunes1110
1 year, 1 month agoEbbie
1 year, 7 months agojfelix
1 year, 11 months agornunes1110
1 year, 2 months agotxami
1 year, 11 months agogolf4life
1 year, 12 months agoM0nkk3y
11 months, 3 weeks agotliz
2 years ago