Skip to main content

 

Cisco Meraki Documentation

MX67/MX68 Installation Guide

This document describes how to install and set up the MX67 and MX68 security appliance. Additional reference documents are available online at: www.meraki.com/library/products.

MX67/MX68 Overview

The Meraki MX67 and MX68 are enterprise security appliances designed for distributed deployments that require remote administration. It is ideal for network administrators who demand both ease of deployment and a state-of-the-art feature set. A full overview of the appliances' features can be found in the MX67 and MX68 Overview and Specifications.

Package Contents

In addition to the MX device, the following are provided:

MX67/MX68 MX67W/MX68W
Power Adapter (No Power Cable) Power Adapter (No Power Cable)
2x CAT5e Ethernet Cables 2x CAT5e Ethernet Cables
  2x WiFi Antennae
   
MX67C MX68CW
Power Adapter (No Power Cable) Power Adapter (No Power Cable)
2x CAT5e Ethernet Cables 2x CAT5e Ethernet Cables
2x LTE Antennae 2x Attached (Non-Removeable) Hybrid WiFi+LTE Antennae

Front Panels

MX67/67C/67W

 

MX67 C W front panel illustration.png

 

MX68/68W/68CW

 

MX68 C W front panel illustration.png

 

Status Indicator

The MX67/MX68 series devices uses an LED to inform the user of the device's status. LED patterns and their meanings are described below.

LED Status

Meaning

Solid orange

Power is applied but the appliance is not connected to the Meraki Dashboard

Rainbow Colors The appliance is attempting to connect to Meraki Dashboard

Flashing White

Firmware upgrade in progress

Solid White

Fully operational/connected, uplink actively using wired WAN
Solid Purple Fully operational/connected, uplink actively using integrated cellular failover

Back Panels

MX67

 

MX67 rear panel illustration

 

MX67C

 

MX67C rear panel illustration

 

MX67W

 

MX67W rear panel illustration

 

MX67/MX67W/MX67C Back Panel Functions

Additional functions on the back panel are described below, from left to right.

SIM Card Slot (MX67C) Active, supported SIM cards can be inserted into this slot to enable cellular capabilities.

USB port

USB 3.0 for external 3G/4G wireless modems. Traffic status is indicated by the USB LED.

WAN / Internet port This port provides connectivity to the WAN.
LAN ports

These 4 ports provide connectivity to computers, printers, access points, or Ethernet switches.

A steady green LED indicates bidirectional connectivity, and flashing green indicates traffic.

The LAN2 port can either be a LAN port or a second Internet port.

Power input Designed for use only with the unit’s power supply.

Reset button

Insert a paper clip if a reset is required.

Press for 1 second to delete a downloaded configuration and reboot.
Press and hold for more than 10 seconds to force a full factory reset.

MX68

 

MX68 rear panel illustration

 

MX68W

 

MX68W rear panel illustration

 

MX68CW

 

MX68CW rear panel illustration

 

 

MX68/MX68W/MX68CW  Back Panel Functions

Additional functions on the back panel are described below, from left to right.

WAN / Internet ports These two ports provide connectivity to the WAN.
LAN ports

These 8 ports provide connectivity to computers, printers, access points, or Ethernet switches.

A steady green LED indicates bidirectional connectivity, and flashing green indicates traffic.

PoE+ Ports

These 2 LAN ports provide connectivity to computers, printers, access points, or Ethernet switches.

Each port outputs up to 30W of PoE power.

A steady green LED indicates bidirectional connectivity, and flashing green indicates traffic.

Power input Designed for use only with the unit’s power supply.

Reset button

Insert a paper clip if a reset is required.

Press for 1 second to delete a downloaded configuration and reboot.
Press and hold for more than 10 seconds to force a full factory reset.

Side Panels

MX68

 

MX68 side panel illustration

 

MX68W

 

MX68W side panel illustration

 

MX68CW

 

MX68CW side panel illustration

 

 

MX68/MX68W/MX68CW Side Panel Functions

Additional functions on the side panel are described below, from left to right.

SIM Card Slot (MX68CW) Active, supported SIM cards can be inserted into this slot to enable cellular capabilities.

USB port

USB 2.0 for 3G/4G wireless cards. Traffic status is indicated by the USB LED.

Bottom Panel

 

MX67/C/W and MX68/C/W bottom panel illustration

 

Please note that the serial number is located on the product label at the bottom panel of MX67/MX68 devices

Pre-install Preparation 

You should complete the following steps before going on-site to perform an installation.

Configure your Dashboard Network 

The following is a brief overview only of the steps required to add an MX to your network. For detailed instructions about creating, configuring and managing Meraki networks, refer to the online documentation (documentation.meraki.com).

  1. Login to http://dashboard.meraki.com. If this is your first time, create a new account.
  2. Find the network to which you plan to add your MX or create a new network.
  3. Add your MX to your network. You will need your Meraki order number (found on your invoice) or the serial number of each MX, which looks like Qxxx-xxxx-xxxx, and is found on the bottom of the unit. You will also need your Enterprise license key, which you should have received via email.
  4. Go to the map / floor plan view and place each MX on the map by clicking and dragging it to the location where you plan to mount it.

Check and Set Firmware 

To ensure your MX performs optimally immediately following installation, it is recommended that you facilitate a firmware upgrade prior to mounting your MX.

  1. Attach your MX to power and a wired Internet connection.
  2. The MX will turn on and the power LED will glow solid orange. 
  3. If the unit requires an upgrade, the power LED will begin blinking white until the upgrade is complete, at which point the LED will turn solid white. You should allow at least a few minutes for the firmware upgrade to complete, depending on the speed of your internet connection.

Check and Configure Upstream Firewall Settings 

If an upstream firewall is already in place, it must allow outgoing connections on particular ports to particular IP addresses. The most current list of outbound ports and IP addresses for your particular organization can be found on the firewall configuration page in your dashboard

Mounting Hardware

The supplied wall screws and anchors allow you to mount the appliance on a drywall surface, either vertically or horizontally. The distance between the holes you drill should be 6-1/2 inches (16.5 cm).

  • For mounting on drywall, use a ¼-in drill bit, then insert the plastic and screw assemblies.
  • For mounting on wood or a similar surface, use only the screws.
  • Allow the heads of the screws to stick out far enough to be inserted securely into the back of the appliance.

Connecting to WAN

All Meraki MX devices must have an IP address. This section describes how to configure your local area network before you deploy it. A local management web service, running on the appliance, is accessed through a browser running on a client PC. This web service is used for configuring and monitoring basic ISP/WAN connectivity.

Setting up a Static IP Address

To ensure that the client PC is redirected to the local web service in the following step, you must disable all other network services (ex: wi-fi) on your client machine.

Do the following to configure basic connectivity and other networking parameters:

  1. Using a client machine such as a laptop, connect to one of the LAN ports of the MX.
  2. Using a browser on the client machine, access the appliance's built-in web service by browsing to http://setup.meraki.com. (You do not have to be connected to the Internet to reach this address)
  3. Click Uplink configuration under the Local status tab. The default credentials use the device serial number as the username, with a blank password field.
  4. Choose Static for the IP Assignment option.
  5. Enter the IP address, subnet mask, default gateway IP and DNS server information.

Setting up a DHCP IP Address

By default all MX devices are configured to DHCP from upstream WAN / ISP servers. Simply plug the MX's WAN / Internet port to your upstream circuit and wait a few minutes for the unit to negotiate a DHCP address.

When the WAN connection is fully enabled, Internet LED 1 will turn green.

Setting up Cellular Failover 

The MX67C and MX68CW have an embedded LTE module for cellular failover connections. The following section will walk through first-time set-up of an MX with an internet connection as a primary connection and cellular as failover.

 

Note: The IMEI cannot yet be found on the Meraki dashboard, only on the physical label of the device. The IMEI of the MXs with embedded LTE, as well as the serial number and MAC address, can be found on the product label at the bottom of cellular-embedded MX devices.

Having an MX appliance use a cellular modem to attempt to make its first connection to the Meraki Cloud is not a supported configuration. Please have a MX (with a cellular modem) come up for the first time via its WAN interface (and a working wired connection).

To set up the cellular failover connection, follow the steps below:

 

  1. Power off the MX. Swapping/installing SIM cards while the MX is powered on may cause unexpected behavior or errors

  2. For the MX67C, connect the antennas for cellular reception. Antennae are pre-attached for the MX68CW

  3. Open the SIM tray using the SIM card removal tool included in the box

  4. Insert a nano SIM card (4FF size) and close the SIM tray

  5. Connect the uplink for the MX device via a wired connection to connect to the Meraki cloud

  6. Power on the MX and wait for the MX to show as online in the Meraki dashboard

  7. Check with the carrier of choice if an APN needs to be configured. If so, do that from the Meraki Dashboard under Security & SD-WAN > Monitor > Appliance Status > Uplink tab

  8. Navigate to Security & SD-WAN > Monitor > Appliance Status > Uplink tab and next to Status, select the edit (pencil) button and then select Enabled. When the cellular uplink is successfully connected, you will be able to see the status on the left hand side of the Appliance Status page and in the Uplink tab. The connection will say Ready when it is successfully connected

  9. Test the cellular failover connection by unplugging the wired connection or by using the traceroute tool under Security & SD-WAN > Monitor > Appliance Status in the Tools tab

  10. If, after following the steps above, the SIM card is not detected, please confirm with your carrier that the SIM card is active and has data. You will need the ICCID of the SIM card and IMEI of the device to get troubleshooting help from the carrier

  11. Please contact the Meraki Support team if the cellular connection is still not being recognized after following the steps above

Additional Settings

Setting VLANs

If your WAN uplink is on a trunk port, choose VLAN tagging > Use VLAN tagging and enter the appropriate value for VLAN ID for your network.

Setting up a Secondary WAN interface on the MX67 

You can toggle the LAN2 port between LAN and Internet/WAN through the Local Status Page or in dashboard under Security & SD-WAN > Monitor > Appliance Status > Uplink tab "Add another WAN port..."

Setting up a Secondary WAN Interface on the MX68 

MX68 devices come with two dedicated Internet ports, which are both configured under Security & SD-WAN > Monitor > Appliance Status in the Uplink tab.

Setting PPPoE

PPPoE authentication may be required if you are connecting MX device to a DSL circuit. You need to know your authentication option and credentials (supplied by your ISP) in order to complete these steps.

  • Choose Connection Type > PPPoE.
  • Select your Authentication option.
  • If you select Use authentication, enter appropriate values for Username and Password.

Web Proxy Settings

These settings take effect if the MX device has to fall back to using HTTP to contact the Cloud Controller. By default, web proxy is disabled. To enable web proxy, do the following:

  • Choose Web proxy > Yes.
  • Enter values as appropriate for Hostname or IP and Port.
  • If you require authentication, choose Authentication > Use authentication, and enter appropriate values for Username and Password.

To apply all configuration settings to the appliance, be sure to click Save Settings at the bottom of the page.

Configuring Physical Link Settings

To configure physical link settings on the Ethernet ports, click Local status > Ethernet configuration. You can enable half duplex, full duplex, and autonegotiation, as well as set 10- or 100-Mbps data rates.

 

Warranty

MX Warranty coverage periods are as follows:

Product

Warranty Period

Warranty Information

MX67/68

Lifetime

Full lifetime hardware warranty with next-day advanced replacement included.

MX67/68 Accessories

1 Year

The following are considered accessories:

SFP Modules, all mounting kits and stands, interface modules, additional power cords

Additional warranty information can be found on the Return Policy and Requesting an RMA page of the Cisco Meraki website. 

If your Cisco Meraki device fails and the problem cannot be resolved by troubleshooting, contact support to address the issue. Once support determines that the device is in a failed state, they can process an RMA and send out a replacement device free of charge. In most circumstances, the RMA will include a pre-paid shipping label so the faulty equipment can be returned. 

In order to initiate a hardware replacement for non-functioning hardware that is under warranty, you must have access to the original packaging the hardware was shipped in. The original hardware packaging includes device serial number and order information, and may be required for return shipping.

 

  • Was this article helpful?