Home > General Administration > Service Providers - SPs > Private Uplinks

Private Uplinks


Fully private links (no Internet e.g. Private MPLS/VPLS links) are unsupported when connected to a WAN port of the MX. This is because the WAN links of the MX are governed by Connection Monitor. When a fully private link is connected to a WAN port of the MX, there is no internet connectivity and therefore Connection Monitor health checks fail. When Connection Monitor health checks fail, the MX prevents client traffic from egressing the link.


The private links feature bypasses connection monitor, thus allowing the use of private links as a WAN connection to establish Auto-VPN or third-party VPNs over these links. Meraki customers and service providers are utilizing private connections in conjunction with internet connections on the WAN ports of an MX to facilitate uptime and leverage SD-WAN capabilities.

NOTE: This feature is currently in a service provider-only closed beta.

Uplink Configuration

Since a private uplink does not have reachability to the internet,  we still require one uplink that does in order for the MX to communicate with the VPN registry and learn about the endpoints of the other MX nodes on the MPLS link to establish auto-VPN tunnels over this link.


The current design of the private links feature is such that WAN1 will be connected to the private link (MPLS, VPLS, etc.) and WAN2 will be connected to the internet (broadband,etc.).  The MX will communicate to dashboard and the VPN registry over WAN2 for both of its WAN1 and WAN2 links to facilitate the Auto-VPN/SD-WAN connectivity over the private link.


  • There is currently no UI element to this feature. It is only a backend implementation at this time which Meraki support can assist with enabling
  • Uplink monitoring charts (security appliance > appliance status > uplink, summary report, VPN performance monitoring, etc.) on dashboard currently show 100% loss for the private link as there is no connection monitoring over this link to populate the graph with data
  • LTE backup
    • If WAN2 (internet) fails but WAN1 (MPLS) is still up then LTE will still be in a standby state and the MX will appear offline in dashboard
    • If WAN2 (internet) fails and the WAN1 (MPLS) link goes hard down then LTE will become active and the MX will appear online in dashboard again


Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 7135

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community