Your Cart

All Categories
Best Practices for Configuring Cisco MX85 and MX95 Routers for SD-WAN Deployment

Best Practices for Configuring Cisco MX85 and MX95 Routers for SD-WAN Deployment

Jun 13, 2025

Peter Shaw

In the modern enterprise landscape, Software-Defined Wide Area Network (SD-WAN) solutions are transforming how organizations manage and secure WAN traffic. Cisco Meraki’s MX series routers, particularly the MX85 and MX95, offer robust, cloud-managed networking capabilities tailored for SD-WAN deployments. If you're preparing to deploy these devices in a production environment, following best practices ensures high performance, scalability, and security.

Here’s a comprehensive, practical guide to help you configure your Cisco MX85 and MX95 routers for successful SD-WAN implementation.

1. Understand the Role of MX85/MX95 in SD-WAN Architecture

Both Cisco Meraki MX85 and MX95 routers are designed for mid-sized to large branch networks. They offer integrated security, routing, switching, and advanced SD-WAN features. Before deployment, ensure that your network requirements align with the device specifications:

  • MX85: Recommended for up to 250 users

  • MX95: Recommended for up to 500 users

Evaluate the required throughput, VPN usage, and redundancy options. Keep licensing in mind—Meraki Advanced Security License is essential for advanced SD-WAN features.

2. Register Devices to the Meraki Dashboard

Before physical deployment:

  • Claim the MX device serial number via the Meraki Dashboard.

  • Assign it to a network (e.g., "Branch-1-Network").

  • Apply the proper configuration template to standardize deployment across multiple sites.

Cloud configuration minimizes setup time and ensures consistency across branch networks.

3. SD-WAN Uplink Configuration

The core strength of Cisco Meraki’s SD-WAN is its uplink management:

  • Use both WAN1 and WAN2 ports for link redundancy.

  • Configure uplink policies based on performance metrics such as latency, jitter, and packet loss.

  • Enable Dynamic Path Selection to route traffic based on application performance requirements.

This ensures real-time applications (like VoIP or video conferencing) get routed through the most stable link.

4. VPN Configuration: Auto VPN and Hub-Spoke Model

One of the most appreciated features of Cisco SD-WAN is Auto VPN:

  • Navigate to Security & SD-WAN > Site-to-site VPN.

  • Choose Hub or Spoke topology based on your architecture.

  • For MX85/MX95 as Spoke routers, define multiple hubs for redundancy.

  • Ensure non-Meraki VPN peers are configured with correct IPsec parameters if applicable.

Don’t forget to define subnet advertisements and VPN firewall rules for traffic segmentation.

5. Prioritize Traffic with SD-WAN Policies

Once VPN tunnels are established, configure SD-WAN traffic shaping policies:

  • Go to Security & SD-WAN > SD-WAN & traffic shaping.

  • Classify traffic using layer 7 application-based rules.

  • Use custom performance classes to specify acceptable thresholds.

  • Set failover and load balancing rules to optimize reliability.

For example, assign Zoom or Microsoft Teams traffic to the link with lower latency, and bulk traffic like Windows updates to the secondary link.

6. Implement Strong Firewall and Security Settings

Security must not be compromised in SD-WAN configurations. Enable:

  • Intrusion Prevention System (IPS) and Advanced Malware Protection (AMP)

  • Content filtering and Layer 7 firewall rules

  • Geo-based IP blocking if necessary

  • Enable Threat Protection under the Security & SD-WAN > Threat Protection section

This transforms your MX device into a next-gen firewall alongside a router.

7. Enable High Availability (HA) Setup (Optional)

For mission-critical branches:

  • Deploy two MX85/MX95 units in Warm Spare (HA) mode.

  • Use a common virtual IP (VIP) for external WAN connectivity.

  • Monitor synchronization status in the dashboard.

Ensure power redundancy and proper switch connectivity to avoid single points of failure.

8. Monitor and Troubleshoot Effectively

Use the Meraki Dashboard tools for real-time monitoring:

  • Uplink performance graphs (latency, jitter, loss)

  • VPN tunnel health and error diagnostics

  • Application usage and bandwidth hogs

  • Set custom alerts for failovers, high latency, or disconnections

Proactively monitoring these metrics helps avoid downtime and performance degradation.

9. Keep Firmware Updated

Always keep the firmware up to date. Cisco regularly pushes updates for bug fixes, new features, and security enhancements. Set a maintenance window and test updates in a non-production environment when possible.

10. Document Configuration and Conduct Audits

Maintain configuration records for all branch routers. Include:

  • WAN IPs and ISPs

  • VPN peer settings

  • SD-WAN rules and priorities

  • Firewall and security configurations

Conduct periodic audits using Meraki’s reporting tools to ensure ongoing compliance and performance alignment.

Conclusion

Deploying Cisco Meraki MX85 and MX95 routers in an SD-WAN environment is a strategic move that can elevate your network’s agility, performance, and security. By following these best practices—ranging from initial registration to fine-tuning traffic policies—you can unlock the full potential of SD-WAN with minimal operational friction.

Start small, scale wisely, and monitor continuously. Cisco Meraki’s cloud-native approach makes it easier than ever to manage a modern WAN infrastructure from a single pane of glass.