Connect two MX100 to MS425 Stack

HelloAlex
Conversationalist

Connect two MX100 to MS425 Stack

Hello Community

I want to connect two MX100 which are operated as Active/Pasive with a switch stack consisting of two MS425-32.
L3 Routing is enabled on the MS425 Stack.

I have read the documentation, unfortunately I could not find out how best to connect and configure this configuration.

It is clear that every MX100 must be connected to both MS425s.
According to the documentation, a direct connection must be established between the two MX for the heartbeat, but as the MX do not support spanning tree protocol, I am not sure how to connect it.

Does anyone have a wireing diagramm for me and can help me to configure the whole thing?

Thanks in advance
Alex

 

4 REPLIES 4
Adam
Kind of a big deal

So here is how we do this.

 

WAN to MX100's. 

Thankfully our Comcast and Verizon modems have multiple LAN ports so we connect those to WAN1 and WAN2 on both MX100's.  Then we have a virtual IP setup between the two MX100's. 

 

MX100's to Core stack

Port 4 on MX100-1 to Port 1 on Core SW1

Port 5 on MX100-1 to Port 2 on Core SW1

 

Port 4 on MX100-2 to Port 1 on Core SW2

Port 5 on MX100-2 to Port 2 on Core SW2

 

EDIT:  You don't have to use the port numbers above, I just used them for example purposes.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Tony_Ang
Getting noticed

Hi @HelloAlex

 

Note you will need minimum at least 2 WAN IP from each of the ISP and also it would be great if they can provide EdgeRouter so there will be a multiple LAN ports (same scenario as @Adam).
If they only provide you modem or routers with only 1 ports but /subnet then you will require a WAN switch as per below. (I recommend you to get /29 instead because we need to configure another public WAN ip on the WAN switch 2 for the Meraki uplink so we would be able to see it in the dashboard)

Note that the MS425-16 should be stack 🙂
The Left & Right MX100's port 1 will configure ISP 1's WAN IP, eg. 111.111.111.111 (Left) & 111.111.111.112 (Right)
Then Left & Right MX100's port 2 wil configure ISP 2's WAN IP eg. 111.111.222.111 (Left) & 111.111.222.112 (Right)
Hope this will help.

 

Diagram 1Diagram 1

PhilipDAth
Kind of a big deal
Kind of a big deal

Are the two MX100 only be used for outbound NAT - or are they also used for either VPN or inbound NAT?

HelloAlex
Conversationalist

Hi guys

Thank you for your answers, that has already helped me.
On the WAN side I have an EdgeRouter at ISP 1. Currently there is only one port active but I can call the ISP and have a second port activated. ISP 2 has only provided me with a cable modem, I have to work with a WAN switch there.
At ISP 1 I have 8 IP addresses (/28), ISP 2 provides me only one usable IP address (/30). So I also have to take care of it and make a phone call.

Connection from MX to MS: Should the links be aggregated or should I configure it as individual links?


@PhilipDAth

The MX100 are used for inbound NAT as well as for client and site-to-site VPN.

By outbound NAT do you mean the setting Security appliance -> Traffic shaping -> Flow preferences -> Internet traffic?
There are some devices that should only communicate to the outside via a special ISP.(for reasons of upload speed) So yes, 2-3 settings will certainly be made here.

I am switching from Sophos UTM220 (EOL) to Meraki and want to map the configuration to the Meraki firewall 1:1 before putting it into operation.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.