Doubts about topology

Solved
renanmonteiro
Here to help

Doubts about topology

Good evening,

 

I would like help with a question.

 

I am about to close a deployment with following topology, a firewall that will make the connection to the internet and a  MS350 stack as Core.

 

All of the network's L3 will remain on the Core, except the guest network.

 

I have a management network for the meraki elements below the core, and an this element I have the SVI for the management network. For core communication with the firewall, a transport VLAN and a default route will be used.

 

My question is, would the Core management IP address be part of transport VLAN ? Or would I have to extend the management network with L3 to the firewall?

 

Obs. For the other elements, the management VLAN would come straight from the core.

 

Thanks

1 Accepted Solution
DensyoV
Meraki Employee
Meraki Employee

Hi,

 

The recommended or best practice is to have separate VLANs for transport and management, but your configuration should still work. Here is the link to the Meraki General MS Best Practices for layer 3 features.

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

Thanks,

 

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.

View solution in original post

4 Replies 4
AjitKumar
Head in the Cloud

Hi @renanmonteiro 

In my configuration "Core" Management IP is part of the "Transport" VLAN i.e /29.

For other elements "Yes" I too have Management VLAN on the core.

 

I understand this configuration "Works" unless Community Members suggests any other better Method.

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
DensyoV
Meraki Employee
Meraki Employee

Hi,

 

The recommended or best practice is to have separate VLANs for transport and management, but your configuration should still work. Here is the link to the Meraki General MS Best Practices for layer 3 features.

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

Thanks,

 

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
renanmonteiro
Here to help

Thanks, I will close this topology this week.

 

After that I reply you

PhilipDAth
Kind of a big deal
Kind of a big deal

Each switch needs a management IP address to talk to the cloud - but this is not an SVI.  You could have an SVI and the management IP in the same VLAN - but they are two separate IP addresses.

 

The management IP address of your core must be able to get to the Internet without being routed through the core itself.  In practice this means the management IP must use your firewall as a default gateway.

 

I would put the switch management IP into the same VLAN as the transport.

 

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Layer_3_Switching_and_Routing#Notes_regardi... 

Get notified when there are additional replies to this discussion.