Hello everyone. I have a Low level design doc that composes of Two layer two switch stacks containing say four switches each.
They then go up two MS425s. Looking at the diagram, these also are in a stack, but a stack of two.
We will need redundancy for the two layer two switch stacks. Ordinarily we would use some form of VRRP or warm spare in Meraki parlance i believe? However, because the MS425s are stacked, surely this rules out VRRP/Warm Spare?
How do I achieve redundancy for my lan going to this MS425 stack, when I am unable to use VRRP/Warm spare?
Hello Mac1
You need to create a port channeling between all the stacks. Let's say that the 425s are the core stack, the L2 switches 1 and 2 are stack 1, and L2 3 and 4 are stack 2. You will have a port channeling between core stack-stack 1 and core stack-stack 2. It will be treated as a single switch with 2 different switches down.
You could enable Spanning Tree in that case for a failover if the port-channeling breaks for some reason, but that's a bit risky.
So you would have TWO port channels on the Core stack with One port from each of the L2 stacks below yes?
This would just be one port channel configured on each of the L2 stacks with a single port going to each member of the core stack, yes?
So if you lost one of the switches in the core stack, the L2 stacks would automatically failover to the other member of the core stack, yes, is that exactly what you mean?
Convert Ms425-1 port1 and ms425-2 port 1 to a channel
That makes aggregate port 0
Convert Ms425-1 port2 and ms425-2 port 2 to a channel
That makes aggregate port 1
Convert access stack1 switch1-port 49 and switch2-port 49 to a channel
This makes aggregate port 0.
Connect these two access ports(aggregate0) to ms425 aggregate0 port(ms425-1port1 and ms425-2port1)
Then do the same for access stack 2 and connect that to ms425 aggregate1 ports
Hello and thank you.
So is the traffic equally load balanced from the lan up to the Ms425s?
If I lose one of the Ms425s the failover to the other is automatic yes?
Is the traffic equally load balanced from the lan up to the Ms425s?
If I lose one of the Ms425s the failover to the other is automatic yes?
@Mac1 in a portchannel the traffic is pretty evenly balanced, yes. With the stack of two 425s, if either fail the other will continue to route traffic. There may be a momentary blip if the one that fails is the stack master, but it is very quick.
Hello and thanks you. I'm now told that the SVI's will sit on an SD-WAN router above the MS425 Stack.
The MS425 will be for distribution only and the Lan switches (MS225s) will be below the distribution switch.
1. So, I run Layer two trunks between the lan and the MS425 through the port channels, yes?
2. How do i get from the distribution switch to the SDWAN, something has to point to the VRRP vip doesn't it?
3. Where should the Default gateway for my LAN switches point? To the VRRP address of the SD_WAN router, or the management address of the Distribtion switch?
4.Should the connection between the Distribtion switch and the SVI router be layer three or layer two trunk?
T
@Mac1 if all the SVIs are on the SD-WAN devices then the switches are simple L2 devices. All you need is a management interface and trunks between them. No VRRP needed as you aren't using them for routing (the first R in VRRP).
If the 425's are not going to provide Layer 3 services, the design is pretty simple, as the other friend explained. But then, will you have a single Layer 3 SD-WAN equipment? In that case, you are keeping the Single Point of Failure anyway, so the 425s are not really a good idea. You might achieve the same results with 355s or even lower if you don't need the 40Gb ports.
Hello and thanks again.
So if the 425's are layer two only, what about the connection between the 425's and the SD-Wan?
1. The SD-WAN is actually TWO boxes, so this is will be two layer 2 trunks from the distribution, yes?
2. The Access switch Gateways is still pointing to the SVI's which now sit on on the sd wan, yes?
The SD-Wan runs in a "out-of-band management" interface. That is a pre-configured VLAN that will try to get a DHCP address. This is configured on the "Switch Settings" sections of the "Switch" tab of the Meraki Dashboard.
If this interface doesn't get Internet connection, it will try to go via any of the trunked VLANs configured in the switch. The switch will try any method to reach the Meraki DCs. Therefore, you need to make sure that this Management VLAN has internet access, but the rest is all layer 2.