Meraki Toplogy Design Check

AnthonyI
Getting noticed

Meraki Toplogy Design Check

Hello,

 

I'm looking to verify and/or get feedback on a proposed network design for a hub site that I have at which we use 2 MX-105 in an HA setup (warm spare config), 2 MS-250-24P (each on a different VLAN), and a single MS355-X2 (also on a separate VLAN, for internal 10 Gb clients).

 

The current design uses CAT5E connections between the switches and each switch uses a management IP from its own VLAN. This was done initially to simplify the design and avoid spanning tree issues/loops. I'd like to optimize the current design in order to:

  1. Free up the 1 Gb ports that were used for uplinks and use higher speed Twinax cables (MA-CBL-TA-1M) for the uplinks and switch to switch connections.
  2. Properly configure a management VLAN across all devices.
  3. Make the design more redundant with less single points of failure.

I've attached the proposed design and would like to know if it would work as configured. The config would be as follows:

  • Each uplink trunk port from the MS-250's would have the native VLAN set as the MGMT VLAN (10) and allowed VLAN's as all internal VLAN's (1072, 1082, 1092). 
  • Each switch to switch trunk port would also have the native VLAN set as the MGMT VLAN (10) and allowed VLAN's as all internal VLAN's (1072, 1082, 1092).
  • Each remaining switch access port would have the VLAN set to the respective VLAN of the switch (1072 for SW-A, 1082 for SW-B, and 1092 for SW-C).

 

Would the design function properly from a spanning tree standpoint or would it introduce issues/loops/other problems? I haven't dealt with STP in a while so I wanted to make sure I wasn't missing any glaring issues.proposed_network_design.png

 

Thanks!

 

18 REPLIES 18
alemabrahao
Kind of a big deal
Kind of a big deal

LACP & Link Aggregation
The MX does not run LACP or any link aggregation protocols. Connecting aggregated ports to the LAN of the MX is not supported; all connected ports should be un-aggregated. If multiple ports are connected to the MX from a single switch for redundancy, it is highly recommended that you run STP on that switch, to ensure that one of the redundant ports is safely put into a blocking state.

 

alemabrahao_0-1668100573041.png

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I don't plan on using link aggregation as each device will be connected with a single link.

It's just advice.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Much appreciated 🙂 Just wanted to clarify that it wasn't being used is all.

alemabrahao
Kind of a big deal
Kind of a big deal

Also check it https://documentation.meraki.com/%E6%97%A5%E6%9C%AC%E8%AA%9E/Architectures_and_Best_Practices/Cisco_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
KarstenI
Kind of a big deal
Kind of a big deal

With two devices in HA and two ISPs you likely also need an external switch (or two for redundancy) to connect the MXes to the ISPs.

I'm using a virtual IP config on the MX's and haven't had issues with regards to ISP connectivity when an internet link fails. Basically using the following recommended setup (minus the switch to switch link as shown below).

AnthonyI_0-1668103384344.png

 

Would adding an upstream switch improve the setup?

KarstenI
Kind of a big deal
Kind of a big deal

If your ISP routers provide two ports, this is fine.

Yup each MX is connected to a different ISP port on each modem.

But this topology is similar to an LACP, your MXs have a LAN connection on each switch. In this case, you have to enable the spanning tree as I recommended before.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
cmr
Kind of a big deal
Kind of a big deal

Can you not stack the two MS250s, are they too far apart?

AnthonyI
Getting noticed

They're definitely close enough in the rack to connect with a stacking cable. Would that add more redundancy to the design if the VLANs are kept the same or would I have to reconfigure them?

cmr
Kind of a big deal
Kind of a big deal

It does add more availability and performance to the design, but it does mean that when you apply a firmware change, both have to be done at the same time, so that might be a concern if you are a 24/7 operation.

AnthonyI
Getting noticed

I have revised the design and configuration based on the recommendations in this thread. It now looks like this:

AnthonyI_0-1668703525497.png

 

There's no LACP from the MS250 switch stack to the MX-105 HA pair because the MX doesn't support that according to @alemabrahao and the subsequent Meraki documentation. Are there any other caveats or design considerations to take into account that anyone would recommend based on the latest diagram above?  

 

cmr
Kind of a big deal
Kind of a big deal

That looks good to me, you might want to lose the connections to P10 on the MX105 pair, but they might be fine 😎

AnthonyI
Getting noticed

Do you think those redundant connections could cause STP issues?

Technically, the STP must block one of the paths and it shouldn't be a problem. Today I have cases where I use the STP to decide and it didn't cause any problems.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
cmr
Kind of a big deal
Kind of a big deal

We have had STP not block properly with MX + MS though it works fine with Catalyst switches.  I haven't re-tried this config with MS15.x stacks yet.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.