- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Meraki Toplogy Design Check
Hello,
I'm looking to verify and/or get feedback on a proposed network design for a hub site that I have at which we use 2 MX-105 in an HA setup (warm spare config), 2 MS-250-24P (each on a different VLAN), and a single MS355-X2 (also on a separate VLAN, for internal 10 Gb clients).
The current design uses CAT5E connections between the switches and each switch uses a management IP from its own VLAN. This was done initially to simplify the design and avoid spanning tree issues/loops. I'd like to optimize the current design in order to:
- Free up the 1 Gb ports that were used for uplinks and use higher speed Twinax cables (MA-CBL-TA-1M) for the uplinks and switch to switch connections.
- Properly configure a management VLAN across all devices.
- Make the design more redundant with less single points of failure.
I've attached the proposed design and would like to know if it would work as configured. The config would be as follows:
- Each uplink trunk port from the MS-250's would have the native VLAN set as the MGMT VLAN (10) and allowed VLAN's as all internal VLAN's (1072, 1082, 1092).
- Each switch to switch trunk port would also have the native VLAN set as the MGMT VLAN (10) and allowed VLAN's as all internal VLAN's (1072, 1082, 1092).
- Each remaining switch access port would have the VLAN set to the respective VLAN of the switch (1072 for SW-A, 1082 for SW-B, and 1092 for SW-C).
Would the design function properly from a spanning tree standpoint or would it introduce issues/loops/other problems? I haven't dealt with STP in a while so I wanted to make sure I wasn't missing any glaring issues.
Thanks!
- Labels:
-
Topology
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LACP & Link Aggregation
The MX does not run LACP or any link aggregation protocols. Connecting aggregated ports to the LAN of the MX is not supported; all connected ports should be un-aggregated. If multiple ports are connected to the MX from a single switch for redundancy, it is highly recommended that you run STP on that switch, to ensure that one of the redundant ports is safely put into a blocking state.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't plan on using link aggregation as each device will be connected with a single link.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's just advice.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Much appreciated 🙂 Just wanted to clarify that it wasn't being used is all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also check it https://documentation.meraki.com/%E6%97%A5%E6%9C%AC%E8%AA%9E/Architectures_and_Best_Practices/Cisco_...
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With two devices in HA and two ISPs you likely also need an external switch (or two for redundancy) to connect the MXes to the ISPs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm using a virtual IP config on the MX's and haven't had issues with regards to ISP connectivity when an internet link fails. Basically using the following recommended setup (minus the switch to switch link as shown below).
Would adding an upstream switch improve the setup?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If your ISP routers provide two ports, this is fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yup each MX is connected to a different ISP port on each modem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But this topology is similar to an LACP, your MXs have a LAN connection on each switch. In this case, you have to enable the spanning tree as I recommended before.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you not stack the two MS250s, are they too far apart?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
They're definitely close enough in the rack to connect with a stacking cable. Would that add more redundancy to the design if the VLANs are kept the same or would I have to reconfigure them?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It does add more availability and performance to the design, but it does mean that when you apply a firmware change, both have to be done at the same time, so that might be a concern if you are a 24/7 operation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have revised the design and configuration based on the recommendations in this thread. It now looks like this:
There's no LACP from the MS250 switch stack to the MX-105 HA pair because the MX doesn't support that according to @alemabrahao and the subsequent Meraki documentation. Are there any other caveats or design considerations to take into account that anyone would recommend based on the latest diagram above?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That looks good to me, you might want to lose the connections to P10 on the MX105 pair, but they might be fine 😎
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you think those redundant connections could cause STP issues?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Technically, the STP must block one of the paths and it shouldn't be a problem. Today I have cases where I use the STP to decide and it didn't cause any problems.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have had STP not block properly with MX + MS though it works fine with Catalyst switches. I haven't re-tried this config with MS15.x stacks yet.