cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Optimizing Network Design with underpowered gear.

SOLVED
LB3
Conversationalist

Optimizing Network Design with underpowered gear.

We have a large client that had a limited budget so the switches purchased are not idea for a client their size and the industry they are in but the Cap Ex hit is making us implement and design with what they have.

 

The client has:

(2) MX84
(7) MS120-48LP 

(1) MS120-24LP

(12) AP's

 

With the MS120's only supporting Virtual Stacking what is the best way to design the network with redundancy in mind.

 

My thought is to designate two of the switches as uplink/distribution type switches and uplink each additional switch to those with one port in each and then have the two "distribution" switches uplink to both MX's individually?

 

Any thoughts or suggestions? Am I overcomplicating the setup?

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Optimizing Network Design with underpowered gear.

I would make two of the switches a core switches.

 

I would connect MX1 to core switch1, and MX2 to core switch2.  I would not dual connect the MX's.  There are two many issues around spanning tree.

 

I would make core switch1 have a spanning tree priority of 0.  I would make core switch2 have a spanning tree priority of 4096.

 

Then you can dual connect every other switch to the two core switches.

4 REPLIES 4
Kind of a big deal

Re: Optimizing Network Design with underpowered gear.

I would make two of the switches a core switches.

 

I would connect MX1 to core switch1, and MX2 to core switch2.  I would not dual connect the MX's.  There are two many issues around spanning tree.

 

I would make core switch1 have a spanning tree priority of 0.  I would make core switch2 have a spanning tree priority of 4096.

 

Then you can dual connect every other switch to the two core switches.

LB3
Conversationalist

Re: Optimizing Network Design with underpowered gear.

Thanks! Sounds good, but in this setup what's the best way to handle the handoff.  I have a /29.

 

If I connect MX1 to Core Switch 1, and MX2 to Core Switch 2 could/should I still setup the MX's in a master/passive setup with a VIP between the two?

Highlighted
Kind of a big deal

Re: Optimizing Network Design with underpowered gear.

Yes I would use a warm spare configuration for the MX.

 

Unless you have a seperate external switch, you'll need to put 3 ports into a seperate VLAN.  I would make them all access ports.  Then plug in your ISP, and WAN1 of your two MX.

Getting noticed

Re: Optimizing Network Design with underpowered gear.

We have some sort of the same setup.

 

I've put the MX in WARM spare.

2 MS into a stack

connected all access switches with LACP to the stack (2 interfaces, each to a member of the stack)

connected the access points across odd & even numbered switches.

spread the odd & even access points between left and right parts of the building and floors.

 

This way we can have maintenance on the MX, the MS Stack, and spread the maintenance between odd & even access switches and access points while maintaining lots of the connectivity.

 

MX

The MX is connected to 2 internet providers by using a WAN break out switch. 1 per provider.

And a transit subnet of /29 per provider.

 

The failover link between the MX's only allows 1 "warm spare"  vlan.

 

The MX is connected to the MS stack using a trunk containing vlan 1 and a transit vlan 2.

The physical interfaces are not LACP.

 

Vlan 1 serves as DHCP server.

vlan 2 is connected to a SVI interface on the MS Stack.

 

MS

The MS has several vlan's, each vlan has it's own DHCP served by the MS Stack.

We use ACL's to secure some traffic, MS does not support ICMP in ACL unfortunately.

These ACL's are quite some hasle as they are vlan ACL's and not L3 interface ACL's 

 

MR

The access-points are connected with trunks to the MS CORE

On 1 SSID we use 2 vlan's with Layer 3 roaming.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.