Meraki

nanosuzu · ‎Sep 26 2018

Hello everyone

I have MX 400 and MS 350.
I have created VLANs in MX 400 until now.
I think there are two ways to create a VLAN that needs to be connected to the Internet.
1: Create a VLAN on the MX 400.
2: Create a VLAN in MS 350 and route it to VLAN 1 (Default) of MX 400.
Please advise which of 1: 2: is more advantageous in terms of security and operation.
Thank you.

BlakeRichardson · ‎Sep 26 2018

Managing VLANS on the switches and using L3 routing will be the way to go.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

nanosuzu · ‎Sep 26 2018

Thank you for your reply.

Is 2 recommended?
In what situation do you create a VLAN on MX400?

TimBisel · ‎Oct 10 2018

Not using VLAN 1 is pretty much the only suggestion since there is no VTP on Meraki so not to much benifit to staying inside standard VLAN range.

But any VLAN you want to reach other side of MX you will need to configure in MX. Any switch you want to have ability to use VLAN will need VLAN configured.

Layer3 switches you will also want to configure an interface so they can route packets between VLANS. Be sure not to reassign interface IPs when doing this.

TerryVasquez · ‎Sep 27 2018

Hi,

I would rather go as follows:

1. Create the layer 2 VLANs at your MS

2. Create the layer 3 VLANs at your MX

In this way, there are filters and/or security in between VLANs.

Terry VASQUEZ Jr.

Meraki

Community

Where to create the VLAN

Where to create the VLAN