Hi everyone,

Hope you are doing well. I am very new to Meraki and in need of some help.

We have been recently tasked with renewing our company network. 

The current network infrastructure, apart from the firewalls, is very old – we are talking about 15-year-old devices. They have decided to slowly start replacing access switches for Meraki MS120 devices, as well as new Access Points. They are all currently connected to the legacy network. I have only recently joined, and this project was kicked off before my time.

We have been asked to determine which devices we should now select to replace the Core switches. I will give you an overview so you can better understand our needs.

We have 3 sites very close to each other, within a 10 miles radius.

Site 1 - in purple

This is the primary site; it’s where we have the largest number of users.

It is connected to Sites 2 and 3 via MPLS (10GB fibres)

Has a dedicated Internet link for outbound traffic.

Site 2 - in green

This is the secondary site.

It is connected to Site 1 via MPLS. (10GB Fibres)

Connects to site 3 via Site 1. (10GB Fibre)

Has a dedicated Internet link for outbound traffic.

Site 3 - in orange

Small tertiary site.

Piggybacks of Site 1 via MPLS, for both LAN and Internet Access. (10GB Fibre)

Has a fibre connected to both sites 1 and 2, but it is a cold failover that requires on-site intervention. In case of manual failover, will piggyback of Site 2 instead.

Core to Access switches uplink

This will most likely be a mixture of new 10GB fibres and old copper cables. In some cases, we won’t be able to replace the existing RJ cables. They are feeding small switches with OT devices, that do not require a lot of bandwidth to work. (mostly on site 3, it's a very old building with very thick walls). 

I believe that we could go ahead with fibre core switches and use the odd copper transceiver if needed, instead of a switch with both interfaces.

Firewalls and Internet connectivity

The firewalls are configured with link-monitoring static routes, which will allow each firewall to re-route the internet traffic to the other site in case it goes down. However, this is only good from this point forward. If the connection between the core and the firewall goes down, with the current config, it is not rerouted automatically – A static route needs to be configured.

Things we are looking to resolve with the new setup – dotted in red:

1 – Automatic Failover connectivity from Site 3 to sites 1 and 2. This is pretty much our warehouse so there is no need for high performance, as long as it is reliable and stable. 

2 – Define necessary routing, between sites 1 and 2, to detect when the link between the core and local firewall is down, changing the default route to the other location.

Other than static, the existing firewalls support OSPF, BGP or RIP. The switches would need to be at least compatible and capable of doing some routing both between them, and with the firewalls.

The existing routing is pretty much all static so whatever we decide to do will be done from scratch.

One last thing to have in consideration: Compatibility of Meraki SFPs with other vendors – Fortinet, Dell, Cisco Catalyst. Anything I should be aware of?

They have not considered the change from the current MPLS setup to SD-WAN. I don’t know if putting in MX devices is a requirement for this to work. Ideally, from a budget perspective, they would prefer not having the MXs.

Again, I am new to Meraki, so I was wondering what the best practice would be, as well some additional configuration that currently does not exist, to achieve our goal.

I would be very grateful for all the help you can provide.

Thanks,

Mike