- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Connect a MX250 HA to a MS425 Stack
How can i connect the MX250 HA to a MS425 Stack. I want to connect "Fully Redundant (Switch Stack)"
from each MS to each MX like in the documentations from Meraki. But how should be the configuration of the Ports. Because when i do that i get a loop and the whole network goes down.
To my configuration. We have two buldings. In every building is a MX, they are in HA. In every building is a MS configured and they connected together in a Stack.
At the moment it is connected as follows:
MX1 Port 26 -> MS1 Port 32
MX2 Port 26 -> MS2 Port 32
The Ports of the MX are configured as a Trunk with the VLAN´s i need and Dropped Untagged Traffic.
The Port on the MS are configured as a Trunk with the same VLAN´s and with STP deactivated.
When i now connect additional the Ports (with the same Port configuration)
MX1 Port 25 -> MS2 Port 31
MX2 Port 25 -> MS1 Port 31
The network goes down.
I hope this is understandable because my english is not the best 🙂
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@buschtrommelXXL what you’ve been told is correct, RSTP should be enabled, and you don’t need loop guard, root guard, or any of those.
I believe your problem lies here, “The Ports of the MX are configured as a Trunk with the VLAN´s i need and Dropped Untagged Traffic.”
BPDUs, which make RSTP work and prevent loops, are sent untagged on a trunk, and so by setting the MX port to Drop Untagged Traffic you’ve effectively broken RSTP and so a loop is forming.
If you set a native VLAN on the trunks, like @Claes_Karlsson shows, then hopefully it should work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You have full documentation about the recommended setup here: https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair
Looks like you missed this part:
- Make sure STP is enabled on the downstream switching infrastructure, as a properly-configured HA topology will introduce a loop on the network.
Hope this help!
/CK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the info. I know that. But I've searched a lot on this subject because i wanted to find out what option of stp is the right and than i found some topics in there are spoke that stp should be disbled.
Ok than that´s clear.
Can you give me a tip what option of stp is right? "Root Guard" or "Loop Guard"
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Don't use any STP Guard, you may use this configuration I believe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok thanks a lot i will give it a try
BR
Sascha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Claes,
i´ve tryed it last weekend and the network goes down again. Do i have to enable all VLANs or can i define only the VLAN´s i need. And at the moment i have configured the Ports on the MX with "Drop untagged Traffic". Can that be the reason?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would just allow all the VLANs on the links to keep it as simple as possible. I'm not sure but maybe the VRRP heart beats will traverse over the native VLAN (which is untagged by default).
/CK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@buschtrommelXXL what you’ve been told is correct, RSTP should be enabled, and you don’t need loop guard, root guard, or any of those.
I believe your problem lies here, “The Ports of the MX are configured as a Trunk with the VLAN´s i need and Dropped Untagged Traffic.”
BPDUs, which make RSTP work and prevent loops, are sent untagged on a trunk, and so by setting the MX port to Drop Untagged Traffic you’ve effectively broken RSTP and so a loop is forming.
If you set a native VLAN on the trunks, like @Claes_Karlsson shows, then hopefully it should work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Bruce,
thanks for the info. I will try it. Is it better to create a new VLAN for it with no devices in there or can i use an existing.
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Normal your native VLAN is just one of your VLANs - quite often it’s the Meraki management VLAN so that your devices can connect to the internet with any pre-configuration. But if you prefer to use just an empty VLAN you can do that too. Just remember to configure the same native VLAN on the switch end of the trunk too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Bruce,
thanks a lot. That was it. Now it works!
Can i ask you another Question?
When i have only meraki switches. Is it advisable to set the STP Guards between the Switch to Switch ports?
Thanks in advance!
Sascha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@buschtrommelXXL Glad to hear you got it working.
Here are the guide lines for setting up the STP guard features:
- BPDU Guard should be enabled on all end-user/server access ports to avoid rogue switch introduction in network
- Loop Guard should be enabled on trunk ports that are connecting switches
- Root Guard should be enabled on ports connecting to switches outside of administrative control
These come from this document, https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/....
However, between the MX and MS devices I wouldn’t enable any of the STP guards since the MX doesn’t participate in STP, it just forwards any BPDUs it receives.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
basically not required to enable STP guard. Just enabling STP will prevent the loop
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Just enable RSTP/STP on all uplink interfaces and connect the secondary uplink towards to MX
