HA Configuration

Gordon
Getting noticed

HA Configuration

I have been working trying to get the following configuration working.  I have read all the documentation and it does not give any information regarding this design.  I have talked to multiple techs and each one had their own opinion wit h the latest being this can not be done.  Does anyone have a working network similar to this?  If so how was it done.Network.jpg

10 REPLIES 10
PhilipDAth
Kind of a big deal
Kind of a big deal

It looks like dual MX's with dual uplinks and dual down stream switches.  Is that correct?

Yes.   I need HA at both the switch and the firewall level.  For other reasons I can’t stack the switches.   Currently, I have 8 vlans.  I was told by the last tech the only way it would work is to trunk all the vlans over one connection.   This will not work for us as we work with multi-gigabit files.

 

I just realized the picture did not upload very well and is hard to see.   

Basically each colored/different line is carrying multiple vlans

PhilipDAth
Kind of a big deal
Kind of a big deal

You would need either a layer 2 link between the two MX's, or a layer 2 link between the two switches.  This is because the MX's run VRRP between the LAN interfaces and need to see each other at layer 2.

I have a link between the two MXs carrying all vlans.  I was told by the last tech that they only way I could do this would be to add all vlans to a single trunk that I couldn't run multiple connections even though they are carrying different vlans.

Adam
Kind of a big deal

What is the main routing device and where do the VLANs live?  I assume on the MXs?  And which part is holding you up?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
MRCUR
Kind of a big deal

What part of the setup isn't actually working? I can't see why this design wouldn't work (although I will admit I can barely read the diagram) even with the downstream switches not being stacked (assuming you are running NAT HA so the MXen are active/passive). 

MRCUR | CMNO #12
Gordon
Getting noticed

Three quarters of the network does not forward.  I am working directly with a Cisco engineer on this now and we think we have it figured out.   Setup is close but need to tweak it.

 

Thanks everyone for the input.

NetworkingGuy
Here to help

Is this all Meraki? If not check STP. 

 

Why can't you not stack some of the switches? I have some diagrams at home I can share with you for a similar setup but with a stack. Could be without and just be an Ethernet LAG. 

 

jdizzle
Here to help

I think the tricky thing is that the MX does not participate in STP and it forwards the STP frames across its LAN links. This will result in some subset of the MX-attached switch ports getting blocked.

 

in theory this is okay since the blocked connections are redundant but there may be other implications.

Gordon
Getting noticed

jdizzle, yes.  That is what we discussed and have to figure out.   The engineer I am working with did have a working setup similar to what I am trying to do in his lab except he was using Meraki switches instead of Catalyst but that is minor.  I have his notes on the setup so that should help.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels