Layer 3 setup without equipment

Quimax
Getting noticed

Layer 3 setup without equipment

We're looking to re-do most of our network firewall and network configurations. Combining separate MX, MS and MR networks into one combined network and re-evaluating our content filtering at the same time.

 

To do this, I've made a new combined network. Thought was to put all the routing rules, most of which won't change, into the new network and then add in the desired setup for the L3/L7 firewall and Content filtering. Once that is all setup, during off-hours, we can move the MX and other equipment from the other networks into this one and be up quickly as all the "hard" work has already been done.

 

Details...details...always the details...

 

Is there a way to "fake" a L3 capable switch so we can add the L3 interfaces and such? Apparently, one can't set any of those until an L3 device is added to the network. We're looking at almost the same setup as this: MX and MS Basic Recommended Layer 3 Topology - Cisco Meraki only most of our "downstream" setup isn't Meraki.

 

I suppose I could do most of the L3/L7 firewall rules and such, but then only add the Layer 3 interfaces & routing during the change over, but really didn't want to fight that at the same time we're taking the bulk of our network down.

 

Thoughts?

4 REPLIES 4
MarcP
Kind of a big deal

Should be possible to use a complete new network, without any license in it. Then you can configure all and then add the devices on time.

Saw this a week or two ago from a meraki staff here in the community who posted this... (found it)

MarcP_0-1651732770702.png

 

Not into API, still, but should be possible to do it with API as well:
https://github.com/meraki/automation-scripts

copyswitchconfig.py, if you already have these settings in your old network.

Quimax
Getting noticed

It works pretty well for anything that isn't a port-specific setting. I'll probably do this with the content filtering and firewall rule things.

L3 isn't configurable without a physical device though, which I have, but can't actually put into this new network without breaking the current network.

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Quimax , assume you’ve read this document:

 

https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Best_Practices_fo...


I believe you’re right that you won’t be able to configure any L3 interfaces as you won’t have any L3 devices in your network until you move the devices over.

 

Depending on how big your network is you can either manually audit the existing Config and document. Or, use API to pull the Config off and spit back into the dashboard when devices are moved over.

 

 

 

 

 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.


@DarrenOC wrote:

 

Depending on how big your network is you can either manually audit the existing Config and document. Or, use API to pull the Config off and spit back into the dashboard when devices are moved over.


Yea, this is probably what we're going to have to do.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels