Meraki

Community

MX HA to Cisco Nexus in vPC

engineeringmike
Conversationalist
‎Aug 1 2025 10:54 AM
‎Aug 1 2025 10:54 AM

MX HA to Cisco Nexus in vPC

Has anyone successfully connected two MXs in HA to a pair of Cisco Nexus in vPC? I understand that the MX doesn't support port-channels so I am fine with depending on STP for. Is there any documentation that can explain the architecture/configuration for this? 

0 Kudos
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 1 2025 10:58 AM
‎Aug 1 2025 10:58 AM

Even though the Nexus switches run in vPC mode, you are not creating vPCs for MX connections.

 

You need to connect each MX to both Nexus switches using individual access/trunk ports (no channel-groups).

 

These ports should not be part of any vPC, they must be standalone.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 1 2025 5:22 PM
‎Aug 1 2025 5:22 PM

I don't know the answer.  I have wondered if the Nexus "bridge assurance" feature might be a use case for this scenario.

https://networklessons.com/spanning-tree/spanning-tree-bridge-assurance

 

0 Kudos
MartinLL
A model citizen
‎Aug 2 2025 2:23 AM
‎Aug 2 2025 2:23 AM

I would use a FEX or a switch that is designated for single homed connections if possible.

 

 

 

If none of the above is possible i would do it this.

 

Create vlan on both Nexus switches.

 

Best practise is to keep non vpc vlans off the peer-link and use a dedicated interface/portchannel. But using the peer-link works as well. Do what fits your setup.

 

Then you should plan your stp topology. The MX forwards BPDUs un-modified so the nexus switches will see each other's BID. Use that to plan your forwarding and alternate ports.

 

If you get the stp topology wrong nothing bad will happen, but your data path will be through the MX instead of your peer link/dedicated l2 interface.

Considering this it might me smart to split the MX vlan out of the default MST domain and create a dedicated one just to reduce the potential fallout.

 

Imagine how easy this would be if the MX just could do portchannel....

 

What ever you do, don't enable bpdu filter on those ports... made that mistake in my early career. Still remember the feeling in my gut when the terminal went unresponsive 😬

MLL
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.