MX and BPDU

jason_gauruder
Here to help

MX and BPDU

 

Trying to get clarity on this document and specific statement:

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Layer_2_Functionality

“If the MX received BPDUs on the LAN, these BPDUs will be re-forwarded within the broadcast domain that they were received on.”

 

 

Is the forwarding of BDPUs received downstream attached MS switches only applicable in “Routed - Use VLANs Enabled” mode ?

OR

  Does the MX forward BPDUs also when its LAN interfaces are operating in “Routed - Use VLANs Disabled” mode ?

 

 

Trying to figure out how best to attach dual MX (one operating as warm spare) to a layer 3 MS stack (say for example MS250) and avoid STP blocking.    Since the MX cannot do Port-Channel to MS, I think I can only use redundant physical paths from an MX to MS stack with the redundant path being STP blocked by the MS.     If I try to use MX with "vlans disabled" and maybe use OSPF between MS and MX, then I think I would need two "transit" vlans...but then I think the routing gets "ugly" as meraki ospf and/or static routing on the LAN side between MS and MX may be challenging/incomplete.  For example, the MX cannot advertise a default route to MS (only routes learned over auto-vpn if I understand correctly) and so the MS side would need two static default routes, which i'm not sure is possible (ie : no tracking capabilities to determine viability of path)

Meraki-MX-MS-Layer-1-2-vlans-disabledMeraki-MX-MS-Layer-1-2-vlans-disabledMeraki-MX-MS-Layer-3-vlans-disabledMeraki-MX-MS-Layer-3-vlans-disabledMeraki-MX-MS-Layer-1-2-vlans-enabledMeraki-MX-MS-Layer-1-2-vlans-enabledMeraki-MX-MS-Layer-3-vlans-enabledMeraki-MX-MS-Layer-3-vlans-enabled

 

 

11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal

@jason_gauruder 

 

Take o look on this article, I think It can help a lot:

 

 

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

yes, in reading that article, so if I understand correctly, the implied best practice would be to have the mx with "vlans enabled" and when connecting to an MS Layer 3 switch stack :

  • Make sure STP is enabled on the downstream switching infrastructure, as a properly-configured HA topology will introduce a loop on the network.

 

so the STP blocked ports for the alt physical path from MS stack to MX, is desirable, is best practice, is by design.      is this a fair/correct statement ?    

 

Hopefully MX will support Port-channel (link aggregation) in the future which will eliminate the STP port blocking design.

 

regards,

Jason

Yes, It is correct, I'm using this design In one of my customers, and It has been working well. 🙂

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I appreciate your feedback on this subject.  Thank you for your time!

 

Regards,

Jason

cmr
Kind of a big deal
Kind of a big deal

We have dual MX in single VLAN mode with a switch stack at all of our sites. Where we have Catalyst stacks we dual connect each MX and have no issues. Where we have Meraki stacks (210 or 355) we have had issues when rebooting the switch stack, so have changed to having the MXs physically dual connected, but with at least one of the secondary connections disabled at the switch end. We find out which combination works best at each site by trial and error... 

very interesting.   Will certainly note that !

KarstenI
Kind of a big deal
Kind of a big deal

A blog-post on this topic which could give you some more ideas:

https://cyber-fi.net/index.php/2022/03/13/how-to-connect-the-meraki-mx-to-ms-switches/

this is helpful info - much appreciated !

GreenMan
Meraki Employee
Meraki Employee

Just one thing to add, almost as an aside: using OSPF on the MX, in the way described, is not an option here;   OSPF on MX advertises AutoVPN branch subnets to the upstream DC neighbour only - it does nothing in relation to underlay networking (e.g. the default route).   The MX also does not learn any subnets from upstream of the internal router.    Hence the title of the related KB article:    https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets

It should also be said that, even for the VPN subnet re-distribution use case, OSPF has been largely superseded by using eBGP, which is far more feature-rich:  https://documentation.meraki.com/MX/Networks_and_Routing/BGP

thank you - appreciate this additional information!

jason_gauruder
Here to help

*** response from Meraki on the original question ***

 

Hello Jason,

 

Yes, the MX still forwards the BPDUs even if the VLANs are disabled. 

If you have any questions, feel free to reach out to me on this thread!

 

Respectfully,
Siddhaya Vaity
Cisco Meraki Network Support Engineer

Get notified when there are additional replies to this discussion.