Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX and BPDU

jason_gauruder
Here to help
‎Sep 29 2022 9:41 AM
‎Sep 29 2022 9:41 AM

MX and BPDU

 

Trying to get clarity on this document and specific statement:

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Layer_2_Functionality

“If the MX received BPDUs on the LAN, these BPDUs will be re-forwarded within the broadcast domain that they were received on.”

 

 

Is the forwarding of BDPUs received downstream attached MS switches only applicable in “Routed - Use VLANs Enabled” mode ?

OR

  Does the MX forward BPDUs also when its LAN interfaces are operating in “Routed - Use VLANs Disabled” mode ?

 

 

Trying to figure out how best to attach dual MX (one operating as warm spare) to a layer 3 MS stack (say for example MS250) and avoid STP blocking.    Since the MX cannot do Port-Channel to MS, I think I can only use redundant physical paths from an MX to MS stack with the redundant path being STP blocked by the MS.     If I try to use MX with "vlans disabled" and maybe use OSPF between MS and MX, then I think I would need two "transit" vlans...but then I think the routing gets "ugly" as meraki ospf and/or static routing on the LAN side between MS and MX may be challenging/incomplete.  For example, the MX cannot advertise a default route to MS (only routes learned over auto-vpn if I understand correctly) and so the MS side would need two static default routes, which i'm not sure is possible (ie : no tracking capabilities to determine viability of path)

Meraki-MX-MS-Layer-1-2-vlans-disabledMeraki-MX-MS-Layer-1-2-vlans-disabledMeraki-MX-MS-Layer-3-vlans-disabledMeraki-MX-MS-Layer-3-vlans-disabledMeraki-MX-MS-Layer-1-2-vlans-enabledMeraki-MX-MS-Layer-1-2-vlans-enabledMeraki-MX-MS-Layer-3-vlans-enabledMeraki-MX-MS-Layer-3-vlans-enabled

 

 

0 Kudos
11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 29 2022 9:45 AM
‎Sep 29 2022 9:45 AM

@jason_gauruder 

 

Take o look on this article, I think It can help a lot:

 

 

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
jason_gauruder
Here to help
‎Sep 29 2022 10:05 AM
‎Sep 29 2022 10:05 AM

yes, in reading that article, so if I understand correctly, the implied best practice would be to have the mx with "vlans enabled" and when connecting to an MS Layer 3 switch stack :

  • Make sure STP is enabled on the downstream switching infrastructure, as a properly-configured HA topology will introduce a loop on the network.

 

so the STP blocked ports for the alt physical path from MS stack to MX, is desirable, is best practice, is by design.      is this a fair/correct statement ?    

 

Hopefully MX will support Port-channel (link aggregation) in the future which will eliminate the STP port blocking design.

 

regards,

Jason

0 Kudos
In response to jason_gauruder
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 29 2022 10:10 AM
‎Sep 29 2022 10:10 AM

Yes, It is correct, I'm using this design In one of my customers, and It has been working well. 🙂

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
jason_gauruder
Here to help
‎Sep 29 2022 10:14 AM
‎Sep 29 2022 10:14 AM

I appreciate your feedback on this subject.  Thank you for your time!

 

Regards,

Jason

0 Kudos
In response to jason_gauruder
cmr
Kind of a big deal
Kind of a big deal
‎Sep 29 2022 2:50 PM
‎Sep 29 2022 2:50 PM

We have dual MX in single VLAN mode with a switch stack at all of our sites. Where we have Catalyst stacks we dual connect each MX and have no issues. Where we have Meraki stacks (210 or 355) we have had issues when rebooting the switch stack, so have changed to having the MXs physically dual connected, but with at least one of the secondary connections disabled at the switch end. We find out which combination works best at each site by trial and error... 

In response to cmr
jason_gauruder
Here to help
‎Sep 30 2022 5:20 AM
‎Sep 30 2022 5:20 AM

very interesting.   Will certainly note that !

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 29 2022 5:07 PM
‎Sep 29 2022 5:07 PM

A blog-post on this topic which could give you some more ideas:

https://cyber-fi.net/index.php/2022/03/13/how-to-connect-the-meraki-mx-to-ms-switches/

In response to KarstenI
jason_gauruder
Here to help
‎Sep 30 2022 5:20 AM
‎Sep 30 2022 5:20 AM

this is helpful info - much appreciated !

0 Kudos
GreenMan
Meraki Employee
Meraki Employee
‎Sep 30 2022 5:28 AM
‎Sep 30 2022 5:28 AM

Just one thing to add, almost as an aside: using OSPF on the MX, in the way described, is not an option here;   OSPF on MX advertises AutoVPN branch subnets to the upstream DC neighbour only - it does nothing in relation to underlay networking (e.g. the default route).   The MX also does not learn any subnets from upstream of the internal router.    Hence the title of the related KB article:    https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets

It should also be said that, even for the VPN subnet re-distribution use case, OSPF has been largely superseded by using eBGP, which is far more feature-rich:  https://documentation.meraki.com/MX/Networks_and_Routing/BGP

In response to GreenMan
jason_gauruder
Here to help
‎Sep 30 2022 5:59 AM
‎Sep 30 2022 5:59 AM

thank you - appreciate this additional information!

0 Kudos
jason_gauruder
Here to help
‎Sep 30 2022 10:56 AM
‎Sep 30 2022 10:56 AM

*** response from Meraki on the original question ***

 

Hello Jason,

 

Yes, the MX still forwards the BPDUs even if the VLANs are disabled. 

If you have any questions, feel free to reach out to me on this thread!

 

Respectfully,
Siddhaya Vaity
Cisco Meraki Network Support Engineer

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.