Trying to get clarity on this document and specific statement:
https://documentation.meraki.com/MX/Networks_and_Routing/MX_Layer_2_Functionality
“If the MX received BPDUs on the LAN, these BPDUs will be re-forwarded within the broadcast domain that they were received on.”
Is the forwarding of BDPUs received downstream attached MS switches only applicable in “Routed - Use VLANs Enabled” mode ?
OR
Does the MX forward BPDUs also when its LAN interfaces are operating in “Routed - Use VLANs Disabled” mode ?
Trying to figure out how best to attach dual MX (one operating as warm spare) to a layer 3 MS stack (say for example MS250) and avoid STP blocking. Since the MX cannot do Port-Channel to MS, I think I can only use redundant physical paths from an MX to MS stack with the redundant path being STP blocked by the MS. If I try to use MX with "vlans disabled" and maybe use OSPF between MS and MX, then I think I would need two "transit" vlans...but then I think the routing gets "ugly" as meraki ospf and/or static routing on the LAN side between MS and MX may be challenging/incomplete. For example, the MX cannot advertise a default route to MS (only routes learned over auto-vpn if I understand correctly) and so the MS side would need two static default routes, which i'm not sure is possible (ie : no tracking capabilities to determine viability of path)
Take o look on this article, I think It can help a lot:
https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair
yes, in reading that article, so if I understand correctly, the implied best practice would be to have the mx with "vlans enabled" and when connecting to an MS Layer 3 switch stack :
so the STP blocked ports for the alt physical path from MS stack to MX, is desirable, is best practice, is by design. is this a fair/correct statement ?
Hopefully MX will support Port-channel (link aggregation) in the future which will eliminate the STP port blocking design.
regards,
Jason
Yes, It is correct, I'm using this design In one of my customers, and It has been working well. 🙂
I appreciate your feedback on this subject. Thank you for your time!
Regards,
Jason
We have dual MX in single VLAN mode with a switch stack at all of our sites. Where we have Catalyst stacks we dual connect each MX and have no issues. Where we have Meraki stacks (210 or 355) we have had issues when rebooting the switch stack, so have changed to having the MXs physically dual connected, but with at least one of the secondary connections disabled at the switch end. We find out which combination works best at each site by trial and error...
very interesting. Will certainly note that !
A blog-post on this topic which could give you some more ideas:
https://cyber-fi.net/index.php/2022/03/13/how-to-connect-the-meraki-mx-to-ms-switches/
this is helpful info - much appreciated !
Just one thing to add, almost as an aside: using OSPF on the MX, in the way described, is not an option here; OSPF on MX advertises AutoVPN branch subnets to the upstream DC neighbour only - it does nothing in relation to underlay networking (e.g. the default route). The MX also does not learn any subnets from upstream of the internal router. Hence the title of the related KB article: https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets
It should also be said that, even for the VPN subnet re-distribution use case, OSPF has been largely superseded by using eBGP, which is far more feature-rich: https://documentation.meraki.com/MX/Networks_and_Routing/BGP
thank you - appreciate this additional information!
*** response from Meraki on the original question ***
Hello Jason,
Yes, the MX still forwards the BPDUs even if the VLANs are disabled.
If you have any questions, feel free to reach out to me on this thread!
Respectfully,
Siddhaya Vaity
Cisco Meraki Network Support Engineer