MX subnet question

tony3
Conversationalist

MX subnet question

I know you can go to addressing and vlans page to create LAN networks.  If I have two networks or more, do I need to use VLANs?  Let's say I have 192.168.1.0 / 2.0 and 3.0.  Do I need to use VLANs and connect a cable from designated ports on the MX to 3 switches?  Then, do I need to assign VLANs to the switches?

6 REPLIES 6
MerakiDave
Meraki Employee
Meraki Employee

If I understand correctly, yes, you should create those 3 VLANs on the addressing and VLANs page (you're really just defining the 3 SVIs), but no, you do not need 3 different LAN ports on the MX to connect to your switches (or switch stack), because that can just be a single physical link, a trunk port that allows VLANs 1, 2 and 3, and then just assign the access VLAN ports on your switches accordingly.

tony3
Conversationalist

So just to make sure I could make 

 

VLAN 1 192.168.1.0

VLAN 2 192.168.2.0

VLAN 3 192.168.3.0

 

Then make a single port on the MX trunk port and select "All VLANs"?  What would I choose for native VLAN?  Then, the switch port I'm connecting to from the MX needs to be a trunk port also?  Do I need to assign VLANs to all of the switches?

 

Is this the preferred way of doing this?  I'm not questioning you, but what happens if I do it my original way?  I guess if I'm doing it my original way, which is make 3 different LAN ports on the MX, I need to make those ports access ports?

Hi @tony3 that's correct, you could make those 3 VLANs on the MX, and then have a single physical cable connect to your switch or switch stack, and that would be an 802.1q trunk port, carrying all 3 VLANs.  You can choose any default VLAN you like, the default will be VLAN 1, and the default management VLAN for the switches will also be VLAN 1, which you can also configure under Switch > Configure > Switch Settings. 

 

And yes, also correct, the switch port you're connecting to should also be a trunk port.  By default when you first deploy a new switch, all switch ports will already be trunk ports with native VLAN 1 and all VLANs allowed.  So out of the box, the trunk connection would work, and then you simply select which ports you want in which VLAN and assign them to those VLAN IDs as access ports.

 

Yes, I'd say that's the preferred way.  If done your original way, that will also work, the disadvantage being scalability, because you would have 3 physical ports on the MX configured as access ports with 3 physical connections from the MX to the switch, and those switch ports would also be access ports on their respective VLANs.  That's all fine, and would also work for your deployment, but it obviously burns more physical ports, and doesn't scale (when you have a lot more VLANs).

 

Also, depending on your use case, if the VLANs don't have different functions or reasons for existing, and you simply want a larger block of contiguous address space, perhaps you could also use a shorter subnet mask, like a /23 to allow 510 hosts or a /22 to allow just over a thousand hosts.  

 

Hope that helps!

 

Thanks. Just to make sure I understand, it doesn’t matter if I use trunk or access ports on the MX, the switch still needs to have VLANs. 

 

Lets say I decide to use VLANs 

 

1 192.168.1.0

2 192.168.2.0

3 192.168.3.0

 

I can make 3 access ports on the MX for each subnet. I could then make one switch on VLAN 1, second switch VLAN 2 and a third switch VLAN 3 and make the switch ports also access ports.   

 

Am I right?  I understand with the preferred way it’s better for scalibility, but if I know I don’t need more than 3 ports on the MX and I have spare ports left on then MX, then I can use this way. 

tantony
Head in the Cloud

Is this correct?

tony3
Conversationalist

Just to make sure, is @tantony correct?  

 

also, should I put my modem in bridge mode since the MX will be the router?

 

My understanding is that turning on bridge mode will stop the routing capabilities of the modem. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels