MX68 with Layer 3 Switch

carl222
Here to help

MX68 with Layer 3 Switch

Hello!

 

I'm wondering what would be the best way to configure and connect 2X MX68 and 2X C3850 together.

 

In this topology, SW1 and SW2 are Layer 3 switches doing the routing between VLANs. They also have a Layer 3 link between them to avoid loops in the layer 2 domain.

 

With only 1 switch, I would do no switchport and assign let's say 192.168.1.2 on the routed port of the C3850 switch. On the MX, I would put Port3 as an access port in VLAN50 and configure the subnet as 192.168.1.1. SW1 would have a default route pointing to the MX (192.168.1.1) and the MX would have static routes for VLANs 150,160,170 pointing to SW1 (192.168.1.2). Clients below would have SW1/SW2 (HSRP) as their gateways. Now how would you configure the same setup in redundancy ?

 

Thank you

Carl

 

Capture.PNG

 

 

 

6 REPLIES 6
cmr
Kind of a big deal
Kind of a big deal

We use MX pairs and 3850s as our main routing switches, but we stack the 3850s and then wire the MXs as you have.  This has worked well for the last year.  With your setup where the 3850s are independent I would be careful about the second MX to 3850 connection as you may well get spanning tree issues.

 

In terms of the layer3 on the 3850s we don't use a routed port, we use a VLAN interface so that you can have multiple switch ports in that network (both MX LAN interfaces) so in your case, I think the VLAN would need to be on both switches using HSRP between them and 192.168.1.2 would be the VLAN HSRP interface IP.  Your other routing settings look correct to me.

PhilipDAth
Kind of a big deal
Kind of a big deal

I would use a single connection from each MX to its nearest switch, not dual connections.  Layer 2 loops are your enemy when it comes to reliability.

@PhilipDAth Yeah, MXs ports are Layer 2 right ? They use SVIs just like L3 switches.

 

So you would do no switchport on both switches, Ex: 192.168.1.252 on SW1, 192.168.1.253 on SW2 (HSRP VIP 192.168.1.254) and then connect them up individually on each MX Port3 in Access VLAN50 with subnet 192.168.1.1?

 

Thank you

cmr
Kind of a big deal
Kind of a big deal

@carl222 I would not use no switchport, I would use switchports in a VLAN and put the IP addresses on the VLAN interface (SVI).  The MX ports are L2 as you thought

@cmr Thanks for the reply!

 

The architecture of that site is note completely done yet so I'm trying to find the best way to put this all together.

 

We might just stack both 3850s together like you said earlier.

 

MX1 P3 --> Stack G1/0/1

MX1 P4 --> Stack G2/0/1

MX2 P3 --> Stack G1/0/2

MX2 P4 --> Stack G2/0/2

 

On the MXs I would use access ports in VLAN50 (192.168.1.1) and on the stack I would use interface SVI 50 (192.168.1.2) and put all 4 ports in VLAN50 like you said. And for the LAN I'll do the same thing but in differents SVIs.

 

Thoughts ?

 

Thank you

PhilipDAth
Kind of a big deal
Kind of a big deal

I would only use a single LAN port on the MX (so it only connects to a single switch), make that a trunk port, and run whatever VLANs you want across it.

 

I would not connect both MXs to both switches.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels