Meraki Network Campus Design

Solved
SAM-Al
Here to help

Meraki Network Campus Design

Hi All,

I'm planing to set up meraki network campus design in our company (NAT mode), and I'm wondering if you can help with some ideas, here is what i'm planing to use

1. 2 MXs like MX100 or MX250 (Warm spare)

2. 2 MS 425 aggregations switches (stacked)

3. 6 MS 210 access switches (stacked)

My idea is to configure all the Vlans in MS425 plus the ACL and static route via Vlan1 to the MXs so it's going to be L3 link between MS425 and the MXs, and L2 link between the MS425 and the MS210..

My question here, how is the warm spare going to work in this case if there is no L2 links (VRRP) between the 2 MXs?? my understanding that the warm spare need L2 links direct or indirect between the MXs...

Can you please share your ideas ?

1 Accepted Solution
ali_abbass85
Getting noticed

Hi @SAM-Al

There is a requirement for L2 connectivity over the LAN between the MX devices, you can connect each MX Device on the LAN side with every MS425 switche on the same VLAN (VLAN1 for example), do not worry about creating a loop as RSTP will kick in and block the non required ports. I would also prefer that you connect the MX devices directly over the L2 LAN (this is what we are doing in our setups)

 

Drawing1.jpg

View solution in original post

13 Replies 13
ww
Kind of a big deal
Kind of a big deal

meraki does not have real L3 links they are L2 going to a SVI. you get mx1 mx2 and core switch all in vlan1 so vrrp can function in that vlan1

 

using direct link between the mx's is not recommended. https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

SAM-Al
Here to help

Oh, i see what you mean, my mind was going with real L3, i don't know why haha.. thanks again

ali_abbass85
Getting noticed

Hi @SAM-Al

There is a requirement for L2 connectivity over the LAN between the MX devices, you can connect each MX Device on the LAN side with every MS425 switche on the same VLAN (VLAN1 for example), do not worry about creating a loop as RSTP will kick in and block the non required ports. I would also prefer that you connect the MX devices directly over the L2 LAN (this is what we are doing in our setups)

 

Drawing1.jpg

SAM-Al
Here to help

Thanks for help Ali, this is exactly what I need, so my understanding now that the link between the MXs and the MS425 will be via VLAN1 although it will be considered as close to L3, so the default route or the static route between these two layers will be carried via Vlan1 which is already configured without enabling the option below ( i mean without checking the box in the option below), correct??

I would prefer to configure a direct L2 connection between the MXs as well by choosing different Vlan (example Vlan 1000), but I need to go with the design that you sent to reduce the load from the MXs by having all the Vlans and the ACL between them configured in MS425... is that what you mean??

 

Capture.PNG

ali_abbass85
Getting noticed

Hi @SAM-Al 

Between the MXs and the MS425 you can use any VLAN number I would suggest not to tag traffic, just configure the MX devices with all LAN ports as Access VLAN X (Enable the option below then configure them), and the MX425 with Access VLAN X (choose X to be unique VLAN  to keep a clean design). I would not recommend to keep a different VLAN between the MXs only, as this will be a confusing design, and it is preferred to have different paths between the MX devices and the switches, you are protected from loops by RSTP, bottom line, after all the MX LAN is actually a switch.

 

On your second point, the MX devices will only have single VLAN configured and there is no overload, however you need to design your next hop carefully (the one which gets you to the end Access VLANs)

just print the diagram and start simulating what if the one of the MXs is down, what if one of the switches is down, etc...

 

SAM-Al
Here to help

That makes sense Ali, I'm not sure why I keep thinking that this port will act as layer 3 if i don't check the box for enabling Vlans per port haha (like regular standard router),,  thanks for the explanation Ali, I appreciate it. 

ali_abbass85
Getting noticed

Anytime Sam, let me know if there is anything else I can help with.
SAM-Al
Here to help

Honestly i have more questions haha,, I will start new topics or subjects about them and I will mark this one as resolved.

From your experience, have you noticed any limitation from the MX side when configuring all the Vlans at the MS425 instead of having them at the MX... for example AD and RADIUS integrations? My understanding that the AD will be integrated with the MX, but the MX won't have the Vlans, is that considered a limitation here?

ali_abbass85
Getting noticed

Hi @SAM-Al 

For your question, I do not think it is a good idea to have the intervlan routing done on the MX devices, this will have unnecessary load on them and it is not best practices. Better that the Core MS switches take care of interconnecting the vlans and separate them from the MX (on L2 I mean),

SAM-Al
Here to help

Thanks Ali, 

Actually this is the same plan that I’m planning to use for MS425 (using it as a core/distribution),, but do you think that will limit some of the MX features? 

ali_abbass85
Getting noticed

I do not see any limitation on the MX, after all the switching functionality on the MX is basic (Vlans, Access/trunk...)

PhilipDAth
Kind of a big deal
Kind of a big deal

>6 MS 210 access switches (stacked)

 

You can stack MS225 and MS210 switches together.  MS225 switches have 10Gbe uplinks.  So if you varied your parts list slightly to:

4 x MS210

2 x MS225 (all 6 switches stacked together)

You could run dual redundant 10Gbe links back to your MS425.  If you don't care about having the uplinks spread across two switches you would only need a single MS225.

 

I would also consider creating two stacks of three switches, which each stack containing:

1 x MS225

2 x MS210

This has the same number of switches as before.  When you upgrade a switch in a stack it upgrades all stack members and reboots them simultaneously.  If you create two seperate stacks like this if halves the blast foot print.  Also it a stack should malfunction for some reason it again only affects half of the ports.

 

If it was me, I would create two smaller stacks for the access layer rather than one large stack.

 

Also here is the campus switching design guide:

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

SAM-Al
Here to help

Thanks for the info Philip, I think for now we are going with MS210 due to limit budget, another reason there will be no big load on the switches, I mean no big bandwidth usage.

I like the idea of creating multiple stacks because of the reason that you mentioned below, that makes sense, I will go with it.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels