I am trouble shooting a network that has been configured and installed by a previous Meraki Partner. My background is Cisco Aruba and HP very new to Meraki. I have been looking at the configuration and I see the MX hardware does not support LACP or any equivalent protocol. The customer has a HA/ Warm standby configuration that seems to be creating a loop and I wanted to confirm if the supplied solution would work.
I have read over various documents and there seems to be a number of different methods regarding the heart beat for the VRRP etc requiring a dedicated cable on one document and not the other, but regardless the current setup based on the web GUI would indicate that the Warm standby is setup correctly with MX250-1 stating it is Primary Master and the spare MX250-2 saying passive ready. Based on what I have read that would indicate that element of the configuration is functioning as expected.
The customer has 8 switches 4 on the first floor and 4 on the second. The original installer has a 10gb fibre link going to each switch from the primary MX250-1 and warm spare MX250-2.
The problem is it is creating a loop even with STP enabled globally and bringing down the network. Normally if I were configuring something like this I would use a resilent core switch with LACP or BAGG.
I wanted to confirm if the MX250 supports this configuration with a link from the primary and standby or would the normal practice be to use an aggregation switch on each floor as a core switch and configure LACP links to provide a resilient solution. I do not normally use firewalls as my core switches so was not sure if this was a standard Meraki setup.
Any advice or pointers appreciated
Meraki switches? Assume all links are trunks? Does the trunk config match on each end MX and switch (the native and allowed VLANs)?
In a normal state half of these links should be in STP blocking mode. Is that what you see? Is the event log showing loop detected, MX to switch link port flaps, etc? Is the MX pair showing VRRP transitions?
Thanks for the reply rymiles
The switches are configured as trunk ports as assumed. The VLANs are consistent across all the network. The STP I expected to see against the second links is saying state blocking but the network still creates a loop bringing the entire network down. I am discussing coming in to put a basic configuration and testing out of hours to eliminate the configuration sometimes it is hard to see the wood for the trees when you have not configured the solution.
>the customer has a HA/ Warm standby configuration that seems to be creating a loop and I wanted to confirm if the supplied solution would work.
I would single connect each MX. I would not connect each MX to two switches, or put a link between the MXs. This works really well.
The official guides recommend dual connecting, but I don't do that. I've had more outages caused by the additional redundancy than what the additional redundancy saved.
Okay the plot thickens. I have done some testing this evening and it does not seem to be the complete network that fails. They have a 390 on each floor and 3 225 switches. All switches are at the same software version but as soon as we enable the RSTP globally all switches stay up except one 225 on the 1st floor. I am not sure how or why but as soon as we enable the RSTP the port receives a BDPU request and shuts the port down. The bit that is baffling me is there is only one uplink port and that is the port it closes down. Could this have been stacked historically with another switch on a different floor. It receives the BDPU request from a MAC on the network but I cannot match it with any hardware on this network.
@360Solutions are the 3x MS225s on each floor stacked? They support stacking with the QSFP+ ports on the back and work better that way than as separate switches.
What MX and MS firmware are you running, I had STP issues with dual connection on firmwares less than 14.30.
The switches running 14.32 and the MX running 15.44. Each switch has a link to each MX250 so 2 ports on every switch. The strange thing is even with just 1 port connected to the primary MX250 when we enable global STP the link gets the BDPU message and disables on the switch side. This is the bit that is throwing a curve ball. I am looking at it remotely at the moment and plan to be onsite in the next day or two so will get a better look then. Thanks for the advice cmr
Personally I would aggregate access switches into a pair of 'core' switches, built as a stack, first. The downlinks can then be set up as LAGs. You then designate the Core stack as STP root and link each MX directly to both switches in the stack and allow the Core stack to block one uplink to each MX. No link directly between the MXs.