Redundant passthrough MX

MishMash
Comes here often

Redundant passthrough MX

Hi everyone,

 

I've got a question from a customer of ours that I don't have a direct answer to. The customer (using only Meraki hardware) has got a Layer 3 stack with several vlan interfaces configured (some for the server vlans, some for the client vlans). The customer wants to bring up the security by placing two Meraki MX units between the core stack and the L2 switch stack where all the server are connected to. Currently, these two stacks are connected with a redundant 10G (LACP) connection.

 

Normally this wouldn't be a problem, just put an MX in passthrough mode, put it in between the 10G connection and you're done. But the customer also wants redundancy..

 

I think connecting this as a Passthrough HA setup would result in a L2 loop, so RSTP would block one of the ports. But configuring with translation would limit the throughput to 6GB (with the MX450's). 

 

What would be the best configuration in this case?

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

Some hardware platforms support port bypass mode. 

 

https://documentation.meraki.com/MX/Other_Topics/Port_Bypass_on_the_MX_Series

MishMash
Comes here often

That's interesting, but would that work for SFP ports?

 

*Edit*

I gave it another thought. But that would mean that all sorts of security go offline when one appliance fails. I don't think that this solution will be accepted by the customer...

MishMash
Comes here often

*bumb*

 

Does anyone else have an idea?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels