Hey
We bought the MX75 for our new branch.
I want to understand, what is recommended in terms of VLAN?
our hardware is:
1 Unit of Meraki MX75
2 Units of Meraki MS120
4 Units of Meraki MR44 Access Points.
Our company is SaaS-based (no internal servers at all) - all is in the cloud.
Our branch doesn`t need a separate guest network.- no guests.
50% of users work on laptops, and the rest on Workstations.
Is it recommended to configure 2 VLANs in the MX?
One for Management with the rest of Meraki devices? (Switches & AP`s)
Second VLAN - for users.
Does that make sense?
is it a must?
I guess it will require me to log in to each device (MS \ MR) via Dashboard and configure them a static IP? or will they get an IP from the range of the VLAN?
Any advice would be appreciated
Thank you!
Its not a must, but recommended
Its easy to configure on meraki dashboard and dhcp is enabled for your vlans. Then the switches and mr can get DHCP adresses from the mx.
Hey @Roey1984 , If indeed you only have users of one type and the count of users is not too high (lower than 200) than your design makes perfect sense.
The main considerations are as follows:
1) If you have mainly north south traffic (local to internet) and not too much traffic between VLANs then it is easiest to directly terminate your VLAN's on your MX.
2) It is always recommended to isolate your Meraki gear on separate VLAN's. That makes firewall rules more consistent or perhaps some other functions like using the management IP's of switches and AP's on an authentication server or syslog server. Wether you throw your switches and access points in one VLAN or in separate VLAN's is entirely up to your design. On a personal note: if I have a customer where I want to put AP's and switches together I usually use the lower IP's for the switches and start numbering AP's from .100. Then I also reserve some space above .200 for DHCP space. Even if you use static IP's on your Meraki devices it is always recommended to have a small DHCP pool so if you have a new device or factory defaulted a device it can reach the cloud on it's own without your intervention to collect it's configuration.
3) Usually switches get a fixed IP in my designs but you don't have to log into each switch for that. If they reach the cloud through the DHCP server from previous point you can configure their fixed IP from dashboard or API. You can ofcourse stick fully to DHCP but that's entirely up to you.
I hope this helps.
Hey Joe
This is my first time configuring VLANs, and want to be sure that my configuration is described correctly
I drew something, can you have a look and tell me if it seems ok?
Moreover, do I need to configure VLAN 1 & 2 in both Switches? or only in the MX?
I`m not sure that the cabling in the drawing is ok, if you will be able to have a look that would be awesome!
Just to add to the other posts, I typically also have separate VLANs for printers, IoT and other “special” devices like door-systems and so on.
I think there are a lot of options and seeing the above I'd agree with @KarstenI about separating different classes of devices into individual VLANs. As mentioned: Management, Endpoints, printers, telephony, CCTV etc. If you only have endpoints and printers then 3 VLANs should do.
On the subject of static Vs DHCP we are moving towards DHCP for everything that we can, modern SIEM solutions don't need devices to have a static IP and most cloud services certainly aren't going to care!
Hey cmr
thank you for your answer
As I wrote to Joe, this is the first time I`m configuring VLANs, but I`m not sure that my configuration is correct
What do you think?
I wrote 3 questions on the side of the drawing, and I`m not sure that the cabling in the drawing is ok
My goal is to learn as much as I can in order to be proficient in Meraki devices!
@Roey1984 your setup is just about right, my comments would be:
Thank you CMR for you answer!
I still not sure regarding the link that is connected to the bottom MS switch.
We`ll have to keep on asking
thanks again