Warm spare question MX85

SOLVED
Tarmahmood1
Getting noticed

Warm spare question MX85

Hi,

I am soon going to implement MX85 with redundancy, I will follow below design, Is it fine or am I missing something important info before proceeding for an activity. Any suggestions? Thanks

 

 

Tariqmahmood_0-1678960601562.png

 

1 ACCEPTED SOLUTION
Ryan_Miles
Meraki Employee
Meraki Employee

As others mentioned this should work fine. I'd recommend setting the bridge priority on the switches to make the blocked ports predictable. I'd set the top switch as root (example, 4096) and the bottom switch as secondary (example, 8192).

View solution in original post

6 REPLIES 6
KarstenI
Kind of a big deal
Kind of a big deal

This is a valid design. But if you have at least /29 networks from the ISPs, you can easily connect both MXes to both ISPs. And the switch-ports that connect the MXes are not allowed to have any STP-Guard as you rely on STP to block two of the ports.

Brash
Kind of a big deal
Kind of a big deal

It looks like you have 2 potential loops there.

One would be between the switches and MX's (The MX's will pass bpdu's through. They don't participate in STP themselves).

The other would be between the three ms225's (unless two of them are stacked). Spanning tree should bring one of the ports down but still not an ideal design.

KarstenI
Kind of a big deal
Kind of a big deal

Still the recommended design ... 😉 And because @PhilipDAth will also recommend a different approach, in this blog post both options are outlined: https://cyber-fi.net/index.php/2022/03/13/how-to-connect-the-meraki-mx-to-ms-switches/

IMHO both are ok as long as the decision can be justified.

@Brash As mentioned by @Ryan_Miles If i am setting up the root bridge and backup, we can avoid loops.

No, the setting of the root bridge only makes it deterministic. But the loop is there regardless of the root-settings. STP will avoid the problems that occur through the loop.

Ryan_Miles
Meraki Employee
Meraki Employee

As others mentioned this should work fine. I'd recommend setting the bridge priority on the switches to make the blocked ports predictable. I'd set the top switch as root (example, 4096) and the bottom switch as secondary (example, 8192).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels