Hi,
I am soon going to implement MX85 with redundancy, I will follow below design, Is it fine or am I missing something important info before proceeding for an activity. Any suggestions? Thanks
Solved! Go to solution.
As others mentioned this should work fine. I'd recommend setting the bridge priority on the switches to make the blocked ports predictable. I'd set the top switch as root (example, 4096) and the bottom switch as secondary (example, 8192).
This is a valid design. But if you have at least /29 networks from the ISPs, you can easily connect both MXes to both ISPs. And the switch-ports that connect the MXes are not allowed to have any STP-Guard as you rely on STP to block two of the ports.
It looks like you have 2 potential loops there.
One would be between the switches and MX's (The MX's will pass bpdu's through. They don't participate in STP themselves).
The other would be between the three ms225's (unless two of them are stacked). Spanning tree should bring one of the ports down but still not an ideal design.
Still the recommended design ... 😉 And because @PhilipDAth will also recommend a different approach, in this blog post both options are outlined: https://cyber-fi.net/index.php/2022/03/13/how-to-connect-the-meraki-mx-to-ms-switches/
IMHO both are ok as long as the decision can be justified.
@Brash As mentioned by @Ryan_Miles If i am setting up the root bridge and backup, we can avoid loops.
No, the setting of the root bridge only makes it deterministic. But the loop is there regardless of the root-settings. STP will avoid the problems that occur through the loop.
As others mentioned this should work fine. I'd recommend setting the bridge priority on the switches to make the blocked ports predictable. I'd set the top switch as root (example, 4096) and the bottom switch as secondary (example, 8192).