Meraki

Community

Best Practice for Connecting MS225 Stacks to MX250 in Active-Passive Mode

ygurra1
Here to help
a week ago
a week ago

Best Practice for Connecting MS225 Stacks to MX250 in Active-Passive Mode

Hi everyone,

I am working on a setup involving three separate stacks of MS225 switches, which I plan to connect directly to MX250 devices configured in an Active-Passive mode. My approach is to connect two uplinks from each stack—one to the Active MX250 and the other to the Passive MX250.

Given that RSTP is enabled globally and at the port level with default settings, I want to ensure that this setup does not introduce any looping issues, especially considering that MX devices do not support LACP.

I would appreciate any insights or best practices from those who have implemented a similar design. Specifically, are there any considerations or configurations I should apply to prevent potential network loops?

 

Here it is my scenario:

ygurra1_0-1739859914428.png

 

 

Looking forward to your recommendations. 
Thanks in advance,

Regards

Labels:
0 Kudos
9 Replies 9
AmitPanchal
Here to help
Monday
Monday

You can use this topology as well. This wont have any switching loops.

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
Monday
Monday

With a redundant setup, the most important part is the enabled native VLAN on the MX:

https://cyber-fi.net/index.php/2022/03/13/how-to-connect-the-meraki-mx-to-ms-switches/

 

If you have the same VLANs on all switches, you will face some extra challenges with unusual BPDUs as each Switch will see multiple other switches on each uplink:

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Layer_2_Functionality#Spanning_Tree_Prot...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
ygurra1
Here to help
yesterday
yesterday

Hi @KarstenI ,

Thank you very much for this great article. 

However, I would like to ask one more thing. We do have a parallel CoreSW connected as per below, and that's why we are doing all this since we want to smoothly transition from the old scenario ( on the right of the topology ) to the new one ( on the left )

ygurra1_2-1740301359904.png

 

 

We have tried to connect the Stack-03 ( acting as CoreSW ) in parallel with the scenario on the right, and we got a blackout of connections in the whole environment once we connected the second cable to the Meraki MX passive device from the second switch in the stack. Most probably because of spanning tree and we had configured the ports on Meraki to Drop the untagged traffic, could this last one might be blocking also the BPDUs so denying STP to do its job ?

 

If you can give some insights here what could have cause that and what we can do it better, I would really appriciate it.

Thanks in advance 🙂

 

0 Kudos
In response to ygurra1
KarstenI
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Yes, as mentioned, the native VLAN on the MX is existential to forward the BPDUs to the MS switches in this scenario. By running PVSTP on the Catalyst side, you create a loop through the combined infrastructure. It's not for all VLANs, but enough for the meltdown.

My advice would be to configure the native VLAN as the Meraki Mgmt-VLAN with no other devices in there in the infrastructure on the left. But that will likely still cause inferior BPDUs. Can you use completely different VLANs on the old and the new side? That would give some extra separation when you only allow the needed VLANs on the MX trunks.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
ygurra1
Here to help
yesterday
yesterday

Hi @KarstenI ,

I didn't understand the fact that if we remove the connections to the existing/old CoreSW on the right, why it should still create inferior BPDUs as you mention ? 

 

On the other hand, when you advise to create new VLANs for the new site, this is valid when both scenarios are running at the same time I guess, otherwise if I disconnect the old devices on the right why would I need new VLANs ? 

 

Thanks a lot for your time and support !

0 Kudos
In response to ygurra1
KarstenI
Kind of a big deal
Kind of a big deal
yesterday
yesterday

That was just when the old core was connected. When thinking again, I am not sure anymore if this symptom will be seen as the MX is transparent for the Catalyst to Catalyst communication. In general, the more separation we have between these worlds the better.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
RaphaelL
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

You can check this document : https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

 

It is slightly more resilient than what you are describing.

 

You have to build your switch stacks with the lowest MAC on your top of the stack switch or your will end up with some weird behavior due to STP portId being the tie-breaker.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

I wouldn't do this.

 

Hopefully, one of the stacks is near the MX250s.  Make that that stack the core switches.  Then, plug everything into the core switches.

In response to PhilipDAth
ygurra1
Here to help
yesterday
yesterday

Hi @PhilipDAth ,

Thanks a lot, that's what I was thinking as plan-B but it seems I have to go with it directly as the topology described above is quite dangerous. 

Moreover, I would like to ask one more thing. We do have a parallel CoreSW connected as per below, and that's why we are doing all this since we want to smoothly transition from the old scenario ( on the right of the topology ) to the new one ( on the left )

ygurra1_1-1740301239277.png

 

We have tried to connect the Stack-03 ( acting as CoreSW ) in parallel with the scenario on the right, and we got a blackout of connections in the whole environment once we connected the second cable to the Meraki MX passive device from the second switch in the stack. Most probably because of spanning tree and we had configured the ports on Meraki to Drop the untagged traffic, could this last one might be blocking also the BPDUs so denying STP to do its job ?

 

If you can give some insights here what could have cause that and what we can do it better, I would really appriciate it.

Thanks in advance 🙂

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.