Can I connect an MX to MS which then connect to another MX, in that order?

Solved
neosim
Here to help

Can I connect an MX to MS which then connect to another MX, in that order?

Hello, 

 

I am new to the world of Meraki. Can I connect an MX to a MS and from that MS, I connect another MX to create an internal network with the second connected MX?  Just like the image below.

 

MX Connection.png

 

 

 

 

 

 

 

If so, what are the possible configurations do I need to make? Thank you in advance.

 

1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal

That works.

 

In case you trying to build a warm spare they both need to be the same model mx , and need to be in the same dashboard network. And only 1 mx lan is active. https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#Recomme...

 

In case you just want 2 separate mx. They both need a separate dashboard network.

View solution in original post

7 Replies 7
rhbirkelund
Kind of a big deal
Kind of a big deal

Can you describe a bit more on what you're trying to achieve?

 

In principle you can connect as many MXes as you want - they just need a way to the internet to check in with Meraki Cloud.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
ww
Kind of a big deal
Kind of a big deal

That works.

 

In case you trying to build a warm spare they both need to be the same model mx , and need to be in the same dashboard network. And only 1 mx lan is active. https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#Recomme...

 

In case you just want 2 separate mx. They both need a separate dashboard network.

DarrenOC
Kind of a big deal
Kind of a big deal

Morning @neosim 

 

Please give this document a read.  Good place to start.  

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

As previously mentioned, what are you trying to achieve?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
alemabrahao
Kind of a big deal
Kind of a big deal

You can without problems, but what do you really want to do? Have redundancy? Have links separated from your corporate network from your visitors? 

 

Take a look at the links that @ww  and @DarrenOC  sent you.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
neosim
Here to help

Thank you all for the reply, I really appreciated. What I am trying to achieve is by separating visitor's traffic and corporate traffic through one ISP coming from the first MX.

 

This is a good starting point for me. 

 

Yes, I would like visitor's link to be on one connected MS that is attached to the first MX (as shown in picture above) and the corporate links to be connected to another switch (not shown in picture above) to be connected to the second MX. 

rhbirkelund
Kind of a big deal
Kind of a big deal

You can achieve this by separating the two MX'es in each their own Meraki Network. So you'd have an Organization called, say: Acme Inc, and then you'd have two networks one called e.g. Wyle-E Inc. HQ and the other called Wyle-E Inc Guest.

 

You'd then connect both MXes to trunk ports on the MS250. Now, one key important aspect, is that Guest services on the Guest MX, must have a VLAN number that is different and unique from the HQ Network. Basically, you'll be separating Guests from corporate users, using L2 segmentation (VLANs). That is, the guest network must not be created on the Corporate MX. If the Corporate Network also contains wireless, which is supposed to be used by the Guest services as well, this is also not a problem. Simply configure the SSID to bridge clients to the Guest VLAN configured on the Guest MX; and make sure this VLAN is trunked throughout the LAN.

 

By ensuring the Guest network not being created on the Corporate MX, there won't be any L3 traffic routed between the two networks, but the Guest services will still be "piggybacking" off your Corporate LAN infrastructure.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
neosim
Here to help

Amazing! That's exactly what I am trying to do. Thank you for the detailed instruction.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels