Changing network design

SOLVED
LionGate
Here to help

Changing network design

Hello, everybody. My network core consists of a Cisco 2951 router that belongs to XO Communications connected to a Cisco 3750 that basically serves as my distribution switch and an MX100. I have around 500 devices including IP phones, etc. DHCP is presently served by an old Windows 2003 server. We have an MPLS to another location and the way my network is configured I have two cables from the XO router connected to the 3750 and there are another two cables from the 3750 to the MX, i.e. one inside amd one outside. I can only assume it was put together this way for some reason having to do with the MPLS but I don’t really like the design because I feel the functionality of the MX is limited. For some reason the MX can’t translate the MAC addresses for all attached devices so just returns the MAC of the 3750 in many cases. I’d also like to allow the MX to serve as the DHCP server and ultimately I want to replace the 3750 with a Meraki switch, probably an MS350. Does it make sense for me to reconfigure things so the XO router connects directly to the MX, with the 3750 connected inside of the firewall instead of having the MX basically in a loop off the 3750? This seems to be best practice but I’m not sure how to get there from where I am now. I can post a network diagram and configs if it would help. It seems the first goal should be to revise the physical topology then create routes from the MX to the VLANs on the 3750 so they can also be accessed on the MX. Thoughts?

1 ACCEPTED SOLUTION

It's saying it's a combined network within the dashboard. Do you have any Meraki switches/aps within the same Meraki network? If so split the networks out into their own individual networks and then try again re-applying the tracking change.

 

https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Combined_Dashboa...

 

 

 

 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

View solution in original post

8 REPLIES 8
MilesMeraki
Head in the Cloud

Can you post a topology diagram to allow for easier understanding of your current design. Is the 3750 currently doing any dynamic routing?  

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

Here's my topography:

Firewall topology.PNG

Not sure about Dynamic routing -- we have an MPLS and there are surely a few static routes to various servers here onsite. I'm content to leave the physical topology as is if I can figure out how to enable IP tracking so I can identify my traffic from the MX and also create routes or something so I can tag the ports on the MX to specific VLANs. I only thought it best to revise the design as it was suggested to me that best practices incorporated a design like this: https://documentation.meraki.com/MS/Layer_3_Switching/Layer_3_Switch_Example

 

PhilipDAth
Kind of a big deal
Kind of a big deal

First, you can track by IP address instead of MAC address.  Go to:

Security Appliance/Addressing and VLANS and select "Track clients by IP address".

https://documentation.meraki.com/MX-Z/Monitoring_and_Reporting/Client_Tracking_Options#Tracking_by_I...

 

The rest of your question is hard to answer.  It sounds like the XO circuit might deliver two separate services, and the 3750 might be used to break them apart. The 3750 could be doing inter-vlan routing, and if their is a lot of traffic it might not be suitable to move to the MX.

It is highly probably you could configure DHCP forwarding on the 3750 to send the DHCP queries to the MX and have it become responsible for DHCP.

 

You may be able to replace the 3750 with an MS350.  It is also possible the 3750 is doing things an MS350 can not do.

 

I think you need to get a local Cisco Meraki partner to help you.  If you log into the portal and go "Help" (in the top right hand corner) and then "Get Help" and scroll to the bottom it will list your Cisco Meraki sales contact.  Ask that person to refer you to a Cisco Partner in your area with the skills to work this out.

Thanks. Regarding tracking by IP, that's my desire. I have already reviewed the article you referenced. I am trying to learn how to properly set up routes on the MX so I can use that. Presently all I have on the MX is one VLAN -- VLAN 1 with IP 10.0.0.0/8. I think I need to revise this to match the /24 definition of VLAN 1 on the 3750, and to add static routes on the MX to route to the other VLANs on the 3750 to make the IP tracking work. I suspect the 3750 is splitting off the IP phone traffic and only filtering everything else. I think you're right that it would probably be best to let the 3750 do the routing. I would like to get the DHCP off of the old Win2003 server we're using for that and onto a newer device, though. The MX seemed a practical choice as I don't have another server to use for this at the moment. I am not pressed to replace the 3750 -- I just like the visibility into the network you get from Meraki devices and thought that would be a natural direction to go as I bring my network up to date a little.

PhilipDAth
Kind of a big deal
Kind of a big deal

To track by IP address you don't have to do anything more than click on the radio button and click save.

 

You don't need to change routing or anything else.

This is what I get when I do that...

Meraki ip scan error.PNG

It's saying it's a combined network within the dashboard. Do you have any Meraki switches/aps within the same Meraki network? If so split the networks out into their own individual networks and then try again re-applying the tracking change.

 

https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Combined_Dashboa...

 

 

 

 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

I have one MX and one MR access point. Isn't integration sort of the whole purpose of combining the network? Meraki really needs to fix this. What's the point of an integrated network if you have to de-integrate it to use the best features? Physically these devices are all at the same location and on the same network.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels