Distribution switch management IP

Slobs2
Getting noticed

Distribution switch management IP

Hello all,  I have a question. I am using an MS220-8 as a distribution switch from my ISP to two MX250's in an HA pair. Should the management IP of this switch come from behind the MX or can a public IP be used instead. Is it secure/safe to do so? Thank you!

3 REPLIES 3
UCcert
Kind of a big deal

Hi @Slobs2 . No need for you to assign a Public IP to your distribution switch.  We always create or re-assign a new VLAN purely for Meraki device management.  

look at the last paragraph of the below document:

 

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Layer_3_Switching_and_Routing#Notes_regardi...

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Slobs2
Getting noticed

Hi @UCcert , I don't think I understand your response. This switch is between the ISP and the MX, so its outside of the LAN. There is no DHCP so a static address would be needed, that would need to be a public address. I'm curious about the security implications of having a switch management IP as a public IP not private.

Bumping this up... we are now looking at the same configuration with using a Meraki switch as an internet distribution point BEFORE the MX router (so we can split our internet access between our internal network and an "air gapped" WIFI router... anything that should be watched out for in this configuration?

 

Slobs2 - did you proceed with this? Any tips?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels