Meraki

Community

Do I need a Layer 2 Switch

Solved
BradM
Here to help
‎Aug 17 2018 9:17 AM
‎Aug 17 2018 9:17 AM

Do I need a Layer 2 Switch

Just curious if I will need a layer 2 switch for my companies network.

 

Right now I'm going to go with a MX65 for my edge device, then use the MS250-48P (Layer 3 switch). Now I want to have two (2) VLANS. Let's say VLAN 1 for data and VLAN 10 for voice.

 

Would I require a layer 2 switch as well to implement this type of network? Or could I just have port 1 on the MS250 set as a trunk going towards the MX65, and then say have ports 2-10 set as access ports and set the VLAN to 1 and the voice VLAN to 10?

 

Under the "Routing and DHCP" tab, if I just configured two interfaces, one as the 172.16.8.0/24 subnet (data) and another interface as 172.16.9.0 subnet (voice), and have my MX65 act as the DHCP server for voice. I wouldn't need the MX65 to act as a DHCP server for the data VLAN as I already have one set up on windows server for that.

 

 

0 Kudos
1 Accepted Solution
In response to BradM
Adam
Kind of a big deal
‎Aug 17 2018 11:08 AM
‎Aug 17 2018 11:08 AM

Correct, the MX250 will work fine it is just an overkill for what you've said you needed.  Some people prefer to design there network as you specified by creating the VLANs and DHCP server on the top level switch (router on a stick) and just using the MX for the internet traffic/routing.  But I usually only go that route if I have a lot of VLANs.  Then I put them on the L3 switch to avoid the MX having to busy itself doing all that internal VLAN routing.

 

 

And don't feel bad.  I made the same mistake when I first started purchasing switches.  I thought I needed a lot more than I ended up using.  

 

EDIT:  And yes the setup you explained would work perfectly.  Just make sure the MX trunk port and the switch trunk port match.  A good practice for this is doing something like Trunk, default VLAN 1, Allowed VLANs 2,3 assuming 2,3 is your voice/data.  Obviously, that can be whatever.  Then non tagged traffic is not in your used VLANs. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

View solution in original post

11 Replies 11
ww
Kind of a big deal
Kind of a big deal
‎Aug 17 2018 10:26 AM
‎Aug 17 2018 10:26 AM

with a router on a stick you dont need a L3 switch.  but performance can be lower depending on kind of router and connection between the router and switch

0 Kudos
In response to ww
Adam
Kind of a big deal
‎Aug 17 2018 10:50 AM
‎Aug 17 2018 10:50 AM

In my opinion, I'd setup the VLANs on the MX and run DHCP from there.  Then setup a trunk port from the MX to something like a MS120.  Then on the MS120 the access ports can be setup with both a voice and data VLAN.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
In response to Adam
BradM
Here to help
‎Aug 17 2018 10:58 AM
‎Aug 17 2018 10:58 AM

I already got the MS250 switch. Because right now I'm replacing the ASA 5512 with the MX65, and I'm replacing two Dell layer 3 24 port switches with one MS250 48 port switch. Just curious if I was going to need a layer 2 switch. 

 

So, if I'm understanding you correctly I should just set up the VLANs on the MX, and then just don't create any layer 3 interfaces on the MS250 and use it strictly as a layer 2 switch? From there I just set up a trunk port from like LAN port 3 on the MX to port 1 on the MS250 and then use the remaining ports on the MS250 as access ports for my data and voice? 

 

Kind of thinking I shouldn't have even gotten the MS250 now, ugh!

0 Kudos
In response to BradM
Adam
Kind of a big deal
‎Aug 17 2018 11:08 AM
‎Aug 17 2018 11:08 AM

Correct, the MX250 will work fine it is just an overkill for what you've said you needed.  Some people prefer to design there network as you specified by creating the VLANs and DHCP server on the top level switch (router on a stick) and just using the MX for the internet traffic/routing.  But I usually only go that route if I have a lot of VLANs.  Then I put them on the L3 switch to avoid the MX having to busy itself doing all that internal VLAN routing.

 

 

And don't feel bad.  I made the same mistake when I first started purchasing switches.  I thought I needed a lot more than I ended up using.  

 

EDIT:  And yes the setup you explained would work perfectly.  Just make sure the MX trunk port and the switch trunk port match.  A good practice for this is doing something like Trunk, default VLAN 1, Allowed VLANs 2,3 assuming 2,3 is your voice/data.  Obviously, that can be whatever.  Then non tagged traffic is not in your used VLANs. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
In response to Adam
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 17 2018 11:17 AM
‎Aug 17 2018 11:17 AM

Also note that you don't normally need to dedicate ports for VoIP phones.  Usually on the Meraki switch you just specify the ports are access ports and define a voice vlan.  If a phone gets plugged in it gets placed into the voice vlan automatically.  If a PC is plugged into the back of the phone (assuming the phone also has a LAN port) the phones traffic gets placed into the voice vlan and the PC's traffic gets placed into the data vlan.  And if you just plug in a PC it gets placed into the data vlan.

 

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Configuring_the_MS_Access_Switch_for...

In response to PhilipDAth
BradM
Here to help
‎Aug 17 2018 11:27 AM
‎Aug 17 2018 11:27 AM

The phones we are using are Cisco IP phones with a switch/PC port on the back, so I will do what you suggested. 

 

Thank you,

 

Brad

In response to Adam
BradM
Here to help
‎Aug 17 2018 11:25 AM
‎Aug 17 2018 11:25 AM

Live and learn I guess. This is my first time upgrading a network, but at least I know for next time. 

 

I appreciate the help though on making this more clear now. Going to deploy these tomorrow, so I feel more confident now.

 

Thanks,

 

Brad

0 Kudos
In response to BradM
Adam
Kind of a big deal
‎Aug 17 2018 11:29 AM
‎Aug 17 2018 11:29 AM

Give us a shout if you have any issues.  The only other thing I can think of is that if you are setting up the network using the Trunk 1 strategy I mentioned above and you'll need to specify the data VLAN on your switch for its IP configuration, whether DHCP or static so it can use that to communicate to the internet.  Otherwise, it'll default to that VLAN 1 that stuff shouldn't be using. 

 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
BradM
Here to help
‎Aug 17 2018 11:39 AM
‎Aug 17 2018 11:39 AM

You mean this part that you find under the monitor tab called "Switches"?

 

 

 

Switch VLAN config area.PNG

 

 

 

 

 

 

 

 

 

Where it say's VLAN, I would just put my data vlan there? i.e vlan 5 for data

0 Kudos
In response to BradM
Adam
Kind of a big deal
‎Aug 17 2018 11:49 AM
‎Aug 17 2018 11:49 AM

That may be the same place.  I usually go to Switch>Switches.  Click on the switch in the right panel.  Then you should see this on the summary page depending on what dashboard you have.  I just click the edit in the red circle.  

 

Capture.PNG

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
BradM
Here to help
‎Aug 17 2018 11:57 AM
‎Aug 17 2018 11:57 AM

Okay, that is the same place. 

 

Thank you so much for all your help. Not all heroes wear capes =D 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.