Meraki

Community

Interconnecting switches - Security question

Solved
Jeff_Longley
Getting noticed
‎Aug 7 2024 3:24 AM
‎Aug 7 2024 3:24 AM

Interconnecting switches - Security question

Have a new site being commissioned and because of the idiot landlord, my single floor space is two separate rooms being "converted" to a single space. However, the cabling is two separate instances.

So, I'll need a switch in Side A and a switch in Side B. not the end of the world, but.....


Landlord won't let us run Fibre to connect the switches, as "there's already fibre". Each of the rooms is connected to a Fibre patch panel and can be easily connected together.


However, as WE won't have access to that patching, what are my options for securing the switch uplinks?

0 Kudos
1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal
‎Aug 7 2024 4:01 AM
‎Aug 7 2024 4:01 AM

The only way to be sure that there is nothing in the middle that interferes is to run a VPN over the links, by treating them as two separate spaces.  The next best option would be to use a transit VLAN between the two switches if they are L3 and set the ports to trunk with no native VLAN and only VLAN X (transit VLAN) allowed.  The new transceiver power monitoring can be used to ascertain if you are seeing the other end as the send and receive should correlate.  The topology diagram will also help assuage any fears.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

5 Replies 5
cmr
Kind of a big deal
Kind of a big deal
‎Aug 7 2024 4:01 AM
‎Aug 7 2024 4:01 AM

The only way to be sure that there is nothing in the middle that interferes is to run a VPN over the links, by treating them as two separate spaces.  The next best option would be to use a transit VLAN between the two switches if they are L3 and set the ports to trunk with no native VLAN and only VLAN X (transit VLAN) allowed.  The new transceiver power monitoring can be used to ascertain if you are seeing the other end as the send and receive should correlate.  The topology diagram will also help assuage any fears.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 7 2024 5:14 AM
‎Aug 7 2024 5:14 AM

This is one of the use cases for MACsec. Sadly, it is not supported in the Meraki world. If you decide to use two Meraki monitored C9200CX, MACsec should be a way to go.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
Jeff_Longley
Getting noticed
‎Aug 7 2024 5:20 AM
‎Aug 7 2024 5:20 AM

Honestly, the way things are going with landlord, I'm seriously going with the idea of running our own fibre and just not informing them - so much simpler!

mlefebvre
Building a reputation
‎Aug 7 2024 8:55 AM
‎Aug 7 2024 8:55 AM

Depending on your needs in that space, I would consider using an MR36H and securely tunneling the traffic back to your MX

In response to mlefebvre
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 7 2024 10:13 AM
‎Aug 7 2024 10:13 AM

This is a good idea! 👍

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.