Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Interconnecting switches - Security question

Solved
Jeff_Longley
Getting noticed
‎Aug 7 2024 3:24 AM
‎Aug 7 2024 3:24 AM

Interconnecting switches - Security question

Have a new site being commissioned and because of the idiot landlord, my single floor space is two separate rooms being "converted" to a single space. However, the cabling is two separate instances.

So, I'll need a switch in Side A and a switch in Side B. not the end of the world, but.....


Landlord won't let us run Fibre to connect the switches, as "there's already fibre". Each of the rooms is connected to a Fibre patch panel and can be easily connected together.


However, as WE won't have access to that patching, what are my options for securing the switch uplinks?

0 Kudos
Subscribe
1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal
‎Aug 7 2024 4:01 AM
‎Aug 7 2024 4:01 AM

The only way to be sure that there is nothing in the middle that interferes is to run a VPN over the links, by treating them as two separate spaces.  The next best option would be to use a transit VLAN between the two switches if they are L3 and set the ports to trunk with no native VLAN and only VLAN X (transit VLAN) allowed.  The new transceiver power monitoring can be used to ascertain if you are seeing the other end as the send and receive should correlate.  The topology diagram will also help assuage any fears.

View solution in original post

Subscribe
5 Replies 5
cmr
Kind of a big deal
Kind of a big deal
‎Aug 7 2024 4:01 AM
‎Aug 7 2024 4:01 AM

The only way to be sure that there is nothing in the middle that interferes is to run a VPN over the links, by treating them as two separate spaces.  The next best option would be to use a transit VLAN between the two switches if they are L3 and set the ports to trunk with no native VLAN and only VLAN X (transit VLAN) allowed.  The new transceiver power monitoring can be used to ascertain if you are seeing the other end as the send and receive should correlate.  The topology diagram will also help assuage any fears.

Subscribe
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 7 2024 5:14 AM
‎Aug 7 2024 5:14 AM

This is one of the use cases for MACsec. Sadly, it is not supported in the Meraki world. If you decide to use two Meraki monitored C9200CX, MACsec should be a way to go.

Subscribe
In response to KarstenI
Jeff_Longley
Getting noticed
‎Aug 7 2024 5:20 AM
‎Aug 7 2024 5:20 AM

Honestly, the way things are going with landlord, I'm seriously going with the idea of running our own fibre and just not informing them - so much simpler!

Subscribe
mlefebvre
Building a reputation
‎Aug 7 2024 8:55 AM
‎Aug 7 2024 8:55 AM

Depending on your needs in that space, I would consider using an MR36H and securely tunneling the traffic back to your MX

Subscribe
In response to mlefebvre
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 7 2024 10:13 AM
‎Aug 7 2024 10:13 AM

This is a good idea! 👍

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.