Hi all, we're currently running a mostly Cisco Catalyst switch network (4500 core, 2960x access) with Meraki MR's and will soon be moving to include MX firewall appliances to replace the existing hardware and MS switches as budget becomes available and older hardware is ready to replace.
Are there any recommendations or pitfalls to avoid when mixing and matching the different technologies to minimise the pain?
With regard to switching you want to configure your existing switches to use mst spanning tree (spanning-tree mode mst).
MX functionality is reduced if the MX is unable to see the MAC address of the clients (such as per client group policy). So ideally moved the layer 3 gateways to the MX. Failing that, move the layer 3 gateways for just your clients to the MX.
With regard to MR's - jump directly to firmware 25.11 if you are below this. Nothing to do with your existing environment, just 25.11 works best.
Thanks PhilipDAth.
We're running rapid-pvst across the current infrastructure (around 60 access switches and 2x4500's) so would you recommend we switch to MST before adding the Meraki switches?
The MX will become the default route to the internet so we should see the traffic flow but we will likely retain our existing core stack default gateway setup for now as there's a lot of LAN and WAN traffic that doesn't need to touch the MX, at least not initially.
All of our MR's are running 25.9 with it being the latest stable release. Just a little twichy about switch to RC versions.
If you can guarantee the links to the Meraki switches will be loop free you should be ok. If you can't guarantee this plan to migrate to MST now.
Otherwise you may experience unplanned outages ...
25.9 contains annoying issues - particular one that makes it difficult for some brands of clients to roam or remain continuously connected. I would only advise those who like users complaining about WiFI issues to stay on that release.
One more case I forgot to mention.
If you have this scenario:
<legacy cisco switch> ---- <meraki switch> --- <legacy switch switch>
Also change to MST first.
Meraki use the standards approach of a "single" spanning tree, while rstp uses a tree per vlan. As a result the above topology results in the two different types of switches calculating different spanning tree roots.
This one has bit me badly in the past. I usually just switch to mst to avoid it now. "Twice shy" as they say.
I just replaced a 6500 core with a stacked 425 core. Edge is a combination of 2960 and 3560 and all running rapid-pvst. Once I migrated all the connections to the new 425 stack I had massive problems with links going up and down etc. Once I changed spanning tree to mst on the switches directly connected back the Meraki stack the problems went away. We have a loop free topology but still had issues until switching to mst. I have additional Cisco switches trunked off those switches that connect back to the core and they are still running rapid-pvst. The switch running mst in front of it will do a pvst simulation to the downstream switches.