MS L3 Switching and DHCP Relay

roesljas
Getting noticed

MS L3 Switching and DHCP Relay

Hi,

 

I am putting together some design ideas for a colleague of mine where we may consider using MS210 and MS225 switches doing basic L3 routing as a core. We have a lot of local data flying around and it would be good to keep that away from the MX. I have come to notice that both these MS lines do not have a DHCP server but support DHCP relay.

 

My question is, will a mix of MS210s and MS225s successfully relay DHCP requests from an MX (100 maybe) across a couple of VLANs? And can you specify a different default gateway in the MX DHCP pool (which would be the MS VSI IP presumably) or is this done as part of the MS DHCP relay process?

 

I am moving into new territory here as I've not worked with L3 switches as yet.

 

I am considering proposing:

MX100 as gateway

MS210 and MS225 stacked as core switches

MS120s as access switches in the remote sheds

 

Any feedback welcome

13 Replies 13
kYutobi
Kind of a big deal

Only like-models can be stacked. For example, MS350-48 and MS350-24X can be stacked, but MS250-48 cannot be stacked with a MS350-48.

 

You would have to create an interface on the switches and from there you can make your GW and VLAN.switch.png

Enthusiast
DarrenOC
Kind of a big deal
Kind of a big deal

Sorry @kYutobi , you can stack the 210 with the 225’s.  They’re the exception:

 

https://documentation.meraki.com/MS/Stacking/Switch_Stacks

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
kYutobi
Kind of a big deal

Thanks @DarrenOC 😁 wasn't aware you can stack the 210 with the 225’s.

Enthusiast
cmr
Kind of a big deal
Kind of a big deal

@roesljas I know that will work as we have exactly that setup at our HQ.  MS210s stacked and doing L3 routing but using an MX as the DHCP server.  15 VLANs from memory, there is a limit of 16 VLAN interfaces.  About half have their DHCP from the MX.  Works just fine 😎

If my answer solves your problem please click Accept as Solution so others can benefit from it.
roesljas
Getting noticed

Hi Everyone,

 

Thanks for the great replies, I know your all in the opposite timezone to me 🙂

 

I was pleasantly surprised to see that the 210s and 225s can stack together, it really makes it a versatile solution for 1G and 10G downlinking to closet switches. 10G infrastructure is one of those "it's noticeably more expensive steps' in Meraki so it's nice o be able to add it later.

 

So getting a bit more nitty gritty technical, I have some follow up questions:

1) Would it be prudent to use a /30 subnet between the MS210/225 core and the MX?

2) Is it just one VLAN between the MS core and MX?

3) To achieve multiple DHCP pools being relayed from the MX through the MS, do I need to create the same VLANs with same IDs in the MX as in the MS core? In other words, how does the MX know what address to hand out to the respective MS VLAN relayed request?

4) In having the inter-VLAN routing happening in the switches, will this mean that only internet bound traffic will make it to the MX?

5) How does the switches SVI become the default gateway in the relayed DHCP request? Is this a function of DHCP relay or a special option set on the MX?

 

Thanks,

 

Jason

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @roesljas , that’s exactly what we use the combined stacks of 225’s and 210’s for.

 

With regards your other queries. Why not get your hands on some eqpt, lab it up and work your design out piece by piece.

When you get stuck at a certain point raise it back here.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
cmr
Kind of a big deal
Kind of a big deal

@roesljas In answer to your questions:

 

1) you need one IP for each switch management interface and one for the MX so I'd go with a /29 at minimum

 

2) access port to MX for management VLAN, trunk port to MX for VLANs that need DHCP

 

3) yes, routing IP on VLAN interface on MS and other IP just for DHCP on MX

 

4) yes

 

5) DHCP option set on MX, option 3 set to the VLAN interface IP on the MS

If my answer solves your problem please click Accept as Solution so others can benefit from it.
roesljas
Getting noticed

Hi @DarrenOC 

 

I don't have gear available to test, at this stage it's still concept and may never happen. Should I get closer to that point then I will look at requesting some demo gear from Meraki.

 

Hi @cmr 

 

Thanks for the answers, it helps clear it up. I guess I didn't consider the possibility that the VLANs go from MS to MX as normal (which allows DHCP to pass as usual) and that clients use the switch SVI as the default gateway instead of the MX VLAN IP (which achieves routing at the MS level). I was looking it as more of a WAN style connection between the MS and MX.

 

Would this technically mean that there are two gateways on the network, the MX VLAN IP and the MS SVI?

Also would the DHCP relay at the MS be required in this instance given that the VLANs pass from MX to MS?

Would you use L3 rules on the MX to ensure it doesn't inter-VLAN route?

 

Thanks

 

Jason

cmr
Kind of a big deal
Kind of a big deal

@roesljas thank you and in answwr to your questions:

 

  • Would this technically mean that there are two gateways on the network, the MX VLAN IP and the MS SVI?

Technically yes, but you would point all devices to the gateway on the MS, either with the DHCP option or manually

 

  • Also would the DHCP relay at the MS be required in this instance given that the VLANs pass from MX to MS?

No need as the MX is on the VLANs itself

 

  • Would you use L3 rules on the MX to ensure it doesn't inter-VLAN route?

No need either as if no devices point to it then it won't route. 

 

However this all has one big caveat, we dont use that MX for the main external access, otherwise you will have the issues you are thinking about.  We have a separate MX for the external access and the one used for DHCP is only for the wireless public customer network that doesn't route to any of the other networks and is protected by the SSID setting of not having LAN access.

 

If you want to use the MX as the main gateway and providing DHCP then you would probably need to route on the MX as otherwise you would end up with inbound traffic from the outside using the SVI on the MX and outbound traffic using the VLAN interface on the MS.

 

If you don't need a separate MX for public traffic it would still be economically better to buy a small MX just for DHCP than upgrade the whole stack to MS250s just for that feature... 

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
roesljas
Getting noticed

Hi @cmr 

 

Thanks for the info, I have a lot to consider here.

 

I will let you know how i go with it all.

 

Jason

GIdenJoe
Kind of a big deal
Kind of a big deal

I have a few customers that use MS225 and MS210 as core.

The only thing to worry about is the 16 vlan interface limitation.

 

Personally I go about it this way.

 

- I create the MS management VLAN that goes L2 through the core stack so the gateway is the MX.  This way you can have the core switches and the access switches is one management VLAN.

- Then I create the /30 transit VLAN between MX and core stack.  This is done both on the MX addressing and vlans page and the switch routing and dhcp page.

- Then I create the static routes on the MX pointing to the core stack IP each individually because you need those individual subnets to create a DHCP scope for in the MX.

- Then I create the dhcp scopes on the MX DHCP page.

- Then I create the individual VLAN interfaces with DHCP relay pointing to the MX /30 subnet IP address.

roesljas
Getting noticed

Hi @GIdenJoe 

 

Thanks for your reply, this is exactly the type of info I was after. It makes sense to me and I think the 16 VLAN limitation won't be an issue. 

 

- I create the MS management VLAN that goes L2 through the core stack so the gateway is the MX.  This way you can have the core switches and the access switches is one management VLAN.

Understood

- Then I create the /30 transit VLAN between MX and core stack.  This is done both on the MX addressing and vlans page and the switch routing and dhcp page.

Understood

- Then I create the static routes on the MX pointing to the core stack IP each individually because you need those individual subnets to create a DHCP scope for in the MX.

This is the piece of info I was missing, I see that for every static route you add (just like any VLAN you add) on the MX, you then have an appropriate DHCP scope added and configurable in the DHCP page.

- Then I create the dhcp scopes on the MX DHCP page.

Understood

- Then I create the individual VLAN interfaces with DHCP relay pointing to the MX /30 subnet IP address.

Understood

 

Thanks very much.

 

Jason

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @roesljas , yes, I believe that design should work. As you say, configure local VLANs on the stack of ms225’s and 210’s with other VLANs on your MX with routes configured between the two where required.  With regards DHCP relay, likewise that should also work.

 

Can you get hold of trial gear to prove it?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels