MS Meraki Best Practices

pabloarce
New here

MS Meraki Best Practices

I have an MS Switch 225 connected to a  Firewall. I am using ports 47 and 48 to the firewall for redundancy on the switch. Is there any recommendation on configuring the switch to void the kind of broadcast storm or loop? Both ports, 47 and 48, are port trunks. The ports have the same configuration on the switch and the firewall, passing the same amount of VLANs. 

 

Thank you. 

3 Replies 3
BlakeRichardson
Kind of a big deal
Kind of a big deal

I am assuming you are using link aggregation? 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
pabloarce
New here

Nope, it is just two cables connected to the Firewall. Individually. 

GIdenJoe
Kind of a big deal
Kind of a big deal

Make sure you actually use the native VLAN on the port going to the MX.
If you double downlink the MX to a switch or multiple switches in a stack or not it is of vital importance to NOT USE THE DROP UNTAGGED TRAFFIC!!

Since the MX does not know spanning-tree it will see incoming spanning-tree bpdu's as regular untagged traffic and drop it.  Which means the second port that is connected will not see any incoming BPDU's and not block a port causing high risk of traffic looping around those ports.

I personally use the switch management VLAN as native between the MX and the MS.

I'm hoping in the near future the MX would be able to form 802.3ad port-channels causing this whole potential problem to go away and ease the uplinking to MX appliances.

So for the moment just use simple trunk links with switch management as native VLAN and don't forget to use tags for each of management of those ports.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels