Looking at the following diagram as a potential setup for a small office. There are more like 12 AP's.
I realize this is not full HA, however, this is the hardware we have to work with, perhaps an additional MX will be added in the future.
In this setup, the warm spare will only operate in L2, does this mean that all AP's connected to the spare will have traffic including internet traffic routed through the primary switch?
Can anyone suggest a better solution given the above hardware? Is it possible to stack these two switches and have redundancy in case one of them fails?
With regard to MS; weather using warm spare or stacking all ports on all switches work.
If it is a small office use stacking.
Stacking when compared to warm spare really only has one downside. You you upgrade a stack both stack members have to be rebooted at the same time. But firmware upgrades should be a planned known activity, so should be able to be scheduled in when the network is not being used for a small office.
Stacking simplifies spanning tree, allows you to use Etherchannel between the switches, provides fast failover - so many positives.
So, in a stacking scenario, I would use an uplink to the MX on each switch in a LAG to ensure redundancy in case one of the switches was to fail?
Note that MX doesn't support LAG and doesn't participate in STP.
More info here:
STP on the switches/stack should block one of the two links to the MX though.
No you actually should connect two stacked switches with 4 links to a HA pair MX'es.
You will have two links blocked but you will have full redundancy if one stackmember fails or one MX fails or a link between them.
2 MX appliances and 2 MS250's;
Connect MX active port 3 to SW01 on port 47 and port 4 to SW02 port 48.
Then connect MX warm spare port 3 to SW02 port 47 and port 4 to SW01 port 48.
Make sure you DO NOT SELECT drop untagged packets on the MX trunk going downstream but use a DATA VLAN as native so STP packets will flow.
You should see an STP block on SW02 ports 47 and 48.
However as the vrrp covers failover when you have only one link from each MX to the stack, I prefer this as it doesn't rely on STP blocking. It may not be textbook, but it does work!
@cmrif the link of SW02 to the warm spare fails or SW02 itself fails you get a dual active scenario because the warm spare mx no longer receives VRRP heartbeats. In this case you can only save yourself by downlinking the WAN links from both MX'es each to their respective SW they are connected to on the LAN side so the WAN also goes down for the warmspare. Else you get two MX'es that claim ownership of the upstream IP!!
We did test it when setting up but I'll test one of our setups again as I'm sure that wasn't the original result... I'll reply on here either way, though I wonder if it is related to us playing with no NAT mode on the routed HA pairs? @Ben83 in the meantime, use the method @GIdenJoe suggested as that matches the documentation and known to work. Our method (carried over from when we had pairs of Cisco IOS routers in HSRP pairs) may not be correct and we have just been lucky that we haven't experienced the dual master scenario in the six months we have been running the HA pairs of MXs 😟
I have a similar scenario but my core is a pair of MS425s rather than MS250s. I'm pretty happy with the stacking, I also considered warm spare but went with stacking. The nice thing is that you can use port aggregation on a stack, so in effect I can get a 20Gbit downlink to a switch stack on another floor.
I'm not happy with the MAC flap bug on the 11.x firmwares when using L3 on the Merakis but there's other threads about that, and I don't think it would apply since you're not running L3.