Comes here often


I have two MX 250's, one is set up as the Primary and the other is set up as the Spare.  

They connect to two switch stacks.  


One switch stack is connected on a 1Gbps line to the Primary, with another 1Gbps line to the Spare MX.  Both with RSTP enabled and forwarding.


The second switch stack is connected to the primary on a 10Gbps fiber line with RSTP enabled and is forwarding.


When I connect the the Spare MX to a 10Gbps fiber line, to the second switch stack with RSTP enabled, the network crashes and the event log reads mac flapping.  


I set the Spare MX 10Gbps fiber line to STP guard > Loop guard.  The network did not crash but, the port turned amber in the Meraki dashboard and had a "high rate of STP topology changes" note.


The goal is to have the Spare MX connected to both switch stacks and the network to stay up if the Primary MX fails and rolls over to the Spare MX.


Are my MX's setup correctly?  If the Primary MX fails will it be seamless roll over to the Spare MX? 

Meraki Employee
Meraki Employee

You lost me with your topology explanation. However, the two common topologies we recommend are documented here


MXs don't participate in STP, but the BPDUs from switches will flow through the MX LAN ports as long as you aren't dropping untagged traffic. As long as STP is configured properly on your switches spanning tree behavior should behave just as if the switches were directly connected as the MX LAN is just kind of a passive bump along the way in this design.


I also have an animated deck showing the behavior of MX HA and dual switches in this deck

Kind of a big deal
Kind of a big deal

The MX does not participate in RTSP.  It mearly masses the packets on.  Your configuration will make RSTP see a 10Gb port appear to be plugged into 1 Gbe port.  I can see why it would get upset.


Only single connect the MXs to the two stacks, using only the 10Gbe cables.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.