Making VLAN on2x L3 switches

Getting noticed

Making VLAN on2x L3 switches

Hi everyone.

I have 2x L3 switches, 1x MS410, and 1x MS425.


they are connected as the diagram is shown.

I have some servers and storages connected to the MS 425. and i will use it as a core switch.

in MS 410 I have L2 switches connected directly via fiber.

then MS 410 connected directly via 10 Gb fiber connection to MS 425.

I have some VLAN for End users and some VLAN for servers and other resources.

I would like to know which one is better to do.

1. Using 2 diffrent SVI, make users VLAN on MS410 +DHCP server for those subnet and route them to MS 425 via default route and Make the rest of VLAN on MS425? First diagram.

1-Meraki explain.JPG


2. Using just 1 SVI,make all VLAN + DHCP server for all subnet on MS 425 and avoid second hope for MS 410, second diagram.




2-Meraki explain.JPG




kav noroozi
Kind of a big deal
Kind of a big deal

@Kave if you are going to allow all the VLANs over the 10GBe link then I'd go with your second option.  There is however a third option of having them split like your initial diagram and using a transit VLAN (or two) over the 10GBe link, if all the clients need the same restrictions, this could then allow for a more simple firewall rule set.  This can be important in Meraki switches as there is a fairly small finite number of rules that you can create.

Getting noticed

Thank you for your responce.

i just would like to make VLAN pruning and i made Transit VLAN as x.x100.0/24 for all L3 switches and MX as well as you can see.

you talked about second transit VLAN, how it works i don't know about it?

Default route for MS 410 would be x.x.100 which is MS 425


Also need i make a static route on MX for ALL VLAN and make 1 static and default route for MS 425 to MX?


like i will make VLAN 100 on MX with x.x100.1 and On L3 x.x100.100 and the default route for MS425 would be x.x100.1 which is MX.

kav noroozi
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.