Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Management and Transit

KevinTango
Comes here often
‎Apr 20 2023 10:56 AM
‎Apr 20 2023 10:56 AM

Management and Transit

Following the documentation's best practice for the Layer 3 switch topology... if you have a 2nd L3 switch downstream in another building, would it be best to have that 2nd L3 MS also linked via an Access port using another MgmtTransit VLAN?

 

I know you cannot use the L3 interface for management's connectivity.

 

 https://documentation.meraki.com/Architectures_and_Best_Practices/Recommended_Topologies/MX_and_MS_...

 

Building A


MX Addressing & VLAN Configuration
Access VLAN 50: 192.168.50.0/29 (MXTransit)
MX IP: 192.168.50.1

 

Static Routes
Route 1: 192.168.32.0/24 (MgmtTransit)
Next Hop IP: 192.168.50.2

Route 2: 192.168.22.0/24 (Servers)
Next Hop IP: 192.168.50.2

Route 3: 192.168.12.0/29 (VPN Concentrator)
Next Hop IP: 192.168.50.2

Route 4: 10.0.42.0/24 (Clients)
Next Hop IP: 192.168.50.2

Route 5: 10.0.43.0/24 (Voice)
Next Hop IP: 192.168.50.2

Route 6: 172.16.1.0/24 (Guest)
Next Hop IP: 192.168.50.2

 

MX Management IP: (public IP)


Building A L3 MS Routing Configuration

Access VLAN 1 : 192.168.32.0/24 (MgmtTransit)
MS IP : 192.168.32.1
VLAN 2 : 192.168.22.0/24 (Servers)
MS IP : 192.168.22.1
VLAN 3 : 192.168.12.0/29 (VPN Concentrator)
MS IP : 192.168.12.1
Access VLAN 50: 192.168.50.0/29 (MXTransit)
MS IP: 192.168.50.2

 

Static Routes
Route 1: 10.0.42.0/24 (Clients)
Next Hop IP: 192.168.32.2
Route 2: 10.0.43.0/24 (Voice)
Next Hop IP: 192.168.32.2
Route 3: 172.16.1.0/24 (Guest)
Next Hop IP: 192.168.32.2
Route 4: 10.100.0.0/16 (Branches S2S)
Next Hop IP: 192.168.12.6 VPN Concentrator VIP

 

Default Route: 0.0.0.0/0
Next Hop IP: 192.168.50.1

 

MS Management IPs: 192.168.50.3-4 (using MX gateway .1)

 


Building B - FiberToBuildingA - Access VLAN 1


Building B L3 MS Routing Configuration

VLAN 1 : 192.168.32.0/24 (MgmtTransit)
MS IP : 192.168.32.2
VLAN 42 : 10.0.42.0/24 (Clients)
MS IP : 10.0.42.1
VLAN 43 : 10.0.43.0/24 (Voice)
MS IP : 10.0.43.1
VLAN 172: 172.16.1.0/24 (Guest)
MS IP: 172.16.1.1

 

Default Route: 0.0.0.0/0
Next Hop IP: 192.168.32.1

 

Untagged VLAN 1 Management IPs: 192.168.32.3-20 (using upstream L3 MS for gateway .1)

Labels:
0 Kudos
Subscribe
1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 20 2023 2:08 PM
‎Apr 20 2023 2:08 PM

Personally; I make all ports between switches trunks.  If you have a network core feeding multiple buildings each with its own set of VLANs, on the network core I would configure the allowed VLANs, so traffic from a VLAN in one building can not end up in another building where it is not needed.

 

Typically - I would only do layer 3 routing at the network core, rather than in buildings downstream - to keep things simple and easy to maintain - but I guess if the buildings were really big I would consider doing L3 in each building itself.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.