Post migration communication with portal

Solved
ccraddock
Here to help

Post migration communication with portal

Dear Community,

 

I am in a bit of a conundrum. We are going to replace our existing network infrastructure (Catalyst 4510 switches and Aruba Wireless) with four MS-350 Switches and 16 MR33 AP's. The switches are combined into 2 separate stacks (17th floor and 2nd floor) with the 2nd floor stack being the distribution stack the 17th floor feeds into. All the routing will be done via the 2nd floor stack with the 17th floor stack pretty much being a Layer 2 stack. This equipment is currently getting access to the internet via the existing network infrastructure by uplinking the 2nd floor stack to the existing 4510 (on VLAN 300) that acts as the default gateway. All the Meraki gear is on VLAN 300 (10.30.30.0/24) with the VLAN 300 SVI (10.30.30.1) existing on the Catalyst 4510 switch acting as the DG for the Meraki VLAN 300. When I remove the old 4510 from production, how can I go about getting the Meraki gear back online? The 2nd floor Meraki stack already has all the necessary routing information configured in it that mirrors that of the 4510 (SVI's and default route). Should I just create a VLAN 300 SVI (10.30.30.2) on the 2nd floor Meraki switch  stack and tell all equipment to use that as the default gateway before moving the uplink for the default route next hop onto the 2nd floor stack and removing the old 4510? Will that even work? Im assuming it might as it will look to itself for a route and use the default route I already have configured. or, can I just change the default gateway in the switch and AP configs to use the default route next hop IP to the datacenter (10.125.0.1)? Im not quite sure how to approach getting this gear back online with the portal after I move the Datacenter uplink from the 4510 to the 2nd floor stack, the 4510 will no longer have any uplink to the Datacenter, it'll essentially be an airgapped device at that point. 

 

 

Please let me know your thoughts on the best way to do if this is even making sense.

 

Thanks.

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

I would use a common VLAN for Meraki management.  Personally I would use VLAN1 - but I like my life to be easy, and because the Meraki management interface isn't used to configure the device (apart from conncetivity to the cloud via the loicla status page) like it is with Cisco Enterprise kit - so the risk is much lower.

However VLAN300 will do just as well.

 

If you plumb all of these thorugh to your firewall at Layer 2, so they can get out straight to the Internet then your life will be easy.

View solution in original post

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

I would use a common VLAN for Meraki management.  Personally I would use VLAN1 - but I like my life to be easy, and because the Meraki management interface isn't used to configure the device (apart from conncetivity to the cloud via the loicla status page) like it is with Cisco Enterprise kit - so the risk is much lower.

However VLAN300 will do just as well.

 

If you plumb all of these thorugh to your firewall at Layer 2, so they can get out straight to the Internet then your life will be easy.

@PhilipDAth ,

 

Thanks for the reply! After mulling over the options and considering your advice I think you're right. What I'm going to do is create a separate interface on the next hop firewall that will have the same IP address as the current default gateway SVI (10.30.30.1). This way, once the connection is moved to the Meraki switch stack, all it will have to do is update its ARP and MAC table and be off and running. This also alleviates me from having to reconfigure all my devices as they are all already statically configured. Ill have to trunk VLAN 300 across which usually cross campus VLANs bug me but in this case its necessary so an exception is warranted.

 

Thanks again for your help!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels