Meraki

Community

Recommendation on this Meraki setup.

Ayush_Oberoi
Here to help
‎Aug 12 2025 6:08 PM
‎Aug 12 2025 6:08 PM

Recommendation on this Meraki setup.

Hi Folks,

 

Looking for feedback on the attached network diagram.

Below is the planned setup:

 

1 × MX250

 

4 × MS130-48X

 

20 × CW-9166i-MR

 

Due to budget constraints, we’re starting with a single firewall for now, but plan to add a second one in the near future for redundancy.

 

Would appreciate your thoughts on whether this design looks good or if any improvements are suggested.

 

Thanks in advance!



Harness.png

Labels:
0 Kudos
15 Replies 15
RWelch
Kind of a big deal
Kind of a big deal
‎Aug 12 2025 6:50 PM
‎Aug 12 2025 6:50 PM

Screenshot 2025-08-12 at 20.47.36.png

Tip #1:
Avoid connecting more than two switches in the same STP domain directly to the LAN of the MX Layer 2 Functionality.

 

Perhaps try to have a collapsed core/aggregation setup (i.e., possibly designate one MS130 as the distribution or aggregation switch with the remainder being access layer switches).

 

Your diagram shows multiple paths (runs) to each switch from the MX....not sure if you plan to have SFP+ as primary and SFP as loop guard however I (personally) would avoid double runs to each switch to avoid loops.

MX appliances do not support LACP or other aggregation protocols - you might already be aware of this.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
Ayush_Oberoi
Here to help
‎Aug 12 2025 7:30 PM
‎Aug 12 2025 7:30 PM

Thanks for sharing this, @RWelch 

Based on your input, I’ve put together two different network designs. Could you please suggest if these would be loop-free?

 

In both scenarios, I’ll be electing one of the switches as the STP root and still distributing my APs and IoT devices evenly across the switches.

 

Looking forward to your feedback!







H2.png.

 

 

0 Kudos
In response to Ayush_Oberoi
RWelch
Kind of a big deal
Kind of a big deal
‎Aug 12 2025 7:35 PM
‎Aug 12 2025 7:35 PM

Screenshot 2025-08-12 at 21.32.16.png

This would be the one that I would lean towards however you will NOT be able to have double links from MX to the MS130 because it does NOT support LACP.  Having 2 links will render your switch unresponsive.

I would suggest 10G downlink from the core/aggregation to each switch.  If necessary use adjacent links  between the 3 lower aggregation switches but probably not necessary since all traffic will still go to the MX for L3.

 

Edit (update) - this is what I would suggest however your depiction looks much more detailed.

Screenshot 2025-08-12 at 21.41.58.png

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RWelch
RWelch
Kind of a big deal
Kind of a big deal
‎Aug 12 2025 7:36 PM
‎Aug 12 2025 7:36 PM

You can use LACP between the core/aggregation switch to each of the access layer switches but you might run out of ports.  

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
Ayush_Oberoi
Here to help
‎Aug 12 2025 8:08 PM
‎Aug 12 2025 8:08 PM

@RWelch  I’ll go through the documents you shared. Not sure why, but I’m unable to reply on the same thread.

 

Thanks for sharing them really appreciate your support to the community.

In response to Ayush_Oberoi
RWelch
Kind of a big deal
Kind of a big deal
‎Aug 12 2025 8:10 PM
‎Aug 12 2025 8:10 PM

Hollar if you run into any issues, there are several meraki aficionados from around the world that are keen to best practices and most want to assist.

Looks like you have a fun project @Ayush_Oberoi, good luck.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
Ayush_Oberoi
Here to help
‎Aug 12 2025 8:12 PM
‎Aug 12 2025 8:12 PM

Thanks😉.

0 Kudos
In response to RWelch
Ayush_Oberoi
Here to help
‎Aug 12 2025 7:58 PM
‎Aug 12 2025 7:58 PM

Thanks @RWelch — understood.

 

I can lower the priority on one link so it becomes the preferred path and the other link stays as the backup that way if the primary link fails the backup comes up. Note that the MX250 doesn’t support LACP, so I can’t do link aggregation there.

 

I’m also short on SFPs  I only have the last 4 SFPs free. Given that, my options are:

 

Run everything on STP (no LACP) so I can use the 10G SFP downlinks where needed and keep a failover path via STP, or

 

Use copper for all uplinks and reserve the SFPs for specific 10G links later (and forego SFP downlinks for now).

 

I’m leaning toward putting everything on STP for now to preserve the SFPs and still maintain a failover window. Open to pushback if that’s a bad trade-off.



RaphaelL
Kind of a big deal
Kind of a big deal
‎Aug 12 2025 7:55 PM
‎Aug 12 2025 7:55 PM

Are the MS130 on different floors / rooms ? 

 

Otherwise I would stack them

0 Kudos
In response to RaphaelL
RWelch
Kind of a big deal
Kind of a big deal
‎Aug 12 2025 7:56 PM
‎Aug 12 2025 7:56 PM

I wish MS130s were stackable.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 13 2025 11:30 PM
‎Aug 13 2025 11:30 PM

Then use MS150's,  Some models are even cheaper than MS130's.

0 Kudos
In response to RaphaelL
Ayush_Oberoi
Here to help
‎Aug 12 2025 7:59 PM
‎Aug 12 2025 7:59 PM

They are on same floor, and as @RWelch mentioned i wish they were stackable.

In response to Ayush_Oberoi
RaphaelL
Kind of a big deal
Kind of a big deal
‎Aug 13 2025 5:43 AM
‎Aug 13 2025 5:43 AM

Right,  I missed that critical info! 

0 Kudos
In response to RaphaelL
RWelch
Kind of a big deal
Kind of a big deal
‎Aug 13 2025 10:29 AM
‎Aug 13 2025 10:29 AM

It was a solid suggestion (if all located in the same area) and stack capable switches.  

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 14 2025 12:01 AM
‎Aug 14 2025 12:01 AM

It is bad design to interconnect your access layer switches.

Always double uplink your access switches to a distribution switch/stack.
And of course if you can make sure your uplinks use a different path for decent redundancy.

Also having copper links in uplink port-channels is a risk since you can have negotiation issues where one link gets negotiated lower than 1 Gbps causing your port-channel to drop.  So fiber is recommended between distribution and access layer even if you are only using 1 Gbps links.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.