Looking for some design advice...
I have 2 MX's in HA mode and two ISP's
Each ISP only provided one physical port.
I therefore need to put 2 switches between the MX and the ISP router as below:
WAN1 on each MX has a public IP from ISP1, WAN2 on each MX has a public IP from ISP2.
I also have a public IP from each ISP for the VIP.
If I were to use Meraki, how would I configure these so they are accessible via the dashboard (IP addressing, do I need to link them, what would the gateway be etc etc)?
Would the following work...
Connect them to the MS switch on the LAN side of the MX and make that an access port in the network mgmnt VLAN - would that make them accessible via the dashboad as shown below:
or is there a better way?
Or am I better off just using 2 unmanaged switches, and if so can anyone recommend a 8port model, ideally Cisco. The intention would be to have to plug into these direct in order to configure.
Preference is to stay with Meraki if Option 2 above will work.
TIA
Steve
@Dunky I think your option 2 will work, remember to put the MX to ISP connections in their own VLAN without an interface.
We use Cisco Small Business SG110D-05 switches in that role, cheap as chips and in over 2 years we've never had one cause a problem.
Hi @Dunky , go with Option 2. It definitely works as we’ve done this a number of times across various customers. As you state, place one port in your mgnt vlan and connect that into your LAN so you can manage the devices.
If cost is an issue then a simple unmanaged device will work as @cmr states.
I can only partially agree with the others and would do a couple of changes:
@Dunky to add to option 2 of using Meraki switches, you might want to put them in two separate networks that are not the main site network. This would ensure that when you upgrade them, they don't both reboot at once...
You don't need to do this, as when you schedule a switch firmware upgrade, you can now go back in and change the times for individual switches, but you might forget on one occasion!
If I were going to follow that route I'd have one network for all the switches connected to provider A at all sites, and another for all switches connected to provider B. That way you'll also get some overall provider reporting 😇
Final query on this...
I will need to setup a site-site VPN (Non-Meraki Peer - Azure) this HA site.
With a single MX I would normally set the remote IP in Azure as the MX DDNS name.
How would I configure the Azure end to re-establish the VPN to the standby MX at site - or is that just not possible?