Meraki

tweedle-dumb

i'm a little confused after both tinkering and going through some coursework (specifically this one https://learning.meraki.net/#/online-courses/8b7f2315-fa1c-4e8d-9dfe-1a82e4bc4ca3). we can create VLANs on the MX, but we can also use MS switches to route traffic, and we can create interfaces on VLANs that do not exist on the MX first (for example, i created an L3 interface in VLAN 40, which is not in prod on my network, and the dashboard accepted it).

are there any specific reasons to prefer one option over the other (MX VLANs vs MS L3 interfaces)? does it just depend on what you want to do, how wide the network is, &c? are there performance considerations? pros/cons?

is the best practice here to:

1) create the VLAN on the MX and assign it its IP

2) create an L3 interface on your favorite switch

3) use the L3 IP as the default gateway for your hosts

OR

1) create the L3 interface on your switch, including the VLAN, without creating the VLAN on the MX

2) use that L3 interface as hosts' default gateway

3) use OSPF and/or static routes and/or a transit VLAN to send Internet traffic to the MX

OR
some other option or combination

did i word my question in a way that makes sense? anyone picking up what i'm putting down?

RaphaelL

It really depends on what you are trying to do tbh.

DC? Campus ? Remote sites ?

Site-To-Site VPN ? and so on

cmr

If you have mainly north-south traffic (clients on the network using services on the internet or similar), then VLANs on the MX make the most sense. If you have mainly east-west traffic (clients in one VLAN talking to local servers in another VLAN), then using the MS will generally get better performance.

However the access control lists on the MXs are much better than the MSs, so that might also influence your decision.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Meraki

Community

best practices for VLANs: MX or MS?

best practices for VLANs: MX or MS?