Community Record
17
Posts
3
Kudos
0
Solutions
Badges
Feb 7 2025
3:46 AM
Hi Ryan, so If you say we can use the Copper LAN ports on Standby MX, I assume I enable the required LAN ports, Both Fibre and Copper on the Primary MX. From a physical standpoint Primary MX has 2 X Fibre Connections (LAN ports 9 and 10) and the Standby MX has 2 X Copper LAN connections 5 & 6) Thanks
... View more
Feb 4 2025
11:30 AM
Hi Ryan, so theoretically to save even more I could indeed use Copper for all ports on the warm spare that would be handy.
... View more
Feb 4 2025
11:20 AM
Hi There Just wondering if someone could confirm is the below topology is supported. I have a client with 2 Independent ISP circuits delivered as /31s public ranges Circuit 1 is on a 10Gb Bearer capped at 2Gb/s and Circuit 2 is a 1Gb bearer @1Gbs Looking at the HA guide MX_Warm_Spare_-_High_Availability_Pair I cannot see anywhere where is specifies that the interfaces need to match on the MXs configured as a HA pair (unless I missed it). Only that VRRP is required across the LAN Based on this, as only one circuit runs at 10Gb, could I use 1Gb Fibre, or indeed even 1Gb Copper for connectivity (LAN/WAN or both) for the Warm Spare firewall, as the ISP uplink is only 1Gb. Obviously aware that a better approach would be 2 X /29 with WAN switches, to allow 2 X VIP sharing across both ISPs, but for now this is not in scope. Appreciate any comments, thanks
... View more
Aug 22 2024
7:52 AM
1 Kudo
@JustinBennett Couldn't agree more. In fact we've even had scenarios where Cisco have specifically recommended the Meraki C9300 for customer solutions, performing "core" switch services, including DHCP. In once case we had to retain the switches we were replacing to act as a DHCP server! On other occasions we'd had to deploy MS355 to maintain Meraki Continuity. Cannot understand the logic behind these C9300s, not sure they have released/enabled VRRP capabilities. No flexible stacking capabilities as. This is another classic - displays all potential modules even if they are not inserted.! Meraki 9300 Port Module Display
... View more
Thanks Ryan The document explains why I am seeing all possible network Modules. "By default the Switch Port list page will show all possible module ports per Switch regardless of if the module is present" Think everyone would agree that this is far from ideal, appreciate you can add filters but hopefully Meraki will resolve this in the future.
... View more
Hi There. For reference I have logged a call with support. I'm aware that the 9300-M switches are relatively new, however as these are the fully managed merak version (and not switches that were operating as Catalyst devices and separately onboarded into Meraki) I would have expected a correct representation of the available ports. I will update what support comes back with.
... View more
Hi There I have a stack C9300-24UX-M switches. Currently each switch has an 8 Port 1/10G SFP Fibre Uplink Module Installed (C9300-NM-8X-M). When I hover over the 8 Port Module p via the switching/switches view it is obvious that the ports associated to this 8 port module are named C9300-NM-8X / port number. The strange thing is there are additional ports on top of the 24 Copper Ports that are displayed but don't relate to any hardware. Even referencing 3850 devices? (See screenshots) has anyone experienced this is this a bug or issue with the 9300-Ms? Thanks
... View more
Jun 24 2024
10:58 PM
Hi There, was there any resolution or workaround to this. It's a major blocker for me unless an additional.non-meraki provides upstream Dhcp? Thanks
... View more
Thanks. The devices are added to the dashboard and assigned to a network (think I mentioned this in my post), however they are as individual standalone devices.
... View more
Hi There I have a client who will be provided with 3 Stacks of 3 x C9300-48T-M switches. (9 Switches in total). There is a 2 week delay in the devices arriving. So far I have only claimed the devices in the dashboard and assigned to a network. Based on Meraki documentation (Stacking Catalyst (MS390s / C9300-M / C9300X-M) below, it recommends to physically connect the stack with devices powered off, then provide an uplink from one switch to for internet access. https://documentation.meraki.com/MS/Stacking/Switch_Stacks I was wondering what configuration I could pre-stage for instance I want to create SVIs, Routing, DHCP scopes etc, however when attempting to do this the dashboard I need to specify a switch stack, which I is not yet provisioned based on the recommendation I was wondering if it's possible to manually provision stack for these models of switches, which should allow me to preconfigure the network. If anyone has any experience or advice it would be appreciated. Thanks
... View more
May 29 2024
8:13 AM
Hello All I'm in the process of replacing a customer's existing network (Cisco Catalyst 2960x switches), which has QoS enabled. We are migrating to Catalyst 9300M switches. I'll discuss with the customer about their QoS requirements (if indeed required at all) as I suspect the configuration was in place when WAN links were much lower in terms of bandwidth. I've read some great articles on this forum relating to QoS on the MS platform (see below links). https://community.meraki.com/t5/Security-SD-WAN/Meraki-MS-QoS-behavior-question/m-p/203036 https://community.meraki.com/t5/Switching/Recommended-QOS-settings/m-p/206113 From what I gather the Meraki MS provides a much more simplified QoS offering. I just want to ensure I am correct , in my assumption as the Meraki Documentation is rather limited. 1. To enable QoS I have to specifically configure vlan(s) via the below setting. Switch > Configure > Switch settings. Find the section Quality of service. Click Add a QoS rule for this network This allows me to trust the DSCP values on the specific traffic, and/or set the DSCP value if required. By performing the above step I am automatically saying "I want to apply QoS to this traffic" I get the DSCP to CoS mapping and also the associated CoS to Weight x 6, configurable queues. What I can't seem to find is anything to say under what conditions QoS is applied to a link/interface. In "traditional" Cisco platforms QoS only kicked in (excluding policing, shaping) when the interface was congested, assume Meraki operates in a similar manner? Is below the only Meraki documentation on QoS for the MS switches. Meraki Documentation https://documentation.meraki.com/MS/Other_Topics/QoS_(Quality_of_Service) https://documentation.meraki.com/MS/Other_Topics/MS_Switch_Quality_of_Service_Defined Thanks
... View more
Labels:
- Labels:
-
Other
May 23 2024
2:59 PM
Thanks, sorry on that note is there an option to configure inbound fw rules to control traffic from the wan/other private sites?
... View more
May 20 2024
6:08 AM
Great that's a relief. Any experience of failover times with regards to MX running in an HA pair. I've read various resources that indicate this is not always as smooth as expected?
... View more
May 20 2024
3:53 AM
Hi There Looking to replace a customer who has a Pair of firewalls (Checkpoint) connecting into their MPLS WAN in an active/standby HA configuration. For reference these existing Checkpoints do very little part from some basic FW rules. The Checkpoints are not NAT'ing traffic and are effectively acting as routers. I need to ensure that a pair of Meraki MX appliances operating in HA can replace the Checkpoints. I gather that: 1. I need to log a support ticket with Meraki for them to enable the NAT Exempt feature on WAN 2. Obviously need to ensure that the WAN subnet can communicate with Meraki Cloud I've attached 2 diagrams. First Diagram has the Meraki with a transit LAN and the second has all internal VLAN Gateways terminating on the MX LAN. I assume both are supported and from what I gather there is only a requirement to configure IP addresses and VRRP VIP on the WAN links and just a singe IP per Subnet on the LAN side. Is the WAN NAT Exemption fully supported (I'm a little dubious to recommend a solution that relies on having to ask support to enable such a basic feature)? What are typical failover times (based on real world examples) See attached options. Any feedback greatly appreciated Option 1 - Transit LAN Option 2 - VLAN GW
... View more
May 16 2024
3:32 AM
Thanks. I believe it works using the FortiGate as it also acts more like a traditional router. Not sure the MX can route between the LAN in the same manner. As stated will ensure internal LAN (east>west) routing occurs on the L3 switch and any North/South traffic is routed to the Meraki.
... View more
May 16 2024
1:44 AM
Hello All I have inherited a poorly designed non Meraki LAN and a failed migration attempt from a FortiGate Firewall to an MX 85 Appliance. The Failure was due to DHCP clients (VLAN10) were were no longer getting IP addresses from the DHCP server on VLAN 30. The attached diagram displays the LAN setup. The MX essentially replaced the FortiGate with equivalent configuration in terms of routing, and LAN IP address fw rules etc. As per diagram an IP-Helper is set up on vlan10, directing the DHCP requests to the server on VLAN30, 192.168.30.250. I believe the Issue is related to the poorly implemented routing, whereby the return DHCP traffic from the server routes via the Firewall (192.168.30.1) instead of the L3 Switch. The question I have is that this setup worked with the FortiGate, albeit sub-optimal. Does anyone know how the MX would handle the traffic. Unfortunately this migration was carried out before my time and there is no info in terms of packet captures/troubleshooting info. For info there are no firewall rules configured on MX, just the default Any to Any and there is a route for the 192.168.10.0/24 subnet on the MX via L3 switch address 192.168.30.254 Can anyone confirm/suggest if this setup should work as per diagram? Obviously I intend to fix the routing issue and have the L3 switch as GW for all local VLANs and create a transit vlan for WAN egress/ingress traffic. Any help appreciated Thanks
... View more
Apr 15 2024
9:06 AM
Very Simple question. Looking for best practice connecting 2 x M130-48x to a single MX250/450 (we only have a single so not doing ha yet) Internet circuit on a 10Gb bearer capped to 5Gb. MX Will act as layer 3 for a couple of vlans, traffic mostly north south. Is this as simple as connecting each MS to a single 10Gb lan port on MX? would there be any harm in adding another 10G link between each MS which for added redundancy assume Rstp would block the loop. Also if I swapped to 2 x MS225 In a stack assume if I created 2 x 10Gb uplinks to MX (one from each stack member) then RSTP would block one of uplinks. Trying to find the best balance between redundancy and stability. Any chance MX will ever support linK aggregation?. Thanks
... View more
Labels:
- Labels:
-
Other
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 1329 | |
| 1 | 5773 |
