Meraki

Community

About Vlad

Re: Separate VLAN for WAN link

by in Full-Stack & Network-Wide
‎Mar 27 2018 6:02 AM
‎Mar 27 2018 6:02 AM
That is a great idea and i think is the correct approach. Having a vlan tag on the WAN interface is "snowflaky" and future Vlad or next admin will certainly forget this config and will lose probably 2-3 hours of their day searching for that 🙂 ... View more

Re: Separate VLAN for WAN link

by in Full-Stack & Network-Wide
‎Mar 27 2018 6:00 AM
‎Mar 27 2018 6:00 AM
These are both DIA links. The immediate issue that I would run into with the MX250 is that the WAN interfaces are SFP+. Both of the ISPs are giving me RJ45 handoffs because we are taking the poor man's approach to getting out to the web and will be ordering two cheap "business grade" providers.  I am taking precautions and will be getting SFP to copper modules just in case, but the plan is to definitely be weary of the costs involved. Eventually, the plan is to get a redundant MX as a warm spare in which case, we'll have go with the vlan-off-the-WAN approach or introduce a "dirty" switch.  ... View more

Re: Separate VLAN for WAN link

by in Full-Stack & Network-Wide
‎Mar 27 2018 4:56 AM
‎Mar 27 2018 4:56 AM
Thanks @RyanB, this totally makes sense. One of the reasons the idea of terminating at the "core" stuck with me is because eventually (hopefully), i'll be deploying a second MX250 as a warm spare and I wanted to build a foundation/standards for the way we'll be doing WAN links. I would terminate at the core (single port) and then I would split out from the core into each of the respective WAN ports on the MX pair. And I think your suggestion of not having to tag the WAN port makes good sense. This might get forgotten or overlooked down the road and will send future me or next admin for a loop, no pun intended 🙂   Another reason to terminate at the core is flexibility in my opinion and please feel free to poke holes in this as much as you please....If we ever have to swap out the firewall and go to a completely different vendor (long shot), we'd be able to set up the devices along side production and failover somewhat seamlessly.  Possibly down the line, if this tiny branch office network expands, I could potentially enable L3 and involve my core in some routing decisions (again, long shot).   My last question for you If I may, is regarding the routing table and the default route. At this point, I should have 2 direct routes, both default, from each of the ISP's and another direct route from the LAN interface(granted there is only a single flat VLAN for local) In order to be able to manipulate traffic, I believe I would modify the Primary WAN option within the MX interface to change the metric for which route traffic would be going out of. Do I need to setup any static routes? How do I specify the default route config or is that automatic and handled by the MX?   Thanks again, This was seriously helpful     ... View more

Separate VLAN for WAN link

by in Full-Stack & Network-Wide
‎Mar 26 2018 3:10 PM
‎Mar 26 2018 3:10 PM
Hello Everyone, I'm new to the forums and wanted to start a discussion regarding a topology that I have in mind for a new office.  Planning on having a single MX250 for the firewall/L3 and stack of MS250 switches underneath. I an planning to bring in 2 ISP's that will provide an RJ45 handoff. That will terminate at an arbitrary port on one of the MS250 switches. My idea was to set a vlan (let's say 1000) on that port and make sure its an access port. Patch that port into the MX250 WAN1 port, from what I can tell, Im allowed to tag a wan port.  Repeat the same with ISP2 (vlan 1001) and WAN2 port. At this point, I should be able to communicate to the cloud, either by statically configuring an IP or getting via dhcp.    Does anyone see any issues with the above design/statements? If not, i'll proceed to the core switch topology and this is where I'm a bit hazy with the way Meraki handles vlaning/routing...   When I configure a port on the MX for the local LAN, on a completely different port with a completely different vlan, do I need top make sure that port is able to carry vlans 1000//1001 or does the Meraki somehow automagically mask that requirement and builds a routing table that will provide connectivity? ... View more
My Accepted Solutions
View all
© 2024 Cisco Systems, Inc.