Hello,   As mentioned you will get a more rich experience and fully featured SD-WAN using an MX.   However, if all you’ve got is an MS250, I will note one feature you might be able to leverage, which would be ECMP routing.   If both upstream gateways can run OSPF and if they both can advertise a default external route (0.0.0.0/0) to the MS250 with the same cost, the MS250 will load balance traffic to both gateways using ECMP.   It is purely active/active and won’t provide as much flexibility as an MX (nor will it do NAT), but it is a possible configuration to use in a pinch.  ... View more

I would like to clarify the distinction between the STP event and the link event to remove any confusion.   When a switch port experiences a loss of PHY (link goes down), it is at this point that STP also "disables" the port. In other words, the meaning of these events is not that the port is being disabled by STP. The meaning is that as a result of the port going down, the STP state changes to disabled.    Even if the event log ordering may be reversed, this is still the case. This may not explain why a port goes down, only to clarify that it's not going down because of any STP state -- the STP change is itself a result of the loss of link status.   This does not explain all cases but also be aware many devices have various power save and optimizations present on the Ethernet side and may result in downgrade or link speed or bringing a link down for periods of time. ... View more

You will want to make sure there is an IGMP Querier active in each VLAN where multicast flows will be passing through. When an L3 interface is set to enable "Multicast Routing", this interface will also run an IGMP querier, so for VLANs where multicast routing-enabled L3 interfaces exist, there is no need to additionally configure a separate querier interface.   It should be fine if the L3 interfaces are on the L3-enabled core stack but the multicast stream sources are attached to the downstream L2 access stack -- as long as there is L2 visibility.   If you are only doing local inter-VLAN routing for the multicast streams (between VLANs on the core stack) the configuration of the rendezvous point is not as important, but as a good practice, it would be most efficient to assign the RP to the L3 interface which is in the same VLAN as the sources.   When a switch running multicast routing begins to receive a new multicast stream, it will bundle the packets of the stream into an encapsulated unicast packet stream, transmitted directly to the configured rendezvous point. This is to ensure the rendezvous point always knows about the different source streams that exist in the network, no matter where they are. If the native streams are directly received in the VLAN with the rendezvous point from the get go, this unicast-encapsulated transmission to a remote rendezvous point is avoided.   Additionally, it would be highly recommended that your network is configured to have IGMP Snooping enabled, and to disable unknown multicast flooding. Both can be set from the Switch --> Switch settings page in Dashboard.   If you've never touched this, the default settings have IGMP Snooping enabled, but unknown multicast flooding is not disabled by default, so it would be a good step to address this.   Finally, it would also be good to use the current MS 11.x firmware if you are not already, as there are several improvements and issues that have been addressed with respect to multicast routing. ... View more

This is not possible. However, if you have two MS350s configured either using warm spare (VRRP) or in a switch stack, DHCP leases will be synced among them for failover purposes if you run a DHCP server. ... View more

Hello,   You are correct. A switch treats a received multicast packet as unknown when the destination group is one for which the switch has not observed an explicit group join (signaled via an IGMP report packet).   If flood-unknown is enabled, such packets will get forwarded out all ports (except the ingress port). If flood-unknown is disabled, then the packet would only get forwarded out the ports where an IGMP querier or MRD advertiser is known. If none are known, the packet will be discarded by the switch. ... View more

That would appear to be a fairly straightforward configuration. If the multicast sender and multicast receiver are both in VLAN 111, and you have also enabled an IGMP querier in VLAN 111, you should be good to go provided the receiver properly sends an IGMP report expressing the desire to join the group. Since the sender and receiver are both in the same L2 domain (VLAN 111) there is no need to use multicast routing.   The way this would normally work is that as soon as Switch 2 gets the IGMP report packet on the port leading to Switch 3, switch 2 will begin passing stream out that port (and likewise for Switch 3 to pass over to Switch 4).   If you've not done so already, I would recommend upgrading to the current release candidate firmware (10.40 as of this post). Particularly if you're on any MS 9.x, or older 10.x firmware, there are a variety of bug fixes related to IGMP snooping.   If this does not work, you may want open a case with Support to have it looked at more closely. ... View more

The MS120 does support a DHCP relay configuration. You go to: Switch --> Routing & DHCP   Press the button to add an interface, and select the MS120 as the switch you are adding an interface on. Since the MS120 is an L2 switch these interfaces are limited in their operation. They cannot be used for general purpose routing or full fledge DHCP servers -- only DHCP relay and IGMP querier configurations are supported.   The following article explains how a DHCP relay works: https://documentation.meraki.com/MX-Z/DHCP/Configuring_DHCP_Relay   Note this article references configurations on an MX instead of MS, but the MS also supports this same relay functionality. ... View more

Hey Piet,   These warnings are actually ones you don't want to ignore, particularly if you are planning to introduce redundant links down the road.   Your network must be on the MS 10.x firmware release, as this is the version where BPDU conflict logging was introduced, as part of overall enhancements to anomaly detection.   If I understand correctly your topology is something like this: You've got a switch, ROOT BRIDGE, to which one port has a connection with a Ubiquity AP.   Then you have three Meraki switches: Workshop, Admin and Grape Office   Each of these three switches has another Ubiquity wireless bridge connected, and all three of them wirelessly bridge back to the AP connected to your root switch. The outcome is that from the perspective of your root switch, all three of these Meraki switches are downstream from the single port with the wireless bridge.   This is where your problem is stemming from, and what the logging has identified. The wireless bridge solution is for all intents and purposes acting as a dumb L2 switch. This dumb/unmanaged switch effectively interconnects four of your switches in a star topology: (A) ROOT BRIDGE (B) Workshop (C) Admin (D) Grape Office   In addition, you have a 5th "pseudo-switch", the unmanaged L2 switch formed by the wireless bridging, I'll refer to as: (E) Unmanaged Switch   For the remainder of this post I will refer to these switches by A, B, C, D and E per the above list. The switches A through D must be running RSTP, not legacy STP, as the warnings you see logged are only produced from segments operating in RSTP mode.   Now here's the problem: When any of the four switches A through D transmits a BPDU, the BPDU will be received by switch E (unmanaged switch / wireless bridge). BPDUs are sent to a special destination of 01:80:C2:00:00:00. This is the well-known address used by the IEEE STP/RSTP protocols.   If a switch supports STP, when it recevies a BPDU with this special destination address, it does not forward the BPDU out other ports. It just uses the data from the BPDU for its own STP calculations, and then may generate its own BPDUs to send out other ports.   But in the case of switch E, (R)STP is not supported, it's just an unmanaged L2 switch. So when E recevies a BPDU from any of the switches A through D, it will just flood the BPDU out all its other "ports" (wireless links in this case).   Example: (1) Switch A transmits a BPDU. (2) Switches B, C, and D all receive this same BPDU.   This is the root of the problem. It would actually be fine using legacy STP, in which a port won't become forwarding until the expiration of a long timer, which can be around 30 seconds. But with RSTP, ports become forwarding rapidly (hence the name RSTP!).   The mechanism RSTP uses to rapidly transition a port into the forwarding state and bypass the 30 second delay of the old standard is through the use of a proposal/agreement negotiation between ports. Instead of wating for timers to expire, a port will send out an initial BPDU with a "proposal" flag set. The other port that receives this "proposal" BPDU will send out a responding BPDU with an "agreement" flag set.   This affirmative proposal/agreement process is the primary mechanism used by RSTP to converge faster than the legacy standard which exclusively relies on waiting for timer expirations.   The problem: This proposal/agreement mechanism is exlcusively point-to-point, it only works between explicit pairs of ports. It does not work in your scenario where a proposal BPDU from A is received by B, C, and D, with all of them potentially sending their own agreement responses (and then these agreements would again get flooded to all switches!).   In this scenario, RSTP convergence becomes undefined and may be unstable and/or introduce temporary loops that could come and go. Now, with your current topology you don't actually have any physical loop, so even with the RSTP convergence imstability, there is no risk of an actual loop forming, as it's physically impossible.   However, if you add a redundant link down the road such that there is a real physical loop that relies on spanning tree to be handled, now the door will be open to encounter more impactful problems.   Personally, I would recommend not using the single AP on the root switch to wirelessly bridge down to your three other switches. If you add two additional APs and have your three switches wirelessly link up to dedicated APs on the root bridge, then you will avoid this problem scenario. ... View more