Network Setup Opinions

_hill · October 7, 2019, 6:58pm

So networking is definitely my weakest field in IT as a sysadmin. I am currently planning the implementation of some new hardware and have some protocol questions. Below is the basic setup

My main reason for posting is to gather opinions…

Option 1: L3 the MX84 (firewall, VPN device) and L2 the 2 switches connected then to rest of network.

My concern with option 1 is… I don’t see how I could be setting up VLANs when the mx84 only has about 12 ports and I only want the 2 switches connected.

Option 2: L2 the Meraki MX84, then L3 the 2 switches to easily configure VPNs and let the Meraki focus on VPN and security.

Option 3: L3 ALL of the devices, and set 1 switch to statics and 1 to DHCP and seperate zones within… I feel like having L3 connected to L3 is a no no, since I have yet to see any documentation or recommendations on doing something like this.

Any advice is appreciated.

mutation666 · October 7, 2019, 7:38pm

Why not just make a trunk between the two switches ? Dont really understand why 12 ports is a limitation when you have only 2 swithces

_hill · October 7, 2019, 7:42pm

I’ll have over 50 devices hence the need for 2 switches.

I’m re reading my study materials from years ago in CCNA, the docs I’m reading are taking about VLANs in Layer 2 switches. I thought that was impossible since layer 2=non manage mode.

_hill · October 7, 2019, 7:42pm

There also will be a trunk from the MX84 to each switch.

Or would a single trunk the line from one switch to the next be best?

mutation666 · October 7, 2019, 7:42pm

no there are tons of options for managment in layer 2 only devices

mutation666 · October 7, 2019, 7:47pm

I mean it depends on how much fault tolerance you need how often traffic is going up to the router vs to each other device.

_hill · October 7, 2019, 7:54pm

It’s just straight AT&T fiber connection to MX84 so only internet requests going from switches to it.

I guess my main confusion stemmed from me not knowing that Layer 3 switches in DHCP mode could still issue VLANs and other configs.

Thank you

mutation666 · October 7, 2019, 7:55pm

NP yeah you still get all the fun stuff there is very little you lose that most people would really want even operating in layer 2

oO.o · October 7, 2019, 9:11pm

I would add that if you are wanting to take full advantage of the ports on your Meraki, you can spread the vlans out across them, split them up between the 2 switches and then trunk the switches.

This does add some complexity though, so not necesary if you prefer to keep it simple.

xradeon · February 18, 2020, 10:21am

Sorry I know this has been answered, but I just wanted to add some info if someone come by this in the future.

LAN ports on Meraki MX devices act like a switch and by default will trunk all VLANs through each port (so in the OG diagram, instead of 2 switches there is technically 3, the 3rd being the MX itself). When you create networks on the MX, it creates a switched virtual interface (SVI) that is tied to a VLAN. This allows you to create many networks separated via VLANs. By default there’s just 1 SVI on VLAN 1, the default VLAN.

What this means is that the OG diagram will work just fine because the ports connected to the MX are trunked so traffic can pass not only between switch 1 and the MX but also between switch 1 and switch 2 (through the MX).

Be careful with cheap switches in this type of setup, because if you plug the switches together spanning tree on the MX may not block one of the ports and you’ll create a loop. I don’t think this is a problem with setup since OP said they are Layer 3 capable switches so they most likely run spanning tree by default.

The other way of doing this is to chain the switches together:
MX
|
SW 1
|
SW 2

This prevents loops, but relies on SW 1 to be on for clients on SW 2 to work (just in case the power goes out or if SW 1 dies).