04-08-2016 12:43 PM - edited 03-05-2019 03:45 AM
Hello
Not sure if this the correct community to post in - but could not find a better match.
We recently partnered with a company whose network infrastructure wired/wireless is completely Cisco Meraki managed. Our network infrastructure is traditional IT managed routers, and switches.
We are now faced with a request to open up our switch ports at one of our locations so the users from this partner (on Meraki infrastructure) can have connectivity back to their 'meraki cloud of about 10+ sites. I've done some research on the meraki, but from what i see it is cloud managed - so providing basic layer 2 port on our switch port for that user does'nt seem to cut it. I do not have details into how meraki works without a support login. But, am quite familiar on the cisco side and our lan connectivity uses 802.1x authentication with traditional wired/wireless connectivity.
As meraki is now with cisco - wondering if anyone here has any experience on the same. Or any pointers to such an integration
thanks in advance
aram
Solved! Go to Solution.
04-12-2016 09:49 PM
The answer would really depend on several things like:
1) Type of Cisco switches that you have
2) Type of Meraki gear that you are trying to integrate with
3) What is your current network layout
4) Do you have overlapping IPs and VLANs between the two networks
5) Do you need segmentation, Firewalling, etc between the two networks
Overall, you should be able to connect the two networks just fine. Meraki has both L2 and L3 devices. The L2 devices do support certain flavors of spanning-tree so that will be a consideration there.
If possible, and if both networks support it, then I would suggest doing a L3 connection between the two. That way you won't be extending the L2 diameter of your network and can protect yourself from some nasty spanning-tree related issue.
If you have some overlapping IPs then you can even consider placing a Firewall in between and perform some NAT and routing.
With regards to 802.1x and ISE. At the moment, Meraki's capabilities on the switch side are limited. For more info check out the following guide that was recently updated:
Thank you for rating helpful posts!
04-10-2016 04:59 PM
Hello Aram-
Yes, the Meraki hardware is all managed via a cloud controller. Thus, admins and Meraki devices will need to have access to the internet. You can also configure the access to be limited to only the IP addresses of the Cloud Controllers but that is not ideal as those IPs might change.
I hope this helps!
Thank you for rating helpful posts!
04-11-2016 04:05 PM
Thanks much. Appreciate the response
I get it that the Meraki is cloud managed. But, wondering given this scenario - if we can provide switch port layer 2 or 3 connectivity to the partner Meraki network from our traditional internal IT managed network.
basically, they want to use our cabling, patch panels and switch ports to connect to the meraki network :-)
-aram
04-11-2016 07:33 PM
Can you confirm which one is your concern:
1. Giving users access on your network so they can access Meraki's management console?
Or
2. Providing connectivity L2/L3 from your network to the Meraki network?
Thank you for rating helpful posts!
04-12-2016 08:18 AM
#2 - how to provide l2/l3 connectivity from our network to the meraki network.
thanks
04-12-2016 09:49 PM
The answer would really depend on several things like:
1) Type of Cisco switches that you have
2) Type of Meraki gear that you are trying to integrate with
3) What is your current network layout
4) Do you have overlapping IPs and VLANs between the two networks
5) Do you need segmentation, Firewalling, etc between the two networks
Overall, you should be able to connect the two networks just fine. Meraki has both L2 and L3 devices. The L2 devices do support certain flavors of spanning-tree so that will be a consideration there.
If possible, and if both networks support it, then I would suggest doing a L3 connection between the two. That way you won't be extending the L2 diameter of your network and can protect yourself from some nasty spanning-tree related issue.
If you have some overlapping IPs then you can even consider placing a Firewall in between and perform some NAT and routing.
With regards to 802.1x and ISE. At the moment, Meraki's capabilities on the switch side are limited. For more info check out the following guide that was recently updated:
Thank you for rating helpful posts!
04-13-2016 09:45 AM
Thanks.. the howto doc and corresponding response you sent in is quite useful. appreciate that
04-13-2016 10:27 AM
You are welcome! Glad I could help :)
Best reagards,
Neno
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide