Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1297
Views
2
Helpful
7
Replies

New Office Setup with Routing and Switching

Go to solution
manojyesh
Level 1
Level 1

‎02-17-2025 02:41 AM

Dear Team Members,

Greetings,

I have a new requirement to set up an office using Cisco Meraki with MX105. I will be utilizing the C9300 core switch for IP routing and a 10 Gbps SFP uplink to each Layer 2 (L2) access switch, C1200, to manage VLANs between networks.I have four L2 access switches, each with a 10 Gbps SFP connection, and my plan is to connect the core switch C9300 via 10 Gbps SFPs to each of these switches C1200 by SFP. I will create the following VLANs:

- VLAN 10 for the Data Network

- VLAN 20 for Voice

- VLAN 30 for Server

- VLAN 40 for Management (which will be the native VLAN for all switches)

Here are the specific IP address configurations for each VLAN:

- VLAN 10 (Data Network): 172.16.10.0/22

- VLAN 20 (Voice): 172.16.20.0/23

- VLAN 30 (Server): 192.168.0.0/24

- VLAN 40 (Management): 172.16.100.0/24

The core switch will have the IP address 172.16.100.1/24, and routing will be handled on the core switch along with the L2 access switches. Additionally, the Cisco Meraki will be assigned the IP address 172.16.100.254/24.

Could you please guide me on which routing protocol I should use on the core switch C9300 to facilitate communication with neighbor switches for voice and data traffic? Yes, there will also be inter-VLAN routing between the different VLANs.

Regards

Manoj

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎02-17-2025 03:02 AM

@manojyesh 

 You dont need to use dynamic routing protocol in a small topology like this. The only routing you need is a static routing on the 9300 sending everything to your MX105

ip route 0.0.0.0 0.0.0.0 172.16.100.254

On the Meraki side, you can create specific routers pointing to your 9300 for each vlan, 

Just a head up that 9300  is not a Core switch although you can use anyway you want. But, you need to check license because core switch is suppose to have network advanced license in order to perform routing.

Between your 9300 and 1200 you will use layer2 basically. 

 

View solution in original post

Go to solution
liviu.gheorghe
VIP
VIP

‎02-17-2025 03:08 AM

You actually don't need a routing protocol for your setup if all your VLANs are known to the C9300 switch and you define a SVI for each VLAN, all hosts in different VLANs will have their default gateway the IP of the corresponding SVI for that VLAN. The C9300 will route between SVI which are connected interfaces. 

You should check that you have enabled ip routing on your C9300. Enable it with the following configuration command:

ip routing

You will also need a default route probably pointing to your MX.

HTH

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

0 Helpful

Go to solution
liviu.gheorghe
VIP
VIP
In response to manojyesh

‎02-17-2025 04:18 AM

Yes, you do need static routes for each VLAN in order to permit the return traffic from the MX.

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

7 Replies 7

Go to solution
Flavio Miranda
VIP
VIP

‎02-17-2025 03:02 AM

@manojyesh 

 You dont need to use dynamic routing protocol in a small topology like this. The only routing you need is a static routing on the 9300 sending everything to your MX105

ip route 0.0.0.0 0.0.0.0 172.16.100.254

On the Meraki side, you can create specific routers pointing to your 9300 for each vlan, 

Just a head up that 9300  is not a Core switch although you can use anyway you want. But, you need to check license because core switch is suppose to have network advanced license in order to perform routing.

Between your 9300 and 1200 you will use layer2 basically. 

 

Go to solution
manojyesh
Level 1
Level 1
In response to Flavio Miranda

‎02-17-2025 03:20 AM

Yes i am purchasing DNA for core switch and my core switch will be responsible for routing keep less load on the meraki as i will be doing ikev1 and ikev2  between 21 branches and all branches have Cisco 800 and C9214p router currenlt Ipsec with ASA.

I am replacing ASA with Cisco Meraki MX105 as it is EOL.

My other vlan will only communcate with L2 switch so i am just keeping core swict will handle the main routing.

Please advise best solution.

Thankyou for the support.

 

 

0 Helpful

Go to solution
liviu.gheorghe
VIP
VIP
In response to manojyesh

‎02-17-2025 03:24 AM

This is your best solution as detailed by @Flavio Miranda and myself in the earlier posts.

HTH

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

Go to solution
manojyesh
Level 1
Level 1
In response to Flavio Miranda

‎02-17-2025 04:10 AM

@ Flavio,

Do i need to add static route from MX to each VLAN on core switch for inside users to access internet since the internal VLan are all on different subnets.

Please advise.

Regards

Manoj

0 Helpful

Go to solution
liviu.gheorghe
VIP
VIP
In response to manojyesh

‎02-17-2025 04:18 AM

Yes, you do need static routes for each VLAN in order to permit the return traffic from the MX.

Regards, LG
*** Please Rate All Helpful Responses ***

Go to solution
liviu.gheorghe
VIP
VIP

‎02-17-2025 03:08 AM

You actually don't need a routing protocol for your setup if all your VLANs are known to the C9300 switch and you define a SVI for each VLAN, all hosts in different VLANs will have their default gateway the IP of the corresponding SVI for that VLAN. The C9300 will route between SVI which are connected interfaces. 

You should check that you have enabled ip routing on your C9300. Enable it with the following configuration command:

ip routing

You will also need a default route probably pointing to your MX.

HTH

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

Go to solution
manojyesh
Level 1
Level 1

‎03-13-2025 09:23 PM

Dear Team Members,

I am currently using IKEv1 for my site-to-site IPsec VPN between Cisco routers, utilizing a DDNS service from DynDNS (xxx.dyndns.com) at the Head Office (HO). All my remote sites are configured to connect to the HO using this DDNS. The VPN is functioning perfectly.

I am planning to replace my existing HO router with MX105. I need to support both IKEv1 and IKEv2 because the old routers only support IKEv1, while some of the new 900 series routers support IKEv2. On the new router, I would like to discontinue IKEv1 and configure IKEv2 to connect with the HO.

I have searched through various posts but have not found any specific guidance on configuring IKEv2 with a DDNS peer for a site-to-site IPsec VPN.We need to set proposal, policy,keyring, profile and cryptoipsec. I would appreciate any support or configuration examples you could provide for setting this up.

I am attaching the IKEV1 config below which is running on our existing routers from individual branch.

crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key <presharedkeyho> address 0.0.0.0
crypto isakmp keepalive 20
crypto isakmp nat keepalive 20
!
!
crypto ipsec transform-set setA esp-des esp-md5-hmac
mode tunnel
!
!
!
crypto map mapA 1 ipsec-isakmp
set peer xxx.dyndns.com dynamic
set transform-set setA
match address 130

Thank you for the support and assistance.

0 Helpful
Customers Also Viewed These Support Documents