Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX and external network fail over - Question / Advice

PeterJames
Head in the Cloud
‎Jun 30 2020 5:08 AM
‎Jun 30 2020 5:08 AM

MX and external network fail over - Question / Advice

Is the following possible on an MX?

 

 - Give highest priority to an SSID used for Card Machines (it should never have to wait)

 - If the broadband fails, the MX switches over to a secondary uplink which only allows the above SSID to work externally. Maybe block the isolated guest SSID.

 - Can the MG21* be used for the above purpose? And are these UK 4G/5G Compatible?

 

And how could you prioritise traffic in the AutoVPN so the main office is really the top priority. Site-to-site connectivity will be infrequent at best.

 

Thank you,

Peter James

0 Kudos
Subscribe
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 30 2020 11:39 AM
‎Jun 30 2020 11:39 AM

I have customers where we block all site to site AutoVPN connectivity with VPN firewall rules.  Perhaps you could consider doing something similar with the VPN firewall rules?

 

If the backup link is cellular you can use cellular firewall rules.

https://documentation.meraki.com/MX/Cellular/3G%2F%2F4G_Cellular_Failover_with_USB_Modems#Cellular_F... 

 

For AutoVPN, you can set a QoS marker, but AutoVPN itself doesn't do anything with it but pass it along.  You can specify a priority for traffic heading to the Internet, but that is not this case.

 

having a think about this, I think you would be best to use a custom performance class.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

You could direct all traffic to use one link, and your card machines to use another, and provide failover.

 

 

ps. When I have configured payment gateways in the past - they tend to have two.  So I tend to configure the terminals to use one link to get to the first gateway and the second link to get to the second payment gateway.  Then the terminals can do failover themselves as well.

 

Subscribe
In response to PhilipDAth
PeterJames
Head in the Cloud
‎Jun 30 2020 10:40 PM
‎Jun 30 2020 10:40 PM

Thanks @PhilipDAth,

 

This has helped edge me closer to how I would want to model this; thank you for those links.

 

Does the MG21 range consider itself to be a cellular connection or just another WAN? This would be the most ideal setup.

 

I suppose all I want is to be able to choose a "priority" connection in the AutoVPN. With notifications if this went down for more than 30 minutes.

 

Do you know if you can have a WAN 3/4 etc? Would it be great if we could offer: Broadband provider 1, Broadband provider 2, Mobile provider 1, Mobile provider 2 for those extra special situations.

 

Thank you,

Peter James

0 Kudos
Subscribe
In response to PeterJames
cmr
Kind of a big deal
Kind of a big deal
‎Jul 14 2020 9:27 AM
‎Jul 14 2020 9:27 AM

Hi @PeterJames the MG21 is considered a WAN by the MX and unfortunately you can only have WAN1, WAN2 and cellular.  There is also the option to get support to convert WAN2 to behave as a cellular interface if you want

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.