MX250 using 2 different ISPs on WAN1 and WAN2, how do I set this up?

SOLVED
ParatrooperJoe
Here to help

MX250 using 2 different ISPs on WAN1 and WAN2, how do I set this up?

We are a school serving almost 1300 Students and 150 staff.  We currently switched our ISP from charter to Spirit Communications.  However, we have a space in our building that we rent out, and provide them with internet (which they reimburse us for a portion of that internet access.) However, now that we have switched to Spirit (which we get discounts through E-Rate) we can not alow this third party to utilize the services from Spirit.

 

Therefore, we need to have Spirit on WAN 1 (providing internet to our school) and put Charter on WAN 2 (for the 3rd party company).  I have not found a way to set any ISP IP addresses, subnet, gateway, etc for WAN 2, so I am guessing I will need to do some sort of VLAN Addressing, but I have not found a way to set anything for WAN 2.

 

So To recap, I need WAN1 to remain SPIRIT and WAN2 to link with Charter, while WAN1 and WAN2 remain separate and unable to see each other on the network.

 

Any Advice is appreciated!

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

Put the space you rent out into a seperate VLAN (and hence subnet).

 

Use traffic flow preferences to set that subnet go out a specific WAN circuit (under Security Appliance/Traffic Shaping).

 

 

Screenshot from 2018-10-03 13-15-58.png

 

View solution in original post

12 REPLIES 12
PhilipDAth
Kind of a big deal
Kind of a big deal

Put the space you rent out into a seperate VLAN (and hence subnet).

 

Use traffic flow preferences to set that subnet go out a specific WAN circuit (under Security Appliance/Traffic Shaping).

 

 

Screenshot from 2018-10-03 13-15-58.png

 

 

Realized I had to put "Any" in Destination instead of leaving it blank

Hey Phillip, I have another question about this one....

 

Under Routing, What do I put as the MX I.P. for my leased out internet, on WAN 2, using a subnet of 10.20.0.1/20?  I tried using the true IP address of the MX and it threw an error....

 

 

 

 

Under routing?  Where are you seeing that heading?

Screen Shot 2018-10-03 at 2.22.30 PM.png

I put the subnet in as the MX I.P. for now so I could save it..... If I try and put the actual I.P of the MX (172.20.0.1) it gives an error (which makes sense, because it is on the other VLAN)....

Each VLAN needs a unique subnet, and the MX should have a unique IP address in that subnet.  What you are showing is fine.

I guess Im having an issue understanding the purpose of the MX I.P then....

 

I only have the one MX250 and it has an IP of 172.20.0.1

 

So how is setting VLAN 2, with an MX IP of 10.20.0.1 going to do anything? 10.20.0.1 doesnt actually exist, I just made up that subnet....

 

Also, currently, the MX250 (172.20.0.1) is acting as the DHCP server. With this is mind, and having Charter traffic go across WAN 2, how will they get IP addresses in to 10.20.0.1/20 ranges?  

 

Maybe this is a case of a lack of understanding on my part, of how this works ?

You need to plumb this third party into VLAN2.  You can do this via VLAN trunking, or plug them directly into some ports in VLAN2.

Okay, yeah that makes sense.

 

I plan on tagging an empty port (19 i think) as VLAN 2.  That port will lead to all the AP's and hard lined devices that will be using the Charter internet.

 

So what you are saying,(correct me if im wrong) is that once I make that physical link, and tag that port as VLAN 2, the current settings we talked about in above replies, are good to go and the Clients that will be using Charter should be good.

Yes.

AjitKumar
Head in the Cloud

Hi,

 

On boarding 2 ISPs on MX 250 shall not be a challenge. All models of Meraki MXes support 2 WANs.

This can be configured from Local Status Page of the Hardware ( Connecting a PC to Management Port).

I am sure you know about this.

 

Now segregating WANs each for 2 different organization.

One idea shall be to take the advantage of “Traffic Shaping” Feature [Security Appliance->Traffic Shaping]. You may create 2 different subnets on MX250 and with the help of Internet Flow Preferences can route the Traffic to desired WAN.

You may configure L3 Firewall rule to deny any communication between the subnets [Security Appliance->Firewall].

 

However I believe if one the Link fails all the traffic shall move on to the active link.

 

Syndicate Technologies Cisco Meraki Traffic Shaping.PNG

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.