2 MX in warm spare connected to internet providers
2 MS250 in a stack connected to the MX's with a trunk for a transit vlan and vlan 1 for management.
This stack provides L3 connectivity for access vlans.
Several MS250 access switches connected to the MS250 stack with LACP providing the vlan's.
Now we have a new VOIP provider and i am trying to design a good setup.
The provider has 2 separate modem/routers each connected to its own uplink.
Those modems run DHCP with the correct options for our VOIP phones.
The provider has no solution for failover between these 2 links.
I was thinking of some options:
1. configuring a separate access voice vlan at our MS250 stack with a DHCP forwarder pointing to both modems. Problem with this setup is that the modems are unaware of the uplink status to the provider.
With Cisco i could use IP SLA to have the uplink status monitored, but the MS250 does not support that.
Also the MX supports route injection depending on next hop or host icmp response, the MS does not have that option.
2. Place both modems in one vlan, whatever DHCP request gets served first will be used for the phone.
With this option still, when one line fails there is no automatic failover.
3. Using the MX ?
I did not find an uplink check for other interfaces than the WAN interfaces ?
I did find the option to insert a route depending on a next hop ping response or host response. So that would be an option.
However, i am confused on how the VLAN's and interfaces on a MX work. As there are only OUTBOUND or INBOUND rules but not like the ASA rules depeding on an Interface or Zone.
So is it possible to have different access-list setups for separate interfaces on the MX ?
Any other options or setups that i am missing ?
The provider modems do not support routing protocols or FHRP's.
First, awesome question and thanks for including diagrams, this helps us helping you 🙂
Soo I still have a few questions though:
* Is the VoIP Cloud completely separate, meaning it's a dedicated circuit, not a service over the Internet (OTT)? * You said the provider does not provide FHRP and/or failover between the two links. Why do they provide you with two CPEs then? Is there perhaps a documentation from the provider explaining how you're supposed to use his service?
I would go for option 1, but if there is a bit of documentation from the provider that'd be better. There must be a reason why he provides you with two CPEs so clearly some concept of redundancy went into it (from the provider's side). It could also be that you have to do it yourself (as you said via IP SLA) but then Meraki is probably not the best solution.
I see 🙂 An easy option would be to go for additional MXes, depending on traffic and number of phones/devices in the voice vlans and set them up in a warm spare fashion like the current MX just in a different network in the dashboard. You then statically route the provider‘s PBX subnet(s) on the MS250 over a transit VLAN to the new MX pair.
Depending on the provider‘s setup you would need to do 1:1 NAT etc.
This only works if the provider is also providing Internet access over those lines (for the MXes to connect to the Meraki cloud).