MX warm spare setup

TEO1
New here

MX warm spare setup

Hi all,

I have a single ISP modem, two MX68CW-NA, a single 48 port meraki switch and 4 access points

I would like that if the primary mx goes down, the secondary should take over. Below is the little sketch.

 

TEO1_0-1671135381969.png

 

Please i would like to know if the set up is correct or the best way it should be set up.

Thank you

 

7 Replies 7
KathleenJ
Meraki Employee
Meraki Employee

Hi Teo1,

 

Thanks for the great question. The way that you would want to do this is have two unique IP addresses for each MX to connect to the cloud, then use a virtual IP address for non-management communication. Below is a KB that explains the setup and also the datasheet for your MX's.

 

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

 

https://documentation.meraki.com/MX/MX_Overviews_and_Specifications/MX67_and_MX68_Datasheet

 

Kathleen

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
TEO1
New here

Thanks for responding. I just want to make sure that i have understood your response. When you say "have to unique IP addresses" do you mean having two internet service providers?

KathleenJ
Meraki Employee
Meraki Employee

Having two ISP's for redundancy is the considered the best practice. The is because having a single ISP offers a single point of failure if your internet goes down with no backup. Alternatively, you can pay for a second IP from your service provider for the second MX but you will only have redundancy if there is a hardware failure on the MX and not an internet failure.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
TEO1
New here

Thank you so much. One more question, will the secondary MX pick up the same vlans from the primary, do i need to do any config changes on the secondary MX. Should i adopt the secondary MX after completed setting up the network with the primary MX. What is the best practice?

KathleenJ
Meraki Employee
Meraki Employee

First off I don't know what "Should i adopt the secondary MX after completed setting up the network with the primary MX." means. 

When you do an HA pair here are some things to keep in mind:

  • you only need one MX license (it will be shared by both MX's) as long as the second MX is only used for failover.
  • You must have two unique IP addresses, one for each MX. Best practice dictates that they be from two different ISPs.
  • You only need to configure the primary MX.

 

I think that taking a look at this KB will answer all of your questions and walk you through how to set this up. MX Warm Spare - High-Availability Pair - Cisco Meraki

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
cmr
Kind of a big deal
Kind of a big deal

@TEO1 yes, you set up the primary MX with one IP from the ISP and then add a warm spare where you will need a second IP from the ISP.  The second (warm spare) MX will pick up the rest of the config from the first.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Ian-V
Meraki Employee
Meraki Employee

Just to add on to Kathleen's comment above, we also recommend incorporating a 2nd switch into the topology to avoid having a single point of failure.  This portion of the doc that Kathleen linked to shows what this topology would look like: https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#Recomme...

 

Thanks

Ian

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.