Meraki Go Switch Config WAN and LAN

suths
Conversationalist

Meraki Go Switch Config WAN and LAN

I'm not network eningeer, but I have managed to setup a server rack that's working well.

However, the internet in my area can be quite temperamental so I'd like to configure multi wan with 2 ISPs. 

 

  • I currently have the following home setup for an access point in my loft:
    • ISP1 > Router > Switch > Switch > AP 
    • Fibre Broadband > Firewalla > GS110-24P > GS110-8P > GR60
  • I have a teltonika rut950 that I will use as an ISP2 with an aerial in my loft that I'd like to connect back through to the router via the switches like this: 
    • ISP2 > Switch > Switch > Router 
    • Teltonika RUT950 > GS110-8P > GS110-24P > Firewalla 

I hope that makes sense. The Firewalla can run with the RUT950 as a failover (I've tested that). So is it possible to do this by configuring the ports on the switches to accept (route) a WAN signal back to the router. Is so, how would i do this?

5 REPLIES 5
suths
Conversationalist

@Meraki ?

Xydocq
Building a reputation

hello @suths 

 

First of:

 


@suths wrote:

The Firewalla can run with the RUT950 as a failover (I've tested that). 


How did you connect the Firewalla and the RUT950 to make that work?

suths
Conversationalist

The Firewalla Gold has a multi wan option in its network setup and that can be configured as load balanced or failover 👍

Xydocq
Building a reputation

Thanks for the information.

 

I don't run Meraki Go switches, so this is a wild guess. What you definitely need, is the ability to create different VLANs. If you can't do that, it will not work.

 

If you can:

 

VLAN1 will be used to allow communication on your LAN, and VLAN2 is for the WAN-failover. VLAN1 runs with DHCP-server, VLAN2 has DHCP disabled.

 

The LAN-port on the Firewalla is connected to port 1 of switch 1, this port is set to act in Trunk-Mode, Native VLAN is VLAN1 and ALLOWED VLANS are all but VLAN2. The failover-WAN-port of the Firewalla is connected to port x on switch 1. Port x has to be set to Access-Mode with VLAN2. The connection between switch 1 and switch 2 is set to be in Trunk-Mode, Native VLAN is VLAN1 and Allowed VLANS is "all".

 

The RUT950 is connected on a LAN-port to port y on switch 2, setting needs to be Access and VLAN2, just like port x on switch 1. THE RUT950 needs to have a static IP within the range of VLAN2 on the used LAN-port, no DHCP. The failover WAN-setting on the Firewalla need to point at the RUT950's LAN-IP.

 

There is another option to connect the Firewalla and the RUT950 directly to each other, when you don't have a cable that long.

"Ethernet over Power" I was using that quite some time to connect my router on 2nd floor to my ISP's modem on 1st floor. To make that connection "kinda" secure you will need to set a special subnet on the RUT950, one that only allows 2 usable ip-addresses. One for the RUT950 and one for the Firewalla.

A word of warning: Ethernet over Power can be hacked! I was able to access my neighbors LAN, who was using EoP with a regular 24-subnet and DHCP enabled. You have to limit the ip-range and disable DHCP on it. 

 

As example: 172.31.255.8/30 (255.255.255.252) usable addresses are 172.31.255.9 and 172.31.255.10.

 

I am just telling you what worked for me in the past. I don't recommend any product to buy nor can I say, if this will work for you.

 

suths
Conversationalist

Thanks for your advice on this, I've not had a lot of success with vlans between meraki go and Firewalla, the meraki go equipment whilst rock solid is basic.