Auto WAN failover to Cellular - MX67C

SOLVED
ID_IT_Dept
New here

Auto WAN failover to Cellular - MX67C

I have active SIM cards in all my MX67C appliances, to act as internet backup if my wired WAN internet service goes down.  My assumption is that if the wired WAN goes down, the device should automatically failover to the cellular internet service.  The only way I've been able to get the failover to work is to physically unplug the wired WAN ethernet cable, or disable the port.  It seems the 'trigger' for the cellular backup to kick-in is a loss of layer 1 on the wired WAN port.  In most cases, when the wired internet service goes down, the layer 1 connection is still intact between the MX67C and the ISP router, so the MX 'thinks' the connection is still active and does not fail over to the cellular service.  Is anyone aware of a way to setup a heartbeat ping to something on the internet or another 'logical' way for the MX to verify wired WAN internet service?  I need the failover to be triggered by something at the layer 2 or 3 level.  Having to have someone physically unplug the cable is a nuisance, and administratively disabling the WAN port is dangerous, as I would have no way to get back into the appliance if the cellular backup did not come online.  Also - I do NOT want to run the two WAN connections in an active/active or load balancing config, as I pay by the GB when the cellular connection is active.  I only want the cellular service to come on if the primary wired WAN connection fails.  

1 ACCEPTED SOLUTION

Details of Connection Monitor here

 

The Connection Monitor timers aren't configurable in dashboard. If you have a Meraki SE that supports you they can help adjust back end timers. Or, contact Support and they should also be able to help.

 

That said if your MX-C is never failing over to cellular that leads me to believe something is going on and this isn't a timer issue. Again, that would be a great opportunity to engage Support.

View solution in original post

5 REPLIES 5
Ryan_Miles
Meraki Employee
Meraki Employee

In the event of a soft failure it can take up to 5 mins to fail the wired link. Have you waited longer than 5 mins to verify it does eventually kick over to cell?

 

If you contact Support they might be able to help shorten the timers for soft failure detection.

Hi @Ryan_Miles

 

Yes the duration was longer than 5 minutes (closer to 15 before anyone noticed the internet was down).  Can you tell me what the criteria is that the appliance looks for to decide to failover, and if there are any settings that can be adjusted for sensitivity?  I'm used to working with command line devices like ASAs where you can setup a heartbeat to check for actual internet connectivity, then take appropriate action after a certain number of missed heartbeat pings.  Other than having an active SIM card in the MX appliance as a backup, I didn't see any actual settings within the MX to tweak convergence sensitivity or the criteria that is being used to determine when the WAN goes down.  If the cable is pulled, the connection fails over immediately, but as mentioned, layer 1 is not a true indicator of the WAN being down.  What actually happens behind the scenes from a protocol standpoint?  Is it similar to VRRP/HSRP?  I reached out to support in parallel, but just wanted to post the question here as well, as I assume there are others that have cellular backup in place.  Just curious what other folks have experienced and if there may be an option that I am not aware of to tune the settings a bit. 

Details of Connection Monitor here

 

The Connection Monitor timers aren't configurable in dashboard. If you have a Meraki SE that supports you they can help adjust back end timers. Or, contact Support and they should also be able to help.

 

That said if your MX-C is never failing over to cellular that leads me to believe something is going on and this isn't a timer issue. Again, that would be a great opportunity to engage Support.

Thank you for the info @Ryan_Miles .  I will work with support to continue to troubleshoot this.

As I understand it, the failover will not occur because the link from your MX to your WAN ISP is still active and even though the ISP link is down, the MX67C will not failover. For the failover to occur, 3 things must ALL fail. 1.) DNS lookup, 2.) ICMP/HTTP failure and 3.) ARP failure to gateway. Since the ISP upstream link is failing, not the local Ethernet link between MX and Say Cable Modem, the failover will not trigger. 

See link: Connection Monitoring for WAN Failover - Cisco Meraki

"Note: An MX will only failover to a backup cellular connection if all three tests (internet, DNS, and ARP) are marked as failed."

I have not found a way to disable the ARP monitoring before failover, so this make the failover feature very less usable! This is as of Current version: MX 18.107.2.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels