Meraki

Community

Cannot ping backup interface

community_name
Just browsing
‎Jun 25 2020 8:11 AM
‎Jun 25 2020 8:11 AM

Cannot ping backup interface

I have an MX-100 with two WAN circuits. One is "Active" and the other is "Ready". I can ping the active interface IP. I cannot get ping replies on the ready interface.

 

If I start a ping and run a packet capture on the ready interface, I can see packets arriving and replies leaving, but the replies never make it back to the host of origin.

 

If I run a traceroute back from the ready interface, the first hop is 192.168.0.1 . This network hasn't been configured anywhere on the device.

 

Can anyone tell me what's going on? Is this normal for a backup interface?

0 Kudos
4 Replies 4
LuisCruz
Here to help
‎Jun 25 2020 11:38 AM
‎Jun 25 2020 11:38 AM

Hi,

 

Is there an specific reason why you are trying to ping the WAN interfaces from the LAN? The 192.168.0.1 is the  internal firewall interface which is the internal user's default gateway, this is the default configuration of the firewall which allows the firewall to provide internet access right out of the box. you should be fine as long as both interfaces are in the firewall are registering to the dashboard as Active/Ready.

 

Also, part of the default configuration is to have WAN load balancing disable, if you want to enable load balance (Active/Active) you need to enable it under:

 

Security & SD-WAN --> Configure --> SD-WAN & Traffic Shaping --> Uplink selection --> load balancing

 

Hope this helps.

 

 

0 Kudos
In response to LuisCruz
community_name
Just browsing
‎Jun 25 2020 1:38 PM
‎Jun 25 2020 1:38 PM

Hello,

 

Sorry, I should have been more specific. I am trying to ping the outside interface from a host on the internet, not from the LAN. The IP address 192.168.0.1 is not configured on any interface on the router. Those have all been configured with 10.x.x.x/8 addresses, so I'm not sure where it's getting the 192.168.0.1 address from. 

 

Also, 192.168.0.1 shows up in the arp table with the same MAC address as the external gateway IP. I've no particular need to load balance, but if it will fix the issue I can look into it. But I want to understand why this device is working (or failing to work) the way it is.

 

Thanks

0 Kudos
In response to community_name
LuisCruz
Here to help
‎Jun 25 2020 3:12 PM
‎Jun 25 2020 3:12 PM

I have dual internet circuits terminated on my MX68, running Active/Ready and can ping both from the internet so yes, you should expect the same results. The problem you are describing seems to be related to the circuit itself, not the MX. I'm curious to know if the same carrier is providing both circuits, but anyway, if that's something you really need to pursue, I'd have a ticket open with your ISP provider.

 

Hope this helps.

 

0 Kudos
In response to LuisCruz
community_name
Just browsing
‎Jun 26 2020 5:19 AM
‎Jun 26 2020 5:19 AM

That's actually what I was thinking. But it's still strange to me that the first hop outside is a non-routable address. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.