Meraki

SimonReach · ‎Dec 2 2024

Hi everyone, we've got 2 WAN links to the internet at our main site. WAN 1 is a 200Mb link and WAN 2 is a 50Mb link. This is all configured through a Cisco Meraki MX and MS network.

All of the Cisco phones were migrated today from CUCM to Webex Calling, all the phones are on a vlan of 1200 and in Flow Preferences within SDWAN & Traffic Shaping on Meraki, i've setup internet traffic for that VLAN to go out through WAN 2, so source is 10.1.200.0/24 with any port and any destination. I've also setup a rule that says any traffic going in to that vlan goes through WAN 2 as well, i've also added additional rules for any UDP traffic with a source port of 9000-9009 and 5060-5070 will go through WAN 2 when it comes from any vlan.

The issue seems to be though that in Cisco Webex Calling management, when looking at the analytics, some of the public ip addresses for calls is the WAN1 public ip and some are WAN2 public ip. All the handsets are set up the exact same way so not sure why there is a difference. Anyone have any ideas why? We do have Webex Windows client on the client machines and all traffic that doesn't match the above rules go through WAN1.

The issues we're having is WAN1 tends to be saturated with client and server traffic and WAN2 was gotten purely to be for any VoIP and Webex traffic.

SimonReach

I've sorted it, i've also removed those 2 rules as well.

It was the SD-WAN policies with VPN Traffic.

Essentially these were set to be "Fail over if poor performance", changed to "Fail over if uplink is down".

View solution in original post

GreenMan

Difficult to diagnose without looking at your Dashboard setup - Id say this is one for Meraki Support - and I'd definitely call in on the phone, rather than just raising via the Dashboard.

Do you have the built-in 'Best for VoIP' performance class configured anywhere relevant to this traffic?

VivekT

The easiest way would be doing packet capture on WAN1 and WAN2 interfaces of MX firewall .

If you seing webex traffic on wan1 in logs.

then you should check following things.

Do you have any Nat like this ?
NAT ExceptionsBETA
NAT is enabled by default when the network is in routed mode

Please verify load balncing rules for MX

Why do you have below rules ?

i've also added additional rules for any UDP traffic with a source port of 9000-9009 and 5060-5070 will go through WAN 2 when it comes from any vlan.

This rule is enough for diverting the traffic on WAN2.

i've setup internet traffic for that VLAN to go out through WAN 2, so source is 10.1.200.0/24 with any port and any destination

SimonReach

I've sorted it, i've also removed those 2 rules as well.

It was the SD-WAN policies with VPN Traffic.

Essentially these were set to be "Fail over if poor performance", changed to "Fail over if uplink is down".

GreenMan

The only thing to beware of, with that change; you may find some calls performing badly; that would be the usual reason for the alternate link being used for certain calls. If you have SD-WAN tunnels formed over both uplinks, you can monitor the underlying metrics that go into determining the performance: https://documentation.meraki.com/MX/Monitoring_and_Reporting/SD-WAN_Monitoring

Meraki

Community

Cisco Webex calling, some phones going out through the wrong WAN

Cisco Webex calling, some phones going out through the wrong WAN