MX 80 to MX 100 Migration

SOLVED
ToryDav
Building a reputation

MX 80 to MX 100 Migration

Hi everyone,

I need to migrate MX 80 to MX 100 single device, no H/A. We want to stand the MX 100 up in parallel with the MX 80, configure the MX 100 and then cut the cables. 

Problem is, I don't think this is going to work. If the MX 80 and MX 100 are stood up in the same  network, I can't configure them independatly can I?

Otherwise what would be the best way to migrate seamlessly. We do have a cutover window, but I'd like to avoid taking the MX 80 down and out of the network and adding the MX 100 manually because I know I'll have to reconfigure it on the spot.

The other route I am considering is using the API.

Thoughts?

1 ACCEPTED SOLUTION
ToryDav
Building a reputation

All,

The MX swap went flawlessly. We stood up the MX100 in parallel, put a static IP on it within the local status page and cut over the uplink. 

I did have to reboot the MX 100 as it didn't reach the dashboard right away. Once it came online all the configuration applied from before, with the exception of the site-to-site VPN. 

We simply turned on the site-to-site VPN and didn't need to reconfigure it in any way. 

 

Our 1:1 NAT didn't work, but rebooting the upstream router cleared its tables and restored connectivity to the webserver behind the NAT.

To troubleshoot this I took a PCAP and watched the TCP SYN from my public IP address hit three times and then saw the fast retransmission occur, but we never received any SYN/ACK. 

Looking at the source and destination MAC addresses, I could see the packet source from the CISCO router upstream, destined for the old MX port 1 MAC address.

Rebooted the cache upstream.

Thanks,
Tory H. Davenport

 

View solution in original post

9 REPLIES 9
CptnCrnch
Kind of a big deal
Kind of a big deal

It sounds like you're overthinking this one. In reality, it's really easy:

https://documentation.meraki.com/MX/Other_Topics/MX_Cold_Swap_Replacing_an_Existing_MX_with_a_Differ...)

ww
Kind of a big deal
Kind of a big deal

Hard to tell without knowing you config and design. Depends on vpn , subnet etc.

 

I would just remove it and add the new one.. you have a service window.

 

Other option is copy the dashboard/network and add the New one there. But dont run  same gateway ip and dhcp etc in your network at the same time

 

Inderdeep
Kind of a big deal
Kind of a big deal

@ToryDav : It is very straight forward process but there are lot of hurdles you need to take care based on your specific configurations. The process defined as simple as @CptnCrnch said but i am agree with @ww as you should aware what and how to do the things. I would suggest to have a call with Meraki support and do yourself in the presence of Meraki Support engineer to make your migration smooth. 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
BrandonS
Kind of a big deal

I don't think any else said it explicitly, but the documentation should explain that you don't need to reconfigure everything.  When you remove and then add in the MX100 it will boot up, update firmware and pull configuration from the cloud.

 

Go over the documentation though because there are a couple caveats about how ports match up between different models and also if you need a static address or PPOE on your WAN interface that needs to be set manually and may require a reboot of any upstream gear like a modem or another router the ISP provides.

 

Remember to be patient too.  It can take 20 minutes or longer to come online the first time while updating firmware and rebooting sometimes more than once.

 

Good luck.

- Ex community all-star (⌐⊙_⊙)
ToryDav
Building a reputation

Thanks! 

I will use the cold swap method and prior to cutting make sure I go through the caveats for proper preparation. 

I'm comfortable configuring Meraki features. I am really posting this for the logic of the cut.

So in this instance I should be able to use the following task list:

1. Backup current MX configuration just in case, including local status page and dashboard.
2. Remove the MX 80 from the network.
3. Add the MX 100 to the new network. 
    Allow the MX to boot and upgrade firmware. 
    Add any local parameters from the local status page.
4. Validate that all the configuration carried over and re-configure the features that may or may       not have.


Inderdeep
Kind of a big deal
Kind of a big deal

@ToryDav : Good Luck and please share your experience once done !

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
BrandonS
Kind of a big deal

That's about right.  I would just swap your 3b and 3c steps since you will need the IP information configured before it can connect to the cloud and continue.

- Ex community all-star (⌐⊙_⊙)
Bruce
Kind of a big deal

@ToryDav, exactly as BrandonS says you need to configure up the Local Status page before it will connect to the internet, unless you have DHCP running on the WAN. You can configure this before you do anything, connect the MX100 to the power (without connecting it to the WAN/internet), and then access the Local Status page via the first LAN port (the MX should provide a DHCP address on the LAN port).

ToryDav
Building a reputation

All,

The MX swap went flawlessly. We stood up the MX100 in parallel, put a static IP on it within the local status page and cut over the uplink. 

I did have to reboot the MX 100 as it didn't reach the dashboard right away. Once it came online all the configuration applied from before, with the exception of the site-to-site VPN. 

We simply turned on the site-to-site VPN and didn't need to reconfigure it in any way. 

 

Our 1:1 NAT didn't work, but rebooting the upstream router cleared its tables and restored connectivity to the webserver behind the NAT.

To troubleshoot this I took a PCAP and watched the TCP SYN from my public IP address hit three times and then saw the fast retransmission occur, but we never received any SYN/ACK. 

Looking at the source and destination MAC addresses, I could see the packet source from the CISCO router upstream, destined for the old MX port 1 MAC address.

Rebooted the cache upstream.

Thanks,
Tory H. Davenport

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels