Meraki

Community

MX HA and WAN Failover

Sleiman
Here to help
‎Apr 10 2020 4:32 PM
‎Apr 10 2020 4:32 PM

MX HA and WAN Failover

Hello, i’m deploying 2 MX45’s in a active standby (warm spare) setup and would like some guidance. 

the MX’s will connect to an MS where the ISPs also connect via L2 VLANs

We have 2 internet providers so I’ll be using WAN1-2. 

the LAN interface will also connect to the MS on the transit vlan.

1-how many IPs are needed for the LAN and WAN interfaces to setup HA?

 

2-Can I configure 2 static default routes and failover between the circuits if one ISP failed? What should I configure here to achieve redundancy?

 

Thanks

 

 

0 Kudos
8 Replies 8
AjitKumar
Head in the Cloud
‎Apr 10 2020 5:33 PM
‎Apr 10 2020 5:33 PM

Hi @Sleiman 

 

I understand we need more information about your Idea. May be a diagram will help.

However,

Question 1. We shall be needing 3 IPs from the same subnet for HA (2 for Physical Devices 1 Virtual IP Acting as the SPOC)

 

Question 2. Fail-over is Automatic. We need not do any configuration to achieve this.

 

If you prefer, you may read the following blog to understand a little more on connectivity to achieve HA on Meraki MX

https://www.ciscomerakiindia.com/post/mx-warm-spare-ha-pair

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 10 2020 9:19 PM
‎Apr 10 2020 9:19 PM

Generally you need a minimum of a /29.

 

The MX monitors the WAN circuits for failure.  You should not need to configure any routing.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo... 

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Apr 10 2020 11:01 PM
‎Apr 10 2020 11:01 PM

You should also use 2 MS switches to redundantly connect your 2 ISP's.  These can be the same switches you use to connect the LAN side of your MX'es to your network.

But be sure to follow the documentation here:

Define 3 ports on switch 1 with an external VLAN for the WAN1 circuit towards both MX'es
Define 3 ports on switch 2 with another external VLAN for WAN2 circuit towards both MX'es.

So now you only have fate sharing between one ISP and one switch.
Don't mix your external VLANs between the switches or you'll have fate sharing between ISP and MX and switch.

0 Kudos
In response to GIdenJoe
Sleiman
Here to help
‎Apr 11 2020 7:54 AM
‎Apr 11 2020 7:54 AM

3DA089D4-2B13-4AC2-8690-61C542AF8554.jpeg

It’s actually a stack of 3 switches and that’s how I pretty much got them connected. What about the LAN interfaces? Is one shared IP is enough? Heres a diagram.

0 Kudos
In response to Sleiman
cmr
Kind of a big deal
Kind of a big deal
‎Apr 11 2020 10:07 AM
‎Apr 11 2020 10:07 AM

On the LAN side, the MXs do indeed share one IP address and it is held by the VRRP master.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
Sleiman
Here to help
‎Apr 11 2020 12:14 PM
‎Apr 11 2020 12:14 PM

Thanks guys. I'm clear now. I want to ask you one more questions about wireless guest authentication via QR code. Is that something doable? If so can you provide me with a configuration guide and or limitations and licensing needs? Thanks 

0 Kudos
In response to Sleiman
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 11 2020 1:19 PM
‎Apr 11 2020 1:19 PM

You can't do QR code authentication for guest access using what is built-in.  You need to use a third-party service like Splash Access.

https://www.splashaccess.com/portfolio-item/cisco-meraki-nfc-and-qr-code-authentication/ 

0 Kudos
In response to PhilipDAth
Sleiman
Here to help
‎Apr 13 2020 2:11 PM
‎Apr 13 2020 2:11 PM

Thanks for all your answers. We will be turning this up tomorrow. Internet circuits are not in yet so we will be installing a  temp MG21 to get us going. 

 

How can I get get this setup? 

 

Connect the MR21 1st port to the MS to get it powered via POE

Connect the MR21 2nd port to the MX wan1 port 

 

once the DIAs are in move the MX WAN ports to the MS corresponding vlans? 

 

Will this work to get the devices registered with Dashboard? 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.