I have several clients using a WAN 2 internet connection throughout a Cradlepoint router and a USB LTE key on their MX60-64-65. Such approach allow them to have a sleeping internet connection that is not very expensive (the USB key can use a data sharing plan with other devices).
The question is: If the WAN 2 status is "Ready" in the dashboard, does that mean that the internet connection is active and working? Does the MX device test the internet connection on WAN 2 all the time to make sure it's working?
Thanks in advance.
@PhilipDAth is correct, and there are multiple health checks happening in parallel, including pings to Google public DNS, DNS lookups to meraki.com and google.com, ARPing the DFGW and running some HTTP GETs to meraki.com for example. On the Security Appliance > Traffic Shaping page you can select your primary uplink, typically WAN1. If there's a hard failure (link down) on WAN1 the MX knows to immediately leverage WAN2. And with a hard failure on WAN2 it can immediately leverage cellular if available. Soft failures will take a few minutes in general as there will be a cascade of health checks failing over few couple minutes. And if/when primary connectivity returns, it will take back over, after a built-in delay of 15 to 30 seconds to prevent flapping. Here's a little more info on uplink connection monitoring in this support doc: https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Fai...
I just spoke to a support engineer earlier this week who told me a different story. We have mostly MX65's in our environment that are running USB620L 4G USB modems on the beta MX firmware 13.23. As of yesterday, I counted 31 of our stores (out of ~130) that have the cellular connection in a 'Ready' state, however the USB modem is not actually connected to the outside world. The Cellular Uplink information displays an internal IP address (192.168.1.2 in every scenario) and failing over to 4G does not work. I pulled packet captures on these connections, and while it is making ARP requests to the gateway, it's evident that outbound connection has not been established. Has this cellular connection testing/verifying code been changed or updated in the beta release firmware?
Also. @Opportun. If you'd like to verify your own environment has true, established connections, I would recommend performing some actual failover tests like we've been doing, or simply spot checking a few and running packet captures. I also wrote a PowerShell script to utilize the API to pull uplink information and report back to me on these 192.168.1.2 connections so we can keep track.
Hi @AlexG. What you are describing is a different situation. The original post asked about something plugged into WAN2. When a circuit is plugged in either WAN1 or WAN2 the MX will actively check it to make sure it is working.
This is not the case when you use a USB stick. The MX does nothing to verify a USB stick is working if either/both of the WAN ports are up - as you have correctly noted.
Typically with clients I tend to use 3G/4G routers that I can connect to a WAN port because of exactly the problem you describe. You can't be confident the USB failover will work in advance unless you actually failover to it.
Fair enough. I misinterpreted his original question when I saw the mention of USB 4G devices. However, the official documentation (Cellular modem states) does state the following:
Cellular modem states
The cellular modem states can be seen on the Security Appliance > Monitor > Appliance status page.
The USB Cellular failover works well for us when it does work. The equipment has been purchased for the remainder of our project, so we do not have the option to move to a dedicated router that connects through the secondary WAN port.
Just want to confirmed that the "Ready" state means that an IP/DHCP address is assigned to the WAN2 but by no means the WAN2 internet connection is tested by the MX router.
I asked my clients to visually check every day if the 4G/LTE USB key light is on (blue or green). This is the only way to make sure that the internet connection is working.
Would be great if the WAN2 port would be automaticaly tested regularly by the MX device to make sure it's working fine.