I have several clients using a WAN 2 internet connection throughout a Cradlepoint router and a USB LTE key on their MX60-64-65. Such approach allow them to have a sleeping internet connection that is not very expensive (the USB key can use a data sharing plan with other devices).
The question is: If the WAN 2 status is "Ready" in the dashboard, does that mean that the internet connection is active and working? Does the MX device test the internet connection on WAN 2 all the time to make sure it's working?
Thanks in advance.
Correct. The MX does test it regularly, and if it says "Ready" then it is working and available for use.
@PhilipDAth is correct, and there are multiple health checks happening in parallel, including pings to Google public DNS, DNS lookups to meraki.com and google.com, ARPing the DFGW and running some HTTP GETs to meraki.com for example. On the Security Appliance > Traffic Shaping page you can select your primary uplink, typically WAN1. If there's a hard failure (link down) on WAN1 the MX knows to immediately leverage WAN2. And with a hard failure on WAN2 it can immediately leverage cellular if available. Soft failures will take a few minutes in general as there will be a cascade of health checks failing over few couple minutes. And if/when primary connectivity returns, it will take back over, after a built-in delay of 15 to 30 seconds to prevent flapping. Here's a little more info on uplink connection monitoring in this support doc: https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Fai...
I just spoke to a support engineer earlier this week who told me a different story. We have mostly MX65's in our environment that are running USB620L 4G USB modems on the beta MX firmware 13.23. As of yesterday, I counted 31 of our stores (out of ~130) that have the cellular connection in a 'Ready' state, however the USB modem is not actually connected to the outside world. The Cellular Uplink information displays an internal IP address (192.168.1.2 in every scenario) and failing over to 4G does not work. I pulled packet captures on these connections, and while it is making ARP requests to the gateway, it's evident that outbound connection has not been established. Has this cellular connection testing/verifying code been changed or updated in the beta release firmware?
Also. @Opportun. If you'd like to verify your own environment has true, established connections, I would recommend performing some actual failover tests like we've been doing, or simply spot checking a few and running packet captures. I also wrote a PowerShell script to utilize the API to pull uplink information and report back to me on these 192.168.1.2 connections so we can keep track.
Hi @AlexG. What you are describing is a different situation. The original post asked about something plugged into WAN2. When a circuit is plugged in either WAN1 or WAN2 the MX will actively check it to make sure it is working.
This is not the case when you use a USB stick. The MX does nothing to verify a USB stick is working if either/both of the WAN ports are up - as you have correctly noted.
Typically with clients I tend to use 3G/4G routers that I can connect to a WAN port because of exactly the problem you describe. You can't be confident the USB failover will work in advance unless you actually failover to it.
Fair enough. I misinterpreted his original question when I saw the mention of USB 4G devices. However, the official documentation (Cellular modem states) does state the following:
Cellular modem states
The cellular modem states can be seen on the Security Appliance > Monitor > Appliance status page.
The USB Cellular failover works well for us when it does work. The equipment has been purchased for the remainder of our project, so we do not have the option to move to a dedicated router that connects through the secondary WAN port.
Just want to confirmed that the "Ready" state means that an IP/DHCP address is assigned to the WAN2 but by no means the WAN2 internet connection is tested by the MX router.
I asked my clients to visually check every day if the 4G/LTE USB key light is on (blue or green). This is the only way to make sure that the internet connection is working.
Would be great if the WAN2 port would be automaticaly tested regularly by the MX device to make sure it's working fine.
Phillip,
I realize this is an older thread. But I'm looking around online trying to find a resolution for a bizarre issue I'm having with a Meraki MX60W. There is only 1 WAN/Internet Port on the back of the device. However on the dashboard - I'm seeing WAN 2 interface showing as "ready" with a strange IP 208.xxx.xxx.xxx that I'm not familiar with (MX device is on 192.168.227 subnet.) I have only the WAN port plugged in to my routable switch interface leading out to my firewall w/ internet access and I've verified no ports are being blocked that the Meraki needs to get cloud access etc.
There's nothing else plugged in, so I'm not sure why the WAN 2 interface is getting any activity or picking up an IP address?
Also in the dashboard at the top under my MX it just says "Bad internet connection" in red. But I'm able to see the stats, see the device on the dashboard etc. The MX has received a DHCP IP address I've verified that and I can get to the setup.meraki page when directly plugged into one of the LAN ports on the MX.
Any help would be appreciated, thanks.
Not sure on the 60 but on the 64 one of the LAN ports can be configured as WAN. If you go to the local status page at MX.meraki.com from the LAN this should be clear. On newer firmwares it is visible and changeable from the web GUI
CMR,
So you're saying I should configure one of the LAN ports to be configured as WAN? Why? Why won't the Internet/WAN port suffice? I'm confused with your response...
I'm saying one may already be configured as such, that is the only way I would expect to see a WAN2 reference, I'm guessing this is not the case then?
Yeah - that is not the case here. LAN interfaces are all set to be LAN. I've verified that. Even when I set the WAN IP as static. I'll refresh my meraki dashboard and still see it flipping back to another .209 IP address that I've never configured on it. It has been factory reset as well, but I'm thinking that the factory reset didn't actually complete, or is it a possibility that the settings are inherited from the dashboard? The MX was previously in another lab and shipped here to our lab. Does the device need to be removed by using the "Remove appliance from network" and re-added? Or am I reading too far into that?
Is the address further down that path to the internet, perhaps an ISP gateway? We use MXs internally for SD-WAN and they all report a device several hops downstream that is the final breakout onto the internet.
CMR,
No - it's not an ISP gateway or any IP address that we can recognize. I think the MX device is corrupted or something, when I do a factory reset it doesn't require me to reconfigure the IP address information at http://setup.meraki.com
From the dashboard point of view I get "disabled gateway - bad connection" errors on the timeline view where I can see where it lost connectivity during the factory "reset." Any ideas of anything else to try?
Thanks.
For anyone wondering - ended up RMA'ing the MX60W for a new MX64W. Once it plugged up to my switch and connected to the cloud everything in the dashboard was green and no more "Bad internet connection" issues. Seems to have been failed hardware or something along those lines.
My Primary WAN1 just failed over to Skyus DS. It works.