Meraki

Community

MX100 HSRP and different speeds on ISP Routers, best practice configuration?

Solved
SteveInNP
Here to help
‎Jan 16 2020 1:20 PM
‎Jan 16 2020 1:20 PM

MX100 HSRP and different speeds on ISP Routers, best practice configuration?

I have inherited an MX100 and MS350 switch infrastructure which is connect to two Cisco 1941 Routers from our ISP Lightpath.  One of these router's speed is 500 MB and the other is 200 MB. I want to insure that our MX100 device is making full use of the available bandwidth.

 

There appears to be a technology in use here which I am unfamiliar with. Usually I would expect one router to be connected to port 1 (Internet) on the MX100 and the second router to be connected to port 2 on the MX100. This is not the case. See image below.

 

1941 router #1 is connected to Port 8 on MX100 and 1940 router #2 is connected to Port 9 on MX100.

Port 6 on MX100 has a short cable connecting to Port 1 on MX100 and Port 7  has a short cable connecting to Port 2 on MX100. It appears that a VLAN has been configured between the 4 ports labeled "VLAN 4049 (HSRP Switch)", DHCP is turned off for this VLAN.

 

The deliverable is that I want to insure that we are making full use of the bandwidth. Both WAN1 and WAN2 are configured for 1 GB. There is a primary WAN indicated in the Up-link Selection.  I am assuming that I would want to have that set to the faster of the two routers. And if this is correct, I am not certain which router is associated with which address? 

 

Any help in understanding what is going on would be greatly appreciated.

 

 
 

Meraki1.JPG

 

 

Meraki2.JPG

 

 

 

 

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 16 2020 3:00 PM
‎Jan 16 2020 3:00 PM

Do you have any inbound NATing to internal servers or client VPN users, or non-Meraki site to site VPNs?  If so then the setup is designed to give you circuit failover and for everything to continue working the same.  You could make the setup slightly nicer by getting an additional MS120-8P switch, putting it into a separate network, and using that for all external communications.

 

If not, you could simplify this to connecting it as you have mentioned, and using two "ordinary" Internet circuits and letting the MX handle the failover.

View solution in original post

4 Replies 4
ww
Kind of a big deal
Kind of a big deal
‎Jan 16 2020 1:56 PM
‎Jan 16 2020 1:56 PM

So  your  isp  runs  the hsrp  protocol  over your  mx. 

 

What (local) IP is set on wan1 uplink and wan2 uplink?

 

And do Wan1 and wan2 show different public  IP?

 

Is Load balancing enabled  or disabled at "traffic shaping"

In response to ww
SteveInNP
Here to help
‎Jan 16 2020 2:05 PM
‎Jan 16 2020 2:05 PM

Yes WAN1 and WAN2 show different IPs which are on different sub-nets. The ISP gave me the WAN addresses for each of the 1941s but these addresses are not the same as what is listed on my Meraki dashboard under WAN1 and WAN2. This ISP provided two different blocks of IP addresses and reported that these are associated with my routers. The WAN1 is a valid address in the block 1 addresses and the WAN2 address is a valid address in block 2 of addresses. 

0 Kudos
In response to ww
SteveInNP
Here to help
‎Jan 16 2020 2:07 PM
‎Jan 16 2020 2:07 PM

Yes load balance is enabled.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 16 2020 3:00 PM
‎Jan 16 2020 3:00 PM

Do you have any inbound NATing to internal servers or client VPN users, or non-Meraki site to site VPNs?  If so then the setup is designed to give you circuit failover and for everything to continue working the same.  You could make the setup slightly nicer by getting an additional MS120-8P switch, putting it into a separate network, and using that for all external communications.

 

If not, you could simplify this to connecting it as you have mentioned, and using two "ordinary" Internet circuits and letting the MX handle the failover.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.