Team, we have a migration tomorrow for MX250 HA setup and testing HA failover. WAN failover works and when primary fails (power down), secondary takes over seamlessly. However, when we unplug downlink of active unit to downstream switch, both MX becomes active/active. Both MX are not directly connected and LAN failover I assume to work via VRRP towards downstream switch using its virtual IP. Please advice what i am doing wrong here. I followed few guides as below but i need someone to correct me if i am doing something wrong here.

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

https://community.meraki.com/t5/Security-SD-WAN/MX-Warm-Spare-Issue/td-p/12979

https://www.willette.works/mx-warm-spare/

https://community.meraki.com/t5/Security-SD-WAN/How-to-cable-MX-amp-MS-for-HA/td-p/22765