MX68CW WAN failover to LAN 1

SOLVED
amirmin
Here to help

MX68CW WAN failover to LAN 1

Hi,

 

I have a setup of MX68CW with 3 WAN uplinks. Below is to summarize the design,

 

MX68CW Ports

  • WAN1 - MPLS
  • WAN2 – MG21
  • LAN1 – Metro E
  • LAN2 – Local LAN

 

Desired Outcome - Wants to unplug WAN1 to failover to LAN1/Metro E

 

By design, if I have both WAN1 and WAN2 occupied, WAN1 fails over to WAN2. I want the order of failure to be WAN1 > LAN1 > WAN2 ? I have tried and tested but to no avail.

 

Has anybody ever tried this before? I read the deployment guide that in MX67 we can toggle the LAN port, thus I assume it can somehow can be done in MX68CW.

1 ACCEPTED SOLUTION
Bruce
Kind of a big deal

You’d have to make LAN1 your first preference (and move the MPLS to here if you want that to be your preferred path), then WAN1, and finally WAN2.


As the link @ww provided shows, a static route supersedes both AutoVPN and the default WAN (NAT) route. So if you create a default route (0.0.0.0/0) with a gateway (next-hop) of the IP address accessible via LAN1 (i.e. the MPLS network), and set it to active only when the next-hop responds (you could also use a setting in the destination subnet). So all the time that route is active traffic will go via the MPLS (on LAN1), if it fails traffic will revert to using the WAN ports. This only works if there is not a more specific route via the AutoVPN (if there is you’ll need to create statics for those more specific routes via LAN1 too - unfortunately it takes away some of the simplicity of the Meraki solution).

 

You can also try using the source-based default routes to achieve a similar outcome of setting a default route via the MPLS if it’s attached to LAN1.

View solution in original post

7 REPLIES 7
ww
Kind of a big deal
Kind of a big deal

No. You can only failover from lan port (static routes)  to wan.

 

The toggle from lan to wan port is only for devices that come with 1 internet port

amirmin
Here to help

Hi @ww 

 

Yes, that is what I have in mind, perhaps if Meraki can do it in the background for MX67 and wondering if they are planning to carry the factory settings to the MX68CW.

Bruce
Kind of a big deal

The Meraki devices only support two WAN/internet links, plus failover to either a USB cellular modem (or an inbuilt cellular modem in the case of MX67C and MX68CW).

 

You’ve a couple of options:

 

1. Use the inbuilt cellular modem instead of the MG21 - then your failover will work WAN1 -> WAN2 -> Cellular.

 

2. Depending on what your network design is then you maybe able to achieve something using tracked routes on the MX, but your preferred path will need to be on a LAN port. You can then go LAN1 -> WAN1 -> WAN2. You won’t be able to do SD-WAN to the LAN port. Remember the WAN1 port will need a path to the internet too. As I said, depends on your design as to whether this is practical or not.

Hi @Bruce 

 

For options no.2, did you mean by making a custom static/default route to LAN 1 (which have a path to the internet/MetroE). Then if so, we still need to choose the primary uplink for the WAN 1 or WAN 2, lets say its WAN 1. So how is the selection will be, does a default route supersede the Preferred WAN 1 uplink ?

 

Thanks.

Bruce
Kind of a big deal

You’d have to make LAN1 your first preference (and move the MPLS to here if you want that to be your preferred path), then WAN1, and finally WAN2.


As the link @ww provided shows, a static route supersedes both AutoVPN and the default WAN (NAT) route. So if you create a default route (0.0.0.0/0) with a gateway (next-hop) of the IP address accessible via LAN1 (i.e. the MPLS network), and set it to active only when the next-hop responds (you could also use a setting in the destination subnet). So all the time that route is active traffic will go via the MPLS (on LAN1), if it fails traffic will revert to using the WAN ports. This only works if there is not a more specific route via the AutoVPN (if there is you’ll need to create statics for those more specific routes via LAN1 too - unfortunately it takes away some of the simplicity of the Meraki solution).

 

You can also try using the source-based default routes to achieve a similar outcome of setting a default route via the MPLS if it’s attached to LAN1.

Hi @Bruce 

 

Thank you clearing that up. Now I understand after going through the documentation @ww about the route priority. Gonna give it a try ! Thanks !

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels