MX84's in HA Didn't Come Back Online

IT_Magician
Getting noticed

MX84's in HA Didn't Come Back Online

Hey Meraki Community,

 

I want to pick everyone's brain on an issue we had running Firmware 14.53 on 2 MX 84's in HA.

 

WAN 1 into TP Link edge switch

Edge switch into Ubiquiti firewall (separate network)

Edge switch into MX 01 (100% Meraki network)

Edge switch into MX 02 (100% Meraki network)

MX appliances are in HA in shared IP mode

 

Issue: We have a power outage for about 30 minutes. When power came online edge switch and Ubiquiti network came back online. The MX devices did not. They were not passing any traffic and not checking into dashboard. We had to send someone down to power cycle devices which brought them back up.

 

We have since upgraded to firmware 15.42 however Meraki support couldn't provide any reason why this happened.

 

IT_Magician_0-1613575851359.png

 

 

 

4 REPLIES 4
PhilipDAth
Kind of a big deal

It won't be possible to determine the cause with the information given.

 

You would also have needed to look at what was providing the "WAN1" connection in the diagram to see what was in its arp cache, whether it was seeing traffic, etc.

Also information from the local status page on one of the MXs would be needed to see the reason it was reporting that it could not come online.

Agreed, unfortunately we were in 911 mode. I had no technical person onsite and was able to get someone to reboot the firewalls.

Owen
Getting noticed

When MX devices reboot they bridge ports together temporarily until the configuration is applied to segragate ports from each other and to apply WAN settings. Slightly different behaviour between different models depending on port assignments. This can cause spanning tree and other issues upstream of the meraki environment. Meraki Engineering say this is "working as intended" but I find it amazing that a security appliance can bridge all ports with no configuration and that is fine from their point of view.

 

Check for spanning tree port blocks / inconsistancies or other logs on the TPLink stuff.

Interesting, do you think if we don't use a shared HA mode and instead just do basic failover the MX's have less chance to have a bug or not come online?

 

The TP Link switch is unmanaged and no spanning tree. The upstream device from that is your typical ISP WAN modem. If we didn't have the second Ubiquiti network I would have had no idea if this was MX or ISP issue. But because the Ubiquiti router came right up the information points to the MX's.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels