MX84 to MX250 with virtual ISP addresses (Primary / Spare) how long do you have for the swap

Getting noticed

MX84 to MX250 with virtual ISP addresses (Primary / Spare) how long do you have for the swap

When doing a hardware upgrade you are sitting on the inside of your network


When you remove the 2 MX 84. does the network still work  for you so that you can add the MX250?



I am pre configuring my MX250



a.a.a.66. (MX250 local config)

a.a.a.68  (MX250 future spare local config).




remove both MX84

add 1 MX250 ( I know to use similar ports then migrate to the SPF+ later)


Create the spare with a virtual config

add the second MX250


Remember to turn on VPN HUB.


This is just a rough start for migration  but I am concerned how long I have before I have to. run and find a guest wifi ssid to add my MX250 since I deleted my MX84s.

Getting noticed

You should plan for it all to break as soon as you remove the MX84's from the network. Use a hotspot off your mobile phone to maintain connectivity to Dashboard while adding / removing.


The second option would be to clone the existing network and put the MX250's in the clone. When you clone it will leave AutoVPN off. Once the MX250 are up and local internet is working you can disable / delete the old MX84 network and bring up VPN if needed.

Getting noticed

With the clone option.


My front door is a /29


.65 ISP A

.66 MX84 Primary


.68 MX84 SPARE

.69 FREE

.70 FREE

.71 Broadcast


I still need to locally IP both MX250? 


Does the cloning support virtual  thus the need to have both MX checkin? 


I would need to alternate IP addresses than my existing  ISP1 ISP2 and my virtual.


How do they inherit the previous MX84 IP addresses and do not cause a DUPLICATE IP on my front door

Getting noticed

Yes you still need to setup the WAN links on both MX250 locally before they will connect out to dashboard to grab their complate configuration.


The cloned network operates exactly like any other network, so same warm spare options etc. The reason for cloning is to keep the original network unmodified so you also have a rollback plan.


To keep the public IP addressing unique you would need to power off the MX84 if you don't have spare IP addressing in the public IP allocation from the ISP. WAN configuration IP addressing isn't validated and checked by Dashboard like LAN side settings are so no problem with duplicates.

Getting noticed

I  plan to not use cloning.


I have access to the internet /portal outside of my corporate network via the /29.




configure active and standby ( IP addresses) for both ISPs in advance

Delete MX84

add a single MX250

turn on VPN HUB

then configure virtual for both ISP links'


I believe that is the simple explanation of what is needed to upgrad

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.