Meraki C9300 as WAN Failover

Naresh_Pattu
Here to help

Meraki C9300 as WAN Failover

Hi,

 

Client has 2 ISP links and we have terminated each ISP in dedicated WAN switch.

 

* MX250 pairs are in HA, From WAN 1 - we have connected MX 1 & 2 and From WAN 2 - we have connected MX 1 & 2. So we are achieving WAN failover with this.

 

* However, we could not connect 2nd uplink between MX and WAN, if we do that the network goes on loop

 

Suggest a work around or correct architecture

Naresh_Pattu_0-1729949253684.png

 

5 Replies 5
MartinLL
Building a reputation

A lot of stuff to go through here. Need more information. 

 

First, remove the direct connections between your MX250 if that is what the lines between them is. That is not a supported configuration.

 

Second, why do you need the WAN switches?

 

Third, what are you trying to achieve with LAN and Internet interfaces connected to the WAN switches?

 

The MX does not partisipate in STP, but it does forwards BPDUs.

 

This article also might help you out 🙂

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Layer_2_Functionality 

 

MLL
Naresh_Pattu
Here to help

Hi Martin,

 

The line between the MXs is just to show the HA, there is no physical connection between them.

 

WAN switches are there to connect two ISPs across the MX pair.

 

So, if any of the ISP goes down, MX still have internet connection from other.

 

 

MartinLL
Building a reputation

Ok, but then i dont understand why you need the LAN ports on your MX pair connected to the WAN switches. 

 

Normally you would just connect your internet interfaces towards WAN.

Say WAN switch 1 connects ISP1. Then internet 1 on both MX units should connect to WAN switch 1. Create two ports on WAN switch in the same layer two domain. On the WAN switch create a /29 network. 1 IP for the WAN switch SVI, 1 for each MX internet 1 interface and 1 Virtual IP shared between MX on internet 1.

 

Repeat same steps for Internet 2 interfaces and WAN 2 Switch.

 

There should not be any layer 2 connectivity directly between the WAN switches.

 

This way if isp 1 goes down the MX pair will fail over to ISP 2.

MLL
KarstenI
Kind of a big deal
Kind of a big deal

Perhaps this helps you: https://cyber-fi.net/index.php/2024/02/19/connecting-your-meraki-mx-to-the-internet/

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
cmr
Kind of a big deal
Kind of a big deal

Replace C9300s used as WAN switches with unmanaged switches.  Just have 3 ports connected in each; 1-ISP, 2-MX1, 3-MX2.  Safer from hackers and won't cause you any issues.  If you must use managed switches, then use some with a dedicated Out Of Band management port.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.