Meraki

Community

Meraki MX High Availability Feature

Dinky
Comes here often
‎Dec 5 2023 7:38 PM
‎Dec 5 2023 7:38 PM

Meraki MX High Availability Feature

Hi Everyone,

 

I am currently investigating an issue in our organization.

It seems that that the secondary MX has taken over as the master MX.

 

One thing I noticed is that the primary MX lost connectivity to one of the uplinks.

In this case, what VRRP priority does it send to the secondary MX? I assume it is lower than 235.

 

The KB article on Meraki website only mentions failure of 2 uplinks.

It doesn't explicitly mentions failure of 1 of 2 uplinks.

 

Thank you.

 

Link to KB article: https://documentation.meraki.com/MX/Networks_and_Routing/Routed_HA_Failover_Behavior

0 Kudos
3 Replies 3
Ryan_Miles
Meraki Employee
Meraki Employee
‎Dec 5 2023 7:59 PM
‎Dec 5 2023 7:59 PM

A single uplink failure on an active MX with two working uplinks would/should not cause a failover to the spare MX. Only if all uplinks on the primary MX fail should the spare MX take over based on VRRP mechanics. 

 

The failover process is active MX primary uplink > secondary/remaining uplink > spare MX primary uplink > spare MX secondary/remaining uplink.

 

This assumes WAN links are actually working and VRRP is passing correctly on MX LAN port(s). What is your topology? Are the MXs connected to downstream switches only? Is there also a direct connection between MXs? Are all VLANs allowed on the MX LAN ports or do you have drop untagged traffic enabled on the MX?

0 Kudos
In response to Ryan_Miles
Dinky
Comes here often
‎Dec 6 2023 4:52 PM
‎Dec 6 2023 4:52 PM

Hi Ryan,

 

Thank you for the detailed response.

We have 2 MX that are connected via downstream MS switch.

These 2 MX are also connected to 2 different ISPs:

Primary MX WAN1 - ISP1

Primary MX WAN2 - ISP2

 

Secondary MX WAN1 - ISP1

Secondary MX WAN2 - ISP2


Right now ISP2 is down on Primary MX, and for some reasons the Secondary MX took over as Master FW.

0 Kudos
In response to Dinky
Ryan_Miles
Meraki Employee
Meraki Employee
‎Dec 6 2023 4:54 PM
‎Dec 6 2023 4:54 PM

My recommendation is to open a Support case. They can access your network and troubleshoot it.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.