Dear,
I going setup MX84 with warm spare, WAN 1 configure DHCP, assigned single external IP address from ISP. (my internet plan only one public IP provided by ISP.)
So I try setup warm spare but dashboard need connected both primary and spare MX84 at same time, How can use one public ip address on wan interface and build warm spare. Many Thanks.
Solved! Go to solution.
Fun fact, I´ll try this today, as I never tried warm spare before...
https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair
"Dashboard Configuration
To configure warm spare failover for an existing Dashboard network, navigate to the Security & SD-WAN > Monitor > Appliance status, and select Configure warm spare near the upper-left side of the page, below the device name. In the window that appears, select Enabled. Enter the serial number of the Secondary MX and select the desired Uplink IP configuration, then select Update to enable Warm Spare.
Use MX uplink IPs: When using this option, the current Active MX will use its distinct uplink IP or IPs when sending traffic out to the Internet. This option does not require additional public IPs for Internet-facing MXes, but also results in more disruptive failover because the source IP of outbound flows will change."
"Additionally, the following other considerations should be kept in mind:
I am not sure if it works only with 1 public IP but shouldn´t know why, because a MX could be broken as well, without having a issue with the ISP.
Thank you for your reply, attached my final design. But now I can't setup warm space with dhcp (assigned 1x public IP address) wan interface.
Maybe it really won´t work...
https://www.reddit.com/r/meraki/comments/8sxqgq/warm_spare_1_static_ip_mx84/
"Network Setup
Each concentrator has its own IP address to exchange management traffic with the Meraki Cloud Controller. However, the concentrators also share a virtual IP address that is used for non-management communication."
But I´ll test today as well so we´ll see, if no other will reply first 😉
I think I´ll try it with "Use MX´s Uplink IP"
Hi @Wong
I believe this may not be possible.
One idea could be.
You may install a "Router" between the ISP and MX84s and share the ISP with both MXes.
Well, don´t know if I am doing something wrong, but seems to be working without any problems.
Test with 1 ISP (1 public IP) - Working
Test with 1 IP and disconnected on primary router, still working
Connected a second ISP, working the same as with 1...
Well... looks like it is working with only 1 ISP Router (1 public IP). VPN IP is reachable all the time. Only 1 ping is not going through the tunnel (when failing over) but keeps going working. NICE
Setup1
############
Setup2
Both were working
Hey Guys. You cannot set up Warm Spare with only a single IP. You need at a minimum two, or three if you are using a VIP. The reason for this is each MX needs its own IP to maintain a connection to the Meraki cloud, They cannot share one IP and have their own control session to the cloud.
@jdsilva Well, as shown in my previous post, it is working, with 1ISP and its single public IP
can reach both devices behind it and it’s doing the failover as it should. All working fine.
set it up as VIP
all shown above, or did I do something wrong?
setup 1 was working as well.
Noted and thank you for your support.
Yes, ISP router directly connect to MX wan interface.
Dear MarcP,
You done awesome setup. i have 1 ISP and 2 mx84 main and spare. can you share overall setup how is config? now my main FW working fine but i unable to setup one the spare FW.
Thank you!
I had the same issue. You will have to have at least 3 usable IP addresses.
1 for each Meraki, and 1 for VIP. I ended up changing my /30 to /29 subnet.
Why would I need 3 when it’s all behind a Router which is in Nat mode?
All devices get their own internal IPs mx1, mx2 and VIP
@MarcP wrote:Why would I need 3 when it’s all behind a Router which is in Nat mode?
All devices get their own internal IPs mx1, mx2 and VIP
he has no nat router. is your first solution is using nat router or not?
Ah ok I see... But didn't recognize he connects directly to the ISP
I assumed he uses an ISP router as well.
@MarcP If I'm following right you've created an IP conflict on that network between two MX appliances. You can expect unstable, unpredicatable behavior. The ARP table on the gateway router will be constantly thrashing between the two MACs.
Try connecting a client behind that and tell me how well they can browse the Internet.
@jdsilva wrote:@MarcP If I'm following right you've created an IP conflict on that network between two MX appliances. You can expect unstable, unpredicatable behavior. The ARP table on the gateway router will be constantly thrashing between the two MACs.
Try connecting a client behind that and tell me how well they can browse the Internet.
Tried that just now, and it was running very well...
Connected to the switch behind the WarmSpare and disconnected the primary MX / both MX´s and other options it was still always working, even after disconnecting both uplinks (beeing offline) and reconnect only the spare first and then primary.
Maybe something got changed on Meraki site.
My RDP session was always working fine, only for 1-2 seconds after disconnecting a cable it was struggeling.
@MarcP wrote:Why would I need 3 when it’s all behind a Router which is in Nat mode?
All devices get their own internal IPs mx1, mx2 and VIP
Sorry, maybe I'm not reading right. Yes, you can NAT a warm spare pair through a single IP, but the MX's themselves still need their own IP configured on their WAN interfaces.
Or put another way, you can't configure a single IP for wamr spare, but you can NAT a warm spare to a single IP.