Meraki

Community

Meraki Warmspare using Lan private ip

Vishal07
Getting noticed
‎Aug 8 2025 3:20 AM
‎Aug 8 2025 3:20 AM

Meraki Warmspare using Lan private ip

Hi All,

 

Can we configure meraki mx warmspare using private ip for wan and lan connection. Here mx reach internet via perimter Ftd firewall.

 

 

Vishal07_2-1754648419807.png

 

Labels:
0 Kudos
12 Replies 12
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 8 2025 3:29 AM
‎Aug 8 2025 3:29 AM

Yes, you can, it's not the best option, but it works.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Vishal07
Getting noticed
‎Aug 8 2025 4:56 AM
‎Aug 8 2025 4:56 AM

what if criss cross links between Mx1 and sw goes down? if mx do a failover ?

0 Kudos
In response to Vishal07
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 8 2025 5:43 AM
‎Aug 8 2025 5:43 AM

In this architecture, the primary and secondary MXs are not directly connected, and VRRP heartbeats are carried between the downstream switches. This is the recommended architecture for most deployments, as there is no single point of failure in this topology.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
cmr
Kind of a big deal
Kind of a big deal
‎Aug 8 2025 2:44 PM
‎Aug 8 2025 2:44 PM

You need to add a link from Meraki Active to FTD passive and another from Meraki spare to FTD active.  This will then work perfectly well.  At the moment if the Meraki active fails and the spare takes over, you will have no internet connection for SW1 and SW2.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 10 2025 2:10 PM
‎Aug 10 2025 2:10 PM

Personally, I would get rid of these links:

 

PhilipDAth_0-1754860172616.png

 

And add two links using LACP here (assuming these are not stacked switches).

 

PhilipDAth_1-1754860203798.png

 

0 Kudos
In response to PhilipDAth
Vishal07
Getting noticed
‎Aug 10 2025 10:23 PM
‎Aug 10 2025 10:23 PM

How can we do lacp between Mx and Ms ?. Yes there's a trunk link between Ms switches 

0 Kudos
Pavithran_Che
Here to help
‎Aug 11 2025 1:41 AM
‎Aug 11 2025 1:41 AM

Have a direct connection between Primary and Secondary MX for heartbeat monitor.

If there is a possibility to stack the switches, that would be better design. SW can also use all the links. 

Primary MX and Secondary MX can send and receive VRRP heartbeat over LAN as well. 

0 Kudos
In response to Pavithran_Che
Vishal07
Getting noticed
‎Aug 11 2025 1:47 AM
‎Aug 11 2025 1:47 AM

As per documentation it wont say need to do. If we use direct connection between Mx, can we use public ip i.e /30 pool to configure warmspare between Mx

0 Kudos
In response to Pavithran_Che
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Aug 11 2025 2:52 AM
‎Aug 11 2025 2:52 AM

A direct connection between MX'es for Heatbeat link is no longer recommended, and should in fact be avoided. A single trunk from MX to MS, and a LACP/Aggregated link with the same VLANs as the MX-MS link, as @PhilipDAth suggests is the way. 

A cross link with a link between both MS's are also a possibility, but you'll need to have control over your RSTP topology. 

 

For warmspare, you'll need at least a /29 on the WAN links. 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
Vishal07
Getting noticed
‎Aug 11 2025 3:08 AM
‎Aug 11 2025 3:08 AM

You mentioned aggregate/lacp between Mx-Ms. Does Mx supports aggregate/lacp ?

0 Kudos
In response to Vishal07
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Aug 11 2025 3:16 AM
‎Aug 11 2025 3:16 AM

The MX does not support aggregated links or LACP.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
Pavithran_Che
Here to help
‎Aug 11 2025 2:55 AM
‎Aug 11 2025 2:55 AM

Correct.. This is not recommended. You can ignore the above idea.

Primary MX and secondary MX need to be configured using warmspare VIP.

You may need to have /29 subnet - as we will 6 usable ip address. / 30 subnet wont work.

 

Below switch need to be separate not in stack to forward the VRRP packets.

 

If you have the Cisco FTD in active / passive scenario, you need to add two more connections.

Cisco FTD Primary to Secondary MX

Cisco FTD Secondary to Primary MX. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.