Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PPPoE with a primary/standby pair of MX64's

Pugmiester
Building a reputation
‎Feb 28 2019 8:24 AM
‎Feb 28 2019 8:24 AM

PPPoE with a primary/standby pair of MX64's

Hi all,

 

One of our sites we're deploying Meraki firewalls to threw in a curve ball after the hardware arrived on site. They use PPPoE for internet access.

 

Our local guy has updated both of the MX's using the local status page to include the PPPoE settings and we've just tried a test switchover. The primary MX shows as online but the spare shows as unreachable. I'm presuming it's due to the PPPoE settings only permitting a single MX to dial out at once but if there's anyone with experience of this type of connection that could confirm one way or another I'd be grateful.

0 Kudos
Subscribe
5 Replies 5
jdsilva
Kind of a big deal
‎Feb 28 2019 2:58 PM
‎Feb 28 2019 2:58 PM

Oh, this is gross. In Warm Spare the each MX always needs its own WAN IP address. So if your carrier is only allowing 1 public IP then you're going to have a problem. Either that, or as you say, PPPoE is only allowing a single session from your modem (or user).

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 28 2019 6:40 PM
‎Feb 28 2019 6:40 PM

PPPoE is strictly point to point.  While you can run it through a switch it only allows one client (aka MX) to connect.

 

You will need a second extra circuit to make this work.  It could be another PPPoE circuit.  It could be a USB 4G stick plugged into the warm spare.  It could be a 4G hotspot plugged in via Ethernet to WAN2 on both MX's.

 

Note that a 4G connection running as a backup uses about 100MB per month in monitoring traffic.

Subscribe
In response to PhilipDAth
jdsilva
Kind of a big deal
‎Feb 28 2019 8:16 PM
‎Feb 28 2019 8:16 PM

@PhilipDAth wrote:

PPPoE is strictly point to point.  While you can run it through a switch it only allows one client (aka MX) to connect.

 

Well, not exactly. PPPoEthernet is a logical ptp link over a multiaccess medium. There's no technical reason why you can't have both MXes each with their own PPP session to a PPPoE server. Though, I totally acknowledge I've never seen a provider ever that would actually do this.

 

**Edit**  So you could conceivably do a stateless failover, but you could never run a VIP. 

http://blog.brokennetwork.ca | @jdsilva
Subscribe
In response to jdsilva
Pugmiester
Building a reputation
‎Mar 1 2019 12:25 AM
‎Mar 1 2019 12:25 AM

When we quickly swapped in the boxes last night in place of the existing router, the master picked up the previous internet facing IP so as long as the working device does that I think we will be OK. It's clumsy but if it'll work for us then it will ave to do for now. As I mentioned in my reply to @PhilipDArh above, we should be able to get a secondary connection running for LAN4 so at least the spare MX has a permanent dashboard connection to pickup configuration changes.
0 Kudos
Subscribe
In response to PhilipDAth
Pugmiester
Building a reputation
‎Mar 1 2019 12:21 AM
‎Mar 1 2019 12:21 AM

Hi Philip, that's what I was thinking.

There's a bit of a string and chewing gum option I have to get the LAN4 ports live on each box so at least the spare will be able to get a dashboard connection to keep the config live but I had a feeling the dual boxes might be an issue.

I'll get the backup link live then see if we can do a quick swap out test and fail the primary just to see what happens. If it's clever enough to switch the traffic and goes back as the primary come back online then that might have to do.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.