Traffic Shaping

SOLVED
SY2
Comes here often

Traffic Shaping

How to enforce specific subnet requests to be executed on a specific WAN port that does not have Internet service on it?

 

N.B. A WAN port that does not have Internet Service is considered an inactive port and the MX does not forward any requests to it even if the Traffic shaping rule is requesting so.

1 ACCEPTED SOLUTION
alemabrahao
Kind of a big deal
Kind of a big deal

Why would you want to do this type of setup? What's the point? What happens is that even if you force it to use an interface that does not have an active connection to the Internet, the MX will forward it to the WAN that is working.
 
 
Maybe what you want to do to solve it another way.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

7 REPLIES 7
alemabrahao
Kind of a big deal
Kind of a big deal

Why would you want to do this type of setup? What's the point? What happens is that even if you force it to use an interface that does not have an active connection to the Internet, the MX will forward it to the WAN that is working.
 
 
Maybe what you want to do to solve it another way.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
SY2
Comes here often

I have WAN1 connected to another Cisco router which is responsible for routing the requests received between an Internet source and MPLS VPN.

The problem arises when the Internet source on the Cisco router (connected to the Meraki WAN 1) is down while the MPLS VPN is working fine. The Meraki switches all traffic (including VPN) to the backup WAN 2 and consequently losing the VPN connectivity. 
Can this be solved one way or another?

GreenMan
Meraki Employee
Meraki Employee

@alemabrahao  is correct - a WAN link with no working Internet will not be considered for any traffic.

cmr
Kind of a big deal
Kind of a big deal

I'm guessing that @SY2 wants to have a private WAN/LAN connection on the second internet port.  @SY2 unfortunately the MX doesn't work this way, it needs a path to the internet. 

GreenMan
Meraki Employee
Meraki Employee

Yes - that seems very likely @cmr .    Bear in mind, @SY2 that the link doesn't need to go directly to the Internet.   Provided there's Internet breakout accessible further downstream, the MX can work fine if, for example, it's an MPLS network, with Internet via a private DC.   If there's no such Internet though, the MX won't bring that WAN link up.   You could consider connecting the private network to a LAN port (with a dedicated VLAN) though and use static routing?   https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs#Static_routes While you can firewall between this and other VLANs - and use (for e.g.) IPS, your options around shaping / SD-WAN are rather reduced,I think.   What are you looking to achieve here?

I assume at leas one of your WAN links will have Internet access?   With no Internet over either WAN, the MX definitely isn't the right tool for the job.

 

a5it
Getting noticed

Indeed, the Meraki MX appliances typically do not forward traffic to a WAN port considered inactive (a port without active Internet service). This is part of Meraki's built-in failover mechanism to ensure that traffic is not being sent to a link that cannot provide connectivity.

 

However, there is an exception: if a specific traffic shaping rule is set up that enforces certain traffic to use a specific WAN port, the MX should honor this rule even if the port is considered inactive. This is known as a "Preferred uplink" rule. You can set this up by going to Security & SD-WAN > Configure > SD-WAN & traffic shaping, and then setting up a new flow preference.

 

However, if you find that this isn't working as expected, it may be due to a few potential issues:

  1. Configuration Error: Ensure that the traffic shaping rule is correctly configured to match the desired traffic and enforce it to the correct WAN port.

  2. Compatibility Issue: Ensure that your MX appliance is running a firmware version that supports this feature.

  3. Hardware Issue: It could potentially be a hardware issue with the WAN port itself.

 

SY2
Comes here often

I have WAN1 connected to another Cisco router which is responsible for routing the requests received between an Internet source and MPLS VPN.

The problem arises when the Internet source on the Cisco router (connected to the Meraki WAN 1) is down while the MPLS VPN is working fine. The Meraki switches all traffic (including VPN) to the backup WAN 2 and consequently losing the VPN connectivity.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels