Meraki

Community

WAN Breakout for NAT HA

nickydd9
Getting noticed
‎Oct 23 2020 7:13 AM
‎Oct 23 2020 7:13 AM

WAN Breakout for NAT HA

Hi all,

 

Just had a quick question around breaking out my WAN connectivity from an ISP that only provides a single handoff, when I actually need multiple handoffs for NAT HA Warm Spare. I already understand I need a minimum /29 subnet to use a Virtual IP and all that, I am just concerned with the WAN Breakout portion. As I understand I have 2 options:

 

1) Breakout using spare ports on a LAN switch downstream of the MXes on their own isolated "ISP VLAN" and feed it back up to the MX

 

2) Breakout using a an external switch upstream of the MX

 

I am actually preferable to Option #2 to isolate my ISP traffic from the LAN side of my network. I have actually done this before with a simple unmanaged L2 gigabit switch and it has worked fine. If it was to ever fail I just ship a new one out and call it a day. What I am wondering is if I was to use a Meraki 8-Port switch as the external breakout switch, would the config have to be a bit different because I now ALSO need to have that 8-port switch communication to Meraki Cloud to show as online, or will the switch still operate without cloud connectivity?

 

How I envision it to communication to cloud is I could have ports 1-3 configured as VLAN 999 (ISP), with Port 1 connected to the ISP Modem, and Ports 2 + 3 connected to MX-A WAN 1 and MX-B WAN 1 respectively. Then I can have Port 7-8 on the switch configured as VLAN 1 (Management) as trunk ports and have them connected to a trunk on MX-A and MX-B, or alternatively connected to trunks on one of each of my downstream switches.

 

Is there any issues with the approach of feeding the external Meraki breakout switches management traffic back down through the LAN to go out to the internet? Calling out @cmr here because you seem to be an advocate for using the external breakout switch method as I have seen you mention in other community posts, but not sure if you are always going with an unmanaged switch, or a managed Meraki one?

0 Kudos
2 Replies 2
cmr
Kind of a big deal
Kind of a big deal
‎Oct 23 2020 12:47 PM
‎Oct 23 2020 12:47 PM

@nickydd9 I think your plan for an MS on the public side of the MXs would work, but I always use unmanaged L2 gigabit switches, usually the little 5 port ones so having a spare is very cheap.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Bruce
Kind of a big deal
‎Oct 23 2020 3:01 PM
‎Oct 23 2020 3:01 PM

If you do go with the Meraki switch on the outside of the MX, then it might be best to put it in its own Dashboard network so that the Dashboard reporting for the actual network is better.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.