WAN failover + MX warm spare + MS Core stack

rabusiak
Getting noticed

WAN failover + MX warm spare + MS Core stack

Hi Guys,
I need some advice on upgrading office core network 🙂 Should I modify anything to have fully redundant solution?

How it looks:
2 CPE modems, each is connected to one of my 2 WAN switches (some Aruba Instant-on devices, not stacked, just regular link between them).
From each WAN switch I have 2 links, each to different MX100 (warm spare with VIP)

From each MX I have 2 uplinks, each to different MS390 (phisically stacked)

Qestions:
Is it normal that stacked MS390 switches have same local mgmt ip? In other switches it's normal but when I last time stacked 2xMS225 each had different mgmt ip. Only difference is that MS225s are connected to core stack (with lag) and MS390s are connected directly to MX warm spare FW.

What is not working:
When I put down Master MX - failover works fine. The issue is when I try to put down one of the CPE modems. They suppose to exchange vrrp through my WAN switches but ISP engineer claims that it's not the case. Both CPE are claiming to be masters and do not see each other. All ports included are in same vlan (untagged) so I don't know waht might be the issue.

7 REPLIES 7
alemabrahao
Kind of a big deal
Kind of a big deal

Each stack member will show the same management IP address on the dashboard as there is only one control plane running on the primary or master switch. When using static IP addressing on the MS390 for switch management interfaces rather than DHCP, it is recommended to set the same management IP on all stack members once the stack is formed and online. This ensures that the management IP address remains consistent in the event of a failure of the stack master switch. If a member switch is removed from the stack, or the stack is broken, the IP configuration should be modified to unique IP addresses per switch. This addressing change should be made prior to unstacking or removing a member switch.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

It's probably a topology design issue., take a look on recommended topologies:

 

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#Recomme...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Yup, I implement the one from there - the "Fully Redundant (Switch Stack)" but the difference is that my company's agreement with ISP says I use WAN1 or WAN2 (no load ballancing) and decision which one is currently in use is supposed to be made between CPE modems talking to each other through WAN switches above Meraki MX'es.

But keep in mind that the exchange of heartbeats will be done via the LAN interface, so it is not recommended that the LAN ports of the MX be directly connected, the recommended thing is that they are access ports, and as you connect both on each switch it is necessary to have p STP enabled.

 

alemabrahao_0-1670507872363.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

My MXes are not connected directly with each other. VRRP are exchanged on core stack. If I put down MX or MS from core stack failover is working. Problem is only if I put down WAN switch or CPE modem, check drawing:
wan-failover.png

PhilipDAth
Kind of a big deal
Kind of a big deal

>They suppose to exchange vrrp through my WAN switches but ISP engineer claims that it's not the case

 

There must be a configuration error on your Aruba switches then.  You say they are just plugged into each other, and the ISP VRRP routers are plugged into those but can not see each others VRRP traffic.

 

You could try simplying it, and plugging both ISP routers into a single switch initially and see if that simpler case works.

Unfortunately this office is in different country so I cannot freely modify much 😉
There is no real IT/network guy on-site which could help me and I can do changes only after working hours...
I was hoping to gather some ideas what is wrong with the config and then schedule a session with ISP engineer on-site to try them out 🙂

I will put swapping to just one WAN switch as last resort option as this creates new single point of failure.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels