Meraki

Community

Warm Spare - lose connection when lan interface goes down

Solved
Andi1
Comes here often
‎Jul 26 2021 5:58 AM
‎Jul 26 2021 5:58 AM

Warm Spare - lose connection when lan interface goes down

Hi Cummunity,

i have a MX VPN network with warm spare at all locations.

Now if the lan interface of the master mx goes down, the location loses its connection to the central site.

Would not have to take over the spare MX in this case? (swap)

Andi1_0-1627308299625.png

 

thx

Andi

0 Kudos
1 Accepted Solution
In response to Andi1
Bruce
Kind of a big deal
‎Jul 27 2021 12:28 AM
‎Jul 27 2021 12:28 AM

The recommended topologies are shown in this document, https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair. However these don't cover the scenario with only a single LAN switch. I would suggest that you have two links from the switch to each of the MX, that way the failure of a single link won't cause a dual active scenario. You will need to ensure your LAN switch supports Spanning-Tree Protocol (STP) so that you don't end up with a Layer 2 loop.

View solution in original post

0 Kudos
7 Replies 7
Bruce
Kind of a big deal
‎Jul 26 2021 6:26 AM
‎Jul 26 2021 6:26 AM

Hi @Andi1, is there more to your network on the LAN side, like a switch or something? If you just have a link between the MXs then it’s not a recommended solution.

 

If you only have a single link to the primary MX I’m going to suggest that when this is failing you are getting a dual active scenario as both devices believe they should be active - i.e. neither is receiving a VRRP keep-alive from the other. Ultimately this is likely what is causing the issue, not sure exactly how, but guessing it’s likely to do with the VPN tunnels that are brought up and the routes that end up in the hub routing table.

In response to Bruce
Andi1
Comes here often
‎Jul 26 2021 7:18 AM
‎Jul 26 2021 7:18 AM

Hi @Bruce , many thanks for your response and sorry for my bad picture.

Of course i have a switch behind my two MXs.

 

So if we have vrrp between the two mMXs and the LAN connection fails, the second would have to take over the virtual IP?

 

thx

Andi

 

0 Kudos
In response to Andi1
ww
Kind of a big deal
Kind of a big deal
‎Jul 26 2021 7:30 AM
‎Jul 26 2021 7:30 AM

They will be both active. 

 

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#Dual_Ac...

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 26 2021 1:49 PM
‎Jul 26 2021 1:49 PM

Turn off VIP on the WAN interface and it will work.

In response to PhilipDAth
Andi1
Comes here often
‎Jul 26 2021 10:19 PM
‎Jul 26 2021 10:19 PM

Hi @PhilipDAth!

I don't use a VIP on the WAN. I'm using the MX uplink IPs.

0 Kudos
Andi1
Comes here often
‎Jul 26 2021 10:21 PM
‎Jul 26 2021 10:21 PM

Hi all,

 

can anyone tell me what the recommended topology is in this case? (cabeling)

 

0 Kudos
In response to Andi1
Bruce
Kind of a big deal
‎Jul 27 2021 12:28 AM
‎Jul 27 2021 12:28 AM

The recommended topologies are shown in this document, https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair. However these don't cover the scenario with only a single LAN switch. I would suggest that you have two links from the switch to each of the MX, that way the failure of a single link won't cause a dual active scenario. You will need to ensure your LAN switch supports Spanning-Tree Protocol (STP) so that you don't end up with a Layer 2 loop.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.