Warm Spare with VIP

Banfield75
Getting noticed

Warm Spare with VIP

Hi

I´m about to setup a Warm Spare MX and have some questions.
Today I´m using a single public IP-address for WAN communication and firewall NAT-rules.
I only have one ISP today, but I have multiply public IP-addresses on the same network.
The ISP can configure one more switch port for WAN communication to the Warm Spare.

My question is how to proceed with the installation steps.

I want to use the same public IP-address that is used today as VIP address in HA mode.

I guess that the first step would be to change primary WAN 1 on today’s MX to a new free IP address?
Because the same address on WAN and VIP can’t be used in the HA solution?

 

Then set another free IP-address on the WAN1 for the Warm Spare MX.

Followed by configure Warm spare settings VIP in the GUI with the old public IP address.

 

And then connect the Warm spare through LAN to the same switch as the primary MX.

So, it gets the configuration and heartbeat before I connect the public WAN.

Anyone who could confirm I can do these changes without need of reconfigure the primary NAT?

6 REPLIES 6
jdsilva
Kind of a big deal


@Banfield75 wrote:

 

And then connect the Warm spare to the same switch as the primary MX. So, it gets the configuration and heartbeat before I connect the public WAN.

 


You're right on the money, except for that. The config comes from the cloud, not the other MX. Connect the WAN first to let it update and get config, then connect the LAN. It's OK for it to be split brain if the LAN isn't connect since it can't confuse clients. Once it has it's firmware and config you can connect the LAN and VRRP will sort things out accordingly. 

But if you connect Warm Spare first to WAN, both MX will be Master?

jdsilva
Kind of a big deal

But if there's nothing connected to the LAN who cares?

I have a switch stack connected to the Primary MX today

jdsilva
Kind of a big deal

We're not talking about the primary.

jdsilva
Kind of a big deal

See, you connect the WAN of the new secondary, but not the LAN.

 

image.png

 

And then after it's all configured and upgraded by the cloud you can connect the LAN port. When the new secondary detects the VRRP heartbeats from the Primary it will settle into being the Standby unit.

 

image.png

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels