Warm spare 1 IP on 2nd WAN

jay_b
Getting noticed

Warm spare 1 IP on 2nd WAN

Hi Everyone,

 

We have warm spare config with 2 ISPs. From ISP1 we have 2 ports. Each is going to MX1 and MX2.

From ISP2 we only have 1 port. So it can only go to Master MX. Is it possible to have config like this ?

 

8 REPLIES 8
ww
Kind of a big deal
Kind of a big deal

Yes that works.

Meraki recommends to not use vip for wan1 in that case

jay_b
Getting noticed

Sorry for late response here. I should've mentioned earlier we're using VIP. I'll see if we can avoid VIP. Thank you @ww  @PhilipDAth and @KarstenI 

PhilipDAth
Kind of a big deal
Kind of a big deal

Assuming that you are not using VIP, you can even take it further and have ISP1 only plugged into MX1 and ISP2 only plugged into MX2.

 

I've had to do this before for routed mode AutoVPN concentrators because I could only get circuits with a single IP address.  I've also done a config where ISP1 and ISP2 were plugged into MX1 and ISP3 was plugged into MX2.

KarstenI
Kind of a big deal
Kind of a big deal

You can also put a little switch between ISP2 and WAN2 of both MX. But that only makes sense if you can use two IPs from ISP2.

jay_b
Getting noticed

What is impact of not using VIP? Just VPN and more disruptive failover?

 

Also just a thought what if I put switch ISP2 and use 2 connections for 2 MXs. Will I be able to configure same WAN2 IP for 2 MXs ? I apologize in advance for dumb question lol

 

cmr
Kind of a big deal
Kind of a big deal

@jay_b the lack of VIP will affect how your users are seen to other sites on the internet, so if a 3rd party gives you access to a service via your public IP you'll have to give them both IPs, which some don't accept...

 

If you put the same IP on WAN2 of both MXs the dashboard will allow it, but you will get 50% packet loss.  I know as I accidentally did it when testing something yesterday... 🤦‍♂️

jay_b
Getting noticed

@cmr Thanks for response. That sounds like daisy chaining on ISP lol.

 

What about site to site VPN with another MX on other site ? Does it work with VIP ?

cmr
Kind of a big deal
Kind of a big deal

Site to site works with both VIP and MX interface IPs

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels