Meraki

Community

meraki MX High availablity

Solved
HarmeshYadav
Here to help
‎Jun 30 2020 9:08 PM
‎Jun 30 2020 9:08 PM

meraki MX High availablity

Dear Team,

 

We have two MX Meraki  FW and Two Cisco Switches in network , 2 ISP

 

we need load sharing with High availability

 

SO i need to know what connectivity we should make to achive high availabity and what configuration need to made

 

I go through meraki document but it is confusing so i need help from your side .

 

Actually main thing to connect WAN

 

So how wan should be connect and LAN Should be conncet and both Meraki

0 Kudos
1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal
‎Jul 1 2020 7:14 AM
‎Jul 1 2020 7:14 AM

If both ISPs give you a single cable then you need a basic dumb layer 2 switch for each (Dlink or similar) as each connection needs to be plugged into both MX firewalls.

 

Plug ISP1 to WAN1 on primary MX

Plug ISP2 to WAN2 on primary MX

 

Both ISPs need to give you four IP addresses in the same subnet, one for their device, one for each MX and one virtual IP to move between them, they will form an active/passive pair.

 

Configure the LAN IP for the MX (there is only one for both)

Configure WAN1 with an IP address from ISP1s subnet and set the gateway to the IP used on their device

Configure WAN2 with an IP address from ISP1s subnet and set the gateway to the IP used on their device

 

Both WAN ports should now show as up on the dashboard with public IPs as you have set

 

Click on Configure warm spare and select Use virtual uplink IPs

 

Enter the virtual IP for each ISP in the boxes called WAN X shared IP

 

Both WAN ports should now show as up on the dashboard with virtual public IPs as you have just set

 

You will now have Primary and Spare click on spare to access the warm spare MX and configure the two ISP public IP addresses and gateways using the remaining addresses from the ISP subnets.

 

Plug one of the LAN ports on the primary MX to one of your switches

Plug one of the LAN ports on the spare MX to the second switch with the switch port on the same VLAN and able to see the port on the first switch (trunk interconnect / stack etc.) 

 

Plug in the ISP1 cable from the layer 2 switch to WAN1

Plug in the ISP2 cable from the layer 2 switch to WAN2

 

Make sure you have spanning tree configured on the switches, then connect a second LAN cable from each MX to the other switch (i.e. MX1 to switch2 and MX2 to switch1) where again both ports are in the same VLAN as the first two.

 

Config is now complete.

 

 

 

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

7 Replies 7
cmr
Kind of a big deal
Kind of a big deal
‎Jul 1 2020 7:14 AM
‎Jul 1 2020 7:14 AM

If both ISPs give you a single cable then you need a basic dumb layer 2 switch for each (Dlink or similar) as each connection needs to be plugged into both MX firewalls.

 

Plug ISP1 to WAN1 on primary MX

Plug ISP2 to WAN2 on primary MX

 

Both ISPs need to give you four IP addresses in the same subnet, one for their device, one for each MX and one virtual IP to move between them, they will form an active/passive pair.

 

Configure the LAN IP for the MX (there is only one for both)

Configure WAN1 with an IP address from ISP1s subnet and set the gateway to the IP used on their device

Configure WAN2 with an IP address from ISP1s subnet and set the gateway to the IP used on their device

 

Both WAN ports should now show as up on the dashboard with public IPs as you have set

 

Click on Configure warm spare and select Use virtual uplink IPs

 

Enter the virtual IP for each ISP in the boxes called WAN X shared IP

 

Both WAN ports should now show as up on the dashboard with virtual public IPs as you have just set

 

You will now have Primary and Spare click on spare to access the warm spare MX and configure the two ISP public IP addresses and gateways using the remaining addresses from the ISP subnets.

 

Plug one of the LAN ports on the primary MX to one of your switches

Plug one of the LAN ports on the spare MX to the second switch with the switch port on the same VLAN and able to see the port on the first switch (trunk interconnect / stack etc.) 

 

Plug in the ISP1 cable from the layer 2 switch to WAN1

Plug in the ISP2 cable from the layer 2 switch to WAN2

 

Make sure you have spanning tree configured on the switches, then connect a second LAN cable from each MX to the other switch (i.e. MX1 to switch2 and MX2 to switch1) where again both ports are in the same VLAN as the first two.

 

Config is now complete.

 

 

 

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
HarmeshYadav
Here to help
‎Jul 4 2020 4:32 AM
‎Jul 4 2020 4:32 AM

Dear 

 

I really appriciate with your reply with deep understanding 

 

More few question which in my mind is 

 

1. How many IP require (Same Subnet ) For Wan1, Wan2 and LAN  ---> 

 

Correct me if i am wrong --> As per i understand in your reply that we should configure one IP for Device and One IP for Virtual so it will require only two --> and what for second device ?

 

2. Our requirement is we need active active for Meraki MX

 

Your given configuration is related to high availability right ?

 

so how can we do active active for MX ? is there any limitation ?

 

 

Thanks for your reply 

 

Regards,

Harmesh Yadav

 

0 Kudos
In response to HarmeshYadav
cmr
Kind of a big deal
Kind of a big deal
‎Jul 4 2020 5:11 AM
‎Jul 4 2020 5:11 AM

@HarmeshYadav glad to be of help, answers below to your further questions:

 

1) You are correct, one for primary MX, one for vIP and you do need a third for the second MX.  The ISP also needs to use one on the equipment that the line terminates in so effectively the minimum subnet you need is a /29.

 

2) MX can only be active/active in when deployed purely as a VPN concentrator.  Why do you need active/active, with the virtual IP it appears to one firewall to the outside and it always appears as one to the inside.

 

Cheers, 

 

Charles 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
HarmeshYadav
Here to help
‎Jul 4 2020 10:17 AM
‎Jul 4 2020 10:17 AM

actually my client want active active 

 

if i will go for active active should i follow same method which you provided right ?

 

or other ?

 

And same IP will be use for Active active 

 

Regards,

Harmesh Yadav

0 Kudos
In response to HarmeshYadav
cmr
Kind of a big deal
Kind of a big deal
‎Jul 4 2020 11:26 AM
‎Jul 4 2020 11:26 AM

If you want to use in routing mode then MXs cannot be active/active.  Why would they want active/active, is the combined internet throughput over 6Gb/s?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
Ramesh_Kaku
New here
‎Apr 25 2021 11:58 PM
‎Apr 25 2021 11:58 PM

@cmr Hi, applauds to your support.

 

I would like to know one thing here in this...

what is the relation between "active/active configuration, and the combined internet throughput over 6Gb/s?"

 

Thanks in advance !

0 Kudos
In response to Ramesh_Kaku
cmr
Kind of a big deal
Kind of a big deal
‎Apr 26 2021 12:23 AM
‎Apr 26 2021 12:23 AM

Hi @Ramesh_Kaku,

 

The MX with the highest throughput, as of today, is the MX450 and it can manage 6Gb/s either singly or as an active/passive pair.  That is what I was referring to above and shown below.  If you have an active/active pair then the performance should be greater, but I personally do not have experience of this with Meraki.  Note that if you use the advanced security features the performance decreases:

Screenshot_20210426-082118_Adobe Acrobat.jpg

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.