- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do you set up MG21E as a fail over internet?
So I went through the documentation and I don't understand how to connect the LTE gateway in a way that it acts as an internet failover.
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @trunolimit , simply connect the MG into the secondary WAN port of your MX via Ethernet cable
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @trunolimit , simply connect the MG into the secondary WAN port of your MX via Ethernet cable
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK. can I have 2 Fail overs? or does the MX100 only support 2 WANs not 3?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @trunolimit , you’ll find that the whole Mx Series only have two WAN ports.
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any clever way you think I can configure the MG12E as a third fail over?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fraid not
https://documentation.meraki.com/MG/MG21%2F%2F21E_Datasheet
Use Cases
Note that the following use-cases refer to using a Meraki MX appliance with the MG21 as a WAN uplink. However, the use-cases can also apply to non-Meraki devices.
- Antenna placement where cellular coverage is best
- Signal strength is key for cellular performance. The MG21 makes cellular a viable option in situations where the best location for the MX is not necessarily the best location for a strong cellular signal. The separation of cellular antenna and MX expands cellular options for all networks, particularly for mid-range MXs mounted in a data center.
- Primary WAN
- In areas where wired internet services are not available, the MG21 provides a simple, viable option for wireless WAN connectivity.
- Secondary WAN for Failover
- An MX's secondary WAN interface connected to an MG21 may use the cellular network in the event of a primary uplink failure.
- Secondary WAN for SD-WAN
- An MX with an MG21 as a secondary WAN uplink may use the cellular network to establish VPNs for SD-WAN.
- High Availability Uplink
- The MG21 can be used as either a primary or secondary internet uplink for MX HA topologies. Its two LAN ports allow the MXs to share access to the same cellular network.
Your other option is to use the 3G/4G failover port in the MX.
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maybe there is 'a clever way' - if you can afford another MX. Your two primary links go to WAN1 and WAN2 on the Active MX, and then you connect the MG21 to the WAN port on the standby MX, with them set up in a failover pair. If the two links on the primary MX go down then when the MX detects this it will reduce its priority on VRRP and the standby MX will take over and use the MG21 link. (The WAN ports on the two MX devices don't need to be in the same subnet, and don't need a vIP - its optional, but in this case you don't want it).
As I said, it needs another MX though (although not another MX license) so it can be an expensive solution if your primary MX is a MX450, but maybe not so bad if you're using something smaller.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You gorgeous person you. We do have a standby MX100.
But do you need an additional license on the MX100 to make this work?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nope, if you’re using the two MX appliances as a warm standby/HA pair then you only need a single license.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
By all means test but I don't believe that setup will work. With your primary mx setup with WAN1 and WAN2 configured that configuration is sat on the secondary waiting to jump into action. Once the primary fails the WAN port with your MG21 shouldn't work as it'll have the configuration from primary WAN connection pre-defined.
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So then how does VRRP work normally?
If the whole point is to have a standby router that can jump in almost instantly to route traffic If the main router goes down, wouldn’t the limitation of needing to have identical WAN settings Keep this from working?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VRRP is there to ascertain the keep alive between both boxes. i.e Primary MX are you there > no reply received > OK secondary your turn. If both WAN1 and WAN2 already have ccts terminated in them on the Primary MX then this setup should be replicated across onto the secondary. What Bruce was eluding to was placing the connection from your MG21E into a port on the secondary MX and letting that be your WAN connection should the primary MX fail. It just won't work like that.
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh I see what you're saying. In order for VRRP to To kick in and make the secondary router primary, the primary router has to have a hardware failure where it can't answer the keep alive. Not just a WAN going down
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://www.linkedin.com/in/darrenoconnor/
I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@trunolimit Please go ahead and try it as it should work as I said. If WAN1 and WAN2 fail on the primary appliance then VRRP will handover control to the standby, see here https://documentation.meraki.com/MX/Networks_and_Routing/Routed_HA_Failover_Behavior. With a primary and standby MX you have up to four WAN/internet links, those links can be completely independent of each other, although only two are ever active depending on which MX is active. VRRP does not run on the WAN interfaces, and it is optional to have a vIP when the MX is in routed mode (having a vIP means it’s a more stateful failover as your public IP stays the same, without a vIP all tunnels and flows need to be rebuilt - although that shouldn’t be more than 10 seconds or so normally). So in the scenario I suggested you don’t have to vIP on the WAN interfaces (so they’re independent of each other), and if both of the WAN links on the primary MX are detected as a failure, https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo... then VRRP will hand over control to the standby and your MG21 plugged into WAN1 on that device will become your internet connection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good explanation @Bruce !
Has anyone (Meraki SE or partner/customer) tried this yet? It would be good to see it as a documented & supported use case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The biggest downside with the solution is that you can’t configure WAN2 on the secondary MX in a different manner to the primary, but usually that’s a small price to pay, and may not be an issue.
For instance WAN2 on the primary may be a 100/40Mbps internet circuit, and on the secondary it may be a Cat6 LTE - which may give a similar performance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What Bruce said is true, you have 4 WAN links in a HA pair (only access to 2 at any given time). There is no reason this shouldn't work.