So I went through the documentation and I don't understand how to connect the LTE gateway in a way that it acts as an internet failover.
Solved! Go to solution.
Hi @trunolimit , simply connect the MG into the secondary WAN port of your MX via Ethernet cable
Hi @trunolimit , simply connect the MG into the secondary WAN port of your MX via Ethernet cable
OK. can I have 2 Fail overs? or does the MX100 only support 2 WANs not 3?
Hi @trunolimit , you’ll find that the whole Mx Series only have two WAN ports.
Any clever way you think I can configure the MG12E as a third fail over?
Fraid not
https://documentation.meraki.com/MG/MG21%2F%2F21E_Datasheet
Note that the following use-cases refer to using a Meraki MX appliance with the MG21 as a WAN uplink. However, the use-cases can also apply to non-Meraki devices.
Maybe there is 'a clever way' - if you can afford another MX. Your two primary links go to WAN1 and WAN2 on the Active MX, and then you connect the MG21 to the WAN port on the standby MX, with them set up in a failover pair. If the two links on the primary MX go down then when the MX detects this it will reduce its priority on VRRP and the standby MX will take over and use the MG21 link. (The WAN ports on the two MX devices don't need to be in the same subnet, and don't need a vIP - its optional, but in this case you don't want it).
As I said, it needs another MX though (although not another MX license) so it can be an expensive solution if your primary MX is a MX450, but maybe not so bad if you're using something smaller.
You gorgeous person you. We do have a standby MX100.
But do you need an additional license on the MX100 to make this work?
Nope, if you’re using the two MX appliances as a warm standby/HA pair then you only need a single license.
By all means test but I don't believe that setup will work. With your primary mx setup with WAN1 and WAN2 configured that configuration is sat on the secondary waiting to jump into action. Once the primary fails the WAN port with your MG21 shouldn't work as it'll have the configuration from primary WAN connection pre-defined.
So then how does VRRP work normally?
If the whole point is to have a standby router that can jump in almost instantly to route traffic If the main router goes down, wouldn’t the limitation of needing to have identical WAN settings Keep this from working?
VRRP is there to ascertain the keep alive between both boxes. i.e Primary MX are you there > no reply received > OK secondary your turn. If both WAN1 and WAN2 already have ccts terminated in them on the Primary MX then this setup should be replicated across onto the secondary. What Bruce was eluding to was placing the connection from your MG21E into a port on the secondary MX and letting that be your WAN connection should the primary MX fail. It just won't work like that.
Oh I see what you're saying. In order for VRRP to To kick in and make the secondary router primary, the primary router has to have a hardware failure where it can't answer the keep alive. Not just a WAN going down
@trunolimit Please go ahead and try it as it should work as I said. If WAN1 and WAN2 fail on the primary appliance then VRRP will handover control to the standby, see here https://documentation.meraki.com/MX/Networks_and_Routing/Routed_HA_Failover_Behavior. With a primary and standby MX you have up to four WAN/internet links, those links can be completely independent of each other, although only two are ever active depending on which MX is active. VRRP does not run on the WAN interfaces, and it is optional to have a vIP when the MX is in routed mode (having a vIP means it’s a more stateful failover as your public IP stays the same, without a vIP all tunnels and flows need to be rebuilt - although that shouldn’t be more than 10 seconds or so normally). So in the scenario I suggested you don’t have to vIP on the WAN interfaces (so they’re independent of each other), and if both of the WAN links on the primary MX are detected as a failure, https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo... then VRRP will hand over control to the standby and your MG21 plugged into WAN1 on that device will become your internet connection.
Good explanation @Bruce !
Has anyone (Meraki SE or partner/customer) tried this yet? It would be good to see it as a documented & supported use case.
The biggest downside with the solution is that you can’t configure WAN2 on the secondary MX in a different manner to the primary, but usually that’s a small price to pay, and may not be an issue.
For instance WAN2 on the primary may be a 100/40Mbps internet circuit, and on the secondary it may be a Cat6 LTE - which may give a similar performance.
What Bruce said is true, you have 4 WAN links in a HA pair (only access to 2 at any given time). There is no reason this shouldn't work.