I have two MX250 firewalls set up in a NAT HA failover pair, using the network-connected design for VRRP heartbeats.
Both MX250s have one link connected to WAN1 in the same subnet and I'm using the Virtual-IP for client traffic headed to the internet.
The problems start when I disconnect MX250-Primary-Master's WAN1: the MX250-Spare takes over the master role within seconds. However most clients and switches do not regain internet connectivity- the switches go offline and clients connected to switches have no internet, BUT with the exception of the root switch MS225-24P-2K. The root switch regains internet connectivity and clients behind root switch can also access the internet. But rest of the switches and clients are offline- can not even ping the gateway (gateways are in the MX250). I have included two illustrations of the working setup and the nonworking setup after MX250 failover. I also have an open case with Meraki but no solution yet.
nice
ReplyDeleteMeraki Switches
CISCO Switches
HP Switches
Meraki Firewall
Cloud Based Firewall
CISCO Firewall
Paloalto Firewall
Fortinet Firewall
Awesome CISCO Meraki Switches Firewall
ReplyDelete