Home > Security Appliances > Other Topics > MX Cold Swap: Replacing a Faulty MX with an Operational MX

MX Cold Swap: Replacing a Faulty MX with an Operational MX

如欲查看中文版本,请点击 这里


The MX Security Appliance can be configured to act as a warm spare, where a primary MX will "gracefully" fail over to a pre-configured, online secondary appliance. However, if a primary MX fails before a secondary was pre-configured as a spare, the network admin must perform a “cold spare” swap by cloning the original MX's configuration and swapping in the replacement appliance. This article outlines the full procedure for an MX cold swap.

Apply local configurations to replacement MX

Any local settings such as static IP addresses, proxies, and non-standard link speed will need to be configured manually on the local status page before the MX can connect to Dashboard. These should be copied from the faulty MX (if available).

Note: If the MX is performing DHCP and any downstream devices are configured to detect/contain rogue DHCP servers, be sure to whitelist the MAC address of the new MX.

Remove faulty MX from current network

A Dashboard Network can only contain one MX at a time. To make room for the new MX, the Network Administrator will have to remove the current MX. Please note that the network will retain the old MX's non-local configuration, so the replacement MX does not need to be reconfigured in Dashboard.

Add replacement MX to same network

Once the faulty MX is removed, there is now space in the network to add the replacement MX

Re-enable Site-to-site VPN (optional)

If this security appliance was previously configured to use site-to-site VPN, that functionality will need to be re-enabled under Configure > Site-to-site VPN. Simply change the Mode to Full-tunnel or Split-tunnel, dependent on the desired mode of operation.

Since licensing applies on an organization-wide level this procedure should not invalidate licensing compliance. 

Note: If the replacement MX is still not reporting in on Dashboard or 1:1 NAT is not working you may need to clear the upstream modem's ARP cache

You must to post a comment.
Last modified
20:01, 19 Jul 2017



This page has no classifications.

Article ID

ID: 1493

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community