Home > Security Appliances > Other Topics > Port Bypass on the MX Series

Port Bypass on the MX Series

Table of contents
No headers

The MX400 and the MX600 support a hardware feature known as port bypass which enables traffic to flow through the devices in the event that the MX loses power or is shut down unexpectedly. This is done by the pairing of circuiting between WAN port one with LAN port one and WAN port two with LAN port two. 

This is useful if the MX is configured in passthrough mode because if it were to lose power traffic would still be able to flow through MX from the LAN port to the WAN port and vice versa. Because it is powered down the traffic flowing through the device will not be subject to a variety of features performed by the MX such as content filtering, traffic shaping and WAN optimization.

 

Port bypass is a hardware feature that cannot be disabled, because of this, issues can arise when the MX is used in NAT mode. This is because clients behind the NAT of the MX will begin to flow out of the WAN uplink without having their private IP addresses translated to the WAN IP address, thereby exposing your private LAN to the public. This can cause IP address conflicts with stations on the WAN subnet, or prevent clients from utilizing their default gateway and potentially flooding the subnet with broadcast traffic that could bring a network to a standstill. To prevent this possibility simply split up the WAN and LAN pairings, for example use the WAN one port as the uplink and use the LAN two port as the downlink. 

Administrators that utilize the MX400/600 in passthrough mode would most likely prefer having the bypass functionality. To do so, plug your LAN subnet into the LAN port of the MX400/600 and plug the WAN uplink into the adjacent Ethernet port (ie WAN1 with LAN1 and/or WAN2 with LAN2).

You must to post a comment.
Last modified
16:33, 29 Jun 2015

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community