Skip to main content
Cisco Meraki Documentation

MX Uplink Settings

  1. Last updated
  2. Save as PDF

Overview

All Cisco Meraki appliances require a working internet connection for communication with the Meraki dashboard and cloud management. The Uplink tab allows an administrator to configure a WAN interface for internet connectivity and monitoring for MX and Z-Series appliances. To access the Uplink tab, navigate to Security & SD-WAN > Monitor > Appliance Status for MX appliances, or Teleworker gateway > Monitor > Appliance Status for Z-Series teleworker gateways.

Configuration 

Public IP 

The IP address that is seen on the Meraki cloud's end when receiving communication from the MX appliance and Z-series devices.

WAN

This is the IP address that the MX will use on its WAN (Internet) interface to communicate with the Meraki dashboard and to run its connectivity tests to monitor the uplink status. 

The WAN interface can be configured by selecting the edit (pencil) button located to the right of the WAN section. Once the pencil is selected, the interface can be configured for DHCP to dynamically obtain an IP address or to static IP to manually configure the IP address. Please reference the Static IP Assignment article for more information if a static IP assignment is needed. 

WAN.PNG

MX supports the use of /31 subnets for WAN uplinks on firmware versions 14.24 or higher. 

Secondary WAN

All MX security appliances feature either a dual-purpose or dedicated secondary WAN interface. For MX models that have a dedicated secondary WAN interface, WAN 2 is ready to be utilized once it is configured in the Meraki dashboard and provided a physical uplink. For MX models with dual-purpose WAN/LAN interfaces, the dual-purpose port must be converted to an Internet port before it can be configured as WAN 2. 

This can be configured by selecting Add another WAN port under Security & SD-WAN > Monitor > Appliance Status on the Uplink tab in dashboard (pictured above) or through the local status page by switching the role to the Internet option. For more information, please refer to Enabling and Configuring WAN 2 article.

Note: When configuring the secondary uplink, the current dashboard connectivity state of the MX is important to keep in mind. If the MX is already online and connected to the cloud, the secondary uplink configuration can be applied via the dashboard. However, if the MX is not currently online then this configuration will need to be applied on the local status page.

WAN 1 and WAN 2.PNG

Note: It is not advisable to change the WAN IP details on the dashboard when there is only one WAN link. As entering incorrect IP information could potentially take the MX offline, and prevent it from being able to reach the cloud and pull updated configuration.

Note: Modifying the following items will result in WAN interfaces being reset.

  • State (enabled/disabled) of any WAN interface
  • Addressing method (static/DHCP) of any WAN interface
  • State (enabled/disabled) of any LAN interface

This will result in a loss of connectivity on both Internet uplinks for up to 2 minutes. Therefore, it is recommended to only make changes during a planned maintenance window so that disruption is minimal. 

Cellular

The MX67C and MX68CW have an embedded LTE module for cellular failover connections. These are configured by selecting the edit (pencil) button next to Status and then select Enabled. More information on configuring integrated cellular interfaces can be found in the MX67/MX68 Installation Guide.

cellular edit.png

Hostname (DDNS) 

The security appliance uses Dynamic DNS (DDNS) to update its DNS host record automatically each time its public IP address changes. DDNS can be configured by navigating to the Security & SD-WAN > Monitor > Appliance status page, selecting the pencil icon next to Hostname, located between the WAN IP and Serial Number on the left of the page. For more information, please refer to the Dynamic DNS (DDNS) article.

ddns.png

Uplink Status

The MX will report the current status of its uplink interfaces in dashboard both under Security & SD-WAN > Monitor > Appliance Status > Uplink next to the Status section and under the WAN1, WAN2 or Cellular section on the left-hand side of the Security & SD-WAN > Monitor > Appliance Status page.

  • Active - WAN interface is healthy and is currently being used to send client traffic.
  • Ready - WAN interface is not currently being used but is awaiting failover from the Primary uplink that is configured under Security & SD-WAN > Configure > SD-WAN & traffic shaping > Primary uplink. To configure an active-active load-balancing state, refer to our article on Load Balancing.
  • Failed - Indicates that the link has not been able to establish a connection to the Meraki cloud.
  • Disabled - This status is set from the uplink tab to disable the WAN port.
  • Not Connected - WAN interface is enabled, but no cable is connected or the cable is not detected.

For more information on troubleshooting the inactive uplink states, see the Inactive Uplink states section.

WAN States.png

The MX appliance and Z-series devices use Connection Monitoring tests to determine whether the link is healthy. Please refer to our Connection Monitoring article for detailed information on these tests.

 

The Cellular interface has three statuses: 

  • Active - The MX-Z has detected a WAN failover and switched the internet connection to the cellular interface.

  • Ready - The MX-Z has established the connection with the 3G/4G provider and was able to successfully send/receive data with Meraki dashboard from the cellular interface. The MX-Z is ready for failover to the 3G/4G connection.

  • Connecting - The modem/SIM has been recognized and the MX-Z is actively attempting to establish a persistent connection with the 3G/4G provider. For more information on troubleshooting a cellular uplink that is stuck at connecting, please review the MX67 and MX68 Overview article.

cellular status.png

Note: For more information regarding the cellular modem states and cellular failover, please refer to the 3G/4G Cellular Failover article.

Live Data 

The live data graph provides a real-time view of the uplink traffic that is passing through the MX to and from the uplink interface. The graph breaks down the total and download traffic into two separate, color-coded lines. Because this is a constantly live stream, it can be paused by pressing the Pause button on the right side.

Live data.PNG

 

When there are two WAN links, the two colors will show one for WAN 1 and one for WAN 2.

Live Data with 2 WAN.png

Historical Data 

This section provides retrospective information on the latency and loss of the active internet uplink(s) over the specified time range to the selected destination IP address (8.8.8.8 by default). If both Internet uplinks are used, their test results will be mapped individually with color-coded lines on the same graph. By using the drop-down at the top of the section, the scope of the graph can be toggled between varying pre-defined lengths and the results of the test to each configured IP address.

 

The results of tests to additional destinations can be viewed by toggling the Connectivity to dropdown added under Security & SD-WAN > Configure > SD-WAN & Traffic Shaping > Uplink statistics. More information on this feature can be found in the SD-WAN and Traffic Shaping article.

Note: The MX uses ping to test connectivity and gather the results to be displayed. If ICMP is being blocked upstream or if the remote end is configured to not respond, then this graph will display 100% loss while the uplink may still be working as expected.

historical data.PNG

 

Troubleshooting 

Inactive Uplink States

  • Failed - WAN interface is enabled, but the link is not providing Internet connectivity and is failing the connection monitoring tests.

    • Troubleshooting:

      • If using a static IP assignment, ensure that the IP addressing information is correct.

      • If using DHCP, confirm that the device is obtaining a useable IP address.

      • Confirm that the gateway is sending ARP replies to the MX. More information on troubleshooting this can be found under the Bad IP Assignment Configuration article.

      • Investigate the gateway to determine if it is passing traffic received from the MX.

  • Not Connected - WAN interface is enabled, but no cable is connected or the cable is not detected.

    • Troubleshooting:

      • Ensure that the cable is properly seated in the Ethernet ports on both ends.

      • Test using a different, known-working cable.

      • Confirm that the port is enabled on the remote (non-MX end) of the cable.

      • Attempt to connect to another port on the remote (non-MX end) of the cable.

  • Disabled - WAN interface is disabled on the dashboard. To enable, click on the edit (pencil) button next to disabled WAN port on dashboard and select either DHCP or Static IP to enable.

Event Logs 

There are a few different event logs that are particularly useful to determine the occurrences of uplink failovers and why the uplink may have failed.

  • Primary uplink status change - Logged when the primary uplink of the MX appliance fails over. More information can be found in our Primary Uplink Status article. 

  • Bad Gateway - Events related to communication issues with the gateway. There are two reasons why this event would be logged:

    • No_lan_connectivity - The gateway is not responding to ARP requests.

    • No_inet_connectivity - The Internet and/or DNS connectivity tests are not passing.

FAQs 

Why Is the MX Not Using the Static IP Address That I’ve Configured? 

If an MX cannot communicate with its gateway using the statically configured addressing information, then the MX will failover to using DHCP. Therefore, if a static IP address has been configured, but the Uplink tab shows a DHCP address, check and confirm that the static IP addressing information is configured correctly and ensure that the upstream device is responding as expected. For more information on what to investigate, please review the Bad IP Assignment Configuration article.

How Do I Configure/Stage a Static IP Address for an MX That is Not Online? 

When an MX is not connected to the Meraki Dashboard but requires the use of a static IP address in order to do so, then it is necessary to connect to the local status page of the MX to configure a static IP address. Please reference the Static IP Assignment article for more information on this configuration.

What if I’m Using a PPPoE Connection? 

PPPoE can be configured on the device's local status page, under the Configure tab by setting the Connection type to PPPoE. For more information, visit the Support for PPPoE on Cisco Meraki Devices article.

Will Configuration on the Local Status Page Take Precedence Over Dashboard Uplink Section Configuration? 

The configuration made on the local status page of both the MX appliances and Z-Series gateways will take precedence over the configuration in Dashboard. When the MX is brought online following a change made to the local status page, the configuration for the uplink in Dashboard will be updated automatically to reflect the changes made locally.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
    Stage
    Final
  2. Tags
    1. MX
    2. static ip
    3. uplink
    4. wan ip