Skip to main content
Cisco Meraki Documentation

MultiWAN Backup Uplink

  1. Last updated
  2. Save as PDF

MultiWAN (2 Active + 1 Backup link)

MultiWAN enables more than two functional uplinks on supported models like the MX75, MX85, MX95, MX105 with more than two dedicated WAN links. This guide covers all that relates to the Multi-WAN feature, including configuration and troubleshooting. 

Feature

This iteration of MultiWAN support enables a third link as a backup link on supported platforms. The third link mimics the failover behavior of the embedded cellular feature on supported MX(C) Appliances - which means the third link remains in standby mode until both primary and secondary uplinks are down. The third link uses the same shared firewall rules which govern WAN 1 and WAN 2. 

Paired interfaces are not supported with the MultiWAN feature. Once MutiWAN is enabled, interface pairs are disabled, all WAN interfaces become independent interfaces.  For more information see Paired interfaces

Enabling MultiWAN disables port pairing between SFP/RJ45 ports, and causes all WAN interfaces to reinitialize for approximately one minute. Therefore, it is recommended to enable MultiWAN during a maintenance window. 

Configuration of WAN3 via configuration templates and local template overrides is not supported at this time

Prerequisites

i. This feature requires MX 18.2 firmware or higher

ii. This feature is only supported on MX75, MX85, MX95, MX105

Caveats

  1. On the MX75 - The Third physical port is the designated backup port. Physical ports 1 & 2 become designated WAN 1 and WAN 2 ports.

            MX75 third physical port conversion
     

  2. On the MX85, MX95 & MX105 - The Fourth physical port is the designated backup port. Physical ports 1 & 2 become designated WAN 1 and WAN 2 ports.

          Fourth physical port conversion on MX85/95/105

  3. On the MX85, MX95 & MX105 - the Third physical port is disabled and unusable once MultiWAN is enabled

  4. The designated backup port cannot be changed to a different physical port

  5. SFP modules (fiber or copper) are required for physical ports 1 & 2

  6. IPv6 is not supported on the Backup WAN uplink

Use case

  • Third Internet link as backup: Configuration of a tertiary link to serve as backup in case the primary and secondary links fail.

  • Meraki Cellular Gateway MG as wireless WAN backup: Connecting an MG for wireless WAN backup use cases without sacrificing a hardwired connection.
     

How to enable this feature

i. Ensure you have a supported MX model e.g. MX75/85/95/105

ii. Upgrade your MX network to 18.2+ firmware

Enabling MultiWAN disables port pairing between SFP/RJ45 ports, and causes all WAN interfaces to reinitialize for approximately one minute. Therefore, it is recommended to enable MultiWAN during a maintenance window. 

Configuration

To enable MultiWAN: 

  • On Dashboard, navigate to Security & SD-WAN > Monitor > Appliance Status

Dashboard MX summary page uplink status .png

  • Select the Uplink tab, Click “Enable Backup WAN”

Enable backup WAN option in the Dashboard

Once enabled, the third link will remain in standby mode until both WAN1 and WAN 2 have failed.

Uplink information will be reported for the backup link similar to WAN 1 and WAN 2

MX uplink live and historical data graphs that include WAN3

High Availability failover behavior

Even though the MultiWAN feature mimics the primary, to secondary, and tertiary failover behavior of cellular, It differs from failover behavior of cellular when the MX is in High Availability mode. In HA mode, unlike with Cellular, all links including the backup link must fail before Spare MX takes over as the Primary MX.

 

Failback behavior

While the third link is active, the MX uses the same Connection Monitoring Test Process to determine when to failback to WAN 1 or WAN 2 would be appropriate. Failing back can either be Immediate or Graceful.

  • These options are selected by navigating to Security & SD-WAN > Configure > SD-WAN & Traffic Shaping.
  • Under the Uplink Selection section, select the dropdown menu for WAN failover and failback behavior, and choose either Immediate or Graceful.

Traffic shaping Uplink selection and failback options

VPN behavior 

AutoVPN
  • AutoVPN tunnels will not form on WAN 3 if WAN1 or WAN2 are active.
  • If Active Active AutoVPN is enabled, only WAN1 and WAN2 will build tunnel by default. The backup uplink will only build a tunnel when the backup uplink is the only active/online link
  • If Active-Active AutoVPN is disabled only the WAN port set as Primary uplink will build a tunnel.

AutoVPN tunnel over WAN3 will only form after WAN1 and WAN2 links are DOWN. 

Client VPN & Non Meraki VPN

After WAN 1 and WAN 2 have failed, and WAN 3 is active, Client VPN and Non Meraki VPN tunnels will form on WAN 3. If either WAN 1 or WAN 2 is active, Client VPN and Non Meraki VPN will not form on WAN 3.

SD-WAN policies 

This option appears after Active-Active Auto VPN is enabled.

SD-WAN policies and load balancing policies do not apply to WAN3.

Troubleshooting

Troubleshooting for MultiWAN should be done similarly to troubleshooting for other uplinks on the WAN Appliance. There is nothing different with the backup uplink, other than being disabled by default, whereas other uplinks that are enabled by default.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
    Stage
    Draft
  2. Tags
    This page has no tags.