How To Replace An Existing Meraki MX Device

How To Replace An Existing Meraki MX Device
February 1, 2023

Like any electronic device, there comes a time when you may have to replace a Cisco Meraki MX hardware. If the warranty still applies, you may request a replacement unit from Cisco Meraki (you may be asked to return the broken device at the company’s expense within 45 days of the replacement’s shipment).

What’s unique about the Cisco Meraki system is you can configure the replacement device as a “warm spare” or a secondary device that will smoothly take the place of the primary device. However, if the primary device fails before you can configure the secondary device, you will have to perform a “cold swap.” The same rule applies when switching your network or upgrading to a different Meraki MX model.

Below, we’ll show you how to replace your Cisco Meraki MX with a warm spare and a cold swap methodology.

Pre-Installation Configuration

Once you received or bought a replacement Meraki device, the first thing you should do is manually configure all local settings:

  • Static WAN IP address
  • Proxies
  • Non-standard link speeds

Similarly, you’ll need to configure the network to accept the new device and prevent existing security programs from blocking it. For example, remember to whitelist the replacement unit’s MAC (media access control) address so that other devices won’t flag it as a rogue server if you use it to run a DHCP (Dynamic Host Configuration Protocol).

Below, we’ll cover some of the steps for replacing an existing Meraki device.

Warm Spare: How to Set Up a High-Availability (HA) Pair

A warm spare failover is designed to prevent downtime and ensure the integrity of the MX service and the functions it performs for your network. It establishes failover support at the appliance level by having a secondary MX on the ready. If the primary MX goes offline, the secondary unit will automatically take over.

A few reminders about HA Pairs:

  • The secondary MX must be the exact same model as the primary device.
  • The dashboard will show a swap button for primary and secondary devices. It is for assigning which device will act as the primary MX and not to test if the secondary device works.
  • The only way to test a warm spare failover is to disconnect the uplink to the primary MX completely.
  • Configure the secondary MX from the dashboard before physically connecting the device to the network.
  • When adding an MX to a network with an existing MX of the same model, it will automatically be set to warm spare mode.

Step 1: Dashboard Configuration

  1. From the dashboard, go to Security & SD-WAN > Monitor > Appliance status > Configure warm spare.
  2. Wait for the new window to open, then click Enabled.
  3. Enter the serial number of the secondary Meraki MX device.
  4. Choose the correct IP configuration.
    • MX Uplink IPs – This option allows the active MX device to use its distinct uplink IP. So if the primary MX fails and the secondary MX takes over, the latter will use its own IP, which is different from the primary.
    • Virtual Uplink IPs – This option uses a virtual IP (VIP) that both primary and secondary MXs use. It requires an additional public IP for each new uplink but ensures a seamless failover.
  5. Click Update.

Step 2: Configuration to Warm Spare

There are two ways to establish an HA pair:

  • Via Passthrough or VPN Concentrator Mode
  • Via Routed Mode

Let’s start with the VPN Concentrator method:

  1. Security & SD-WAN > Configure > Addressing & VLANs page
  2. Deploy the two MX devices through Passthrough or VPN concentrator mode.
  3. Check that the two devices:
    1. Connect to the network only through Internet ports.
    2. Are not connected to the network via LAN ports.
    3. Are within the same IP subnet.
    4. Communicate with one another and the dashboard.
  4. Set up the VIP that the primary and warm spare will share. Go to Security & SD-WAN > Monitor > Appliance status > SPARE
  5. Check that the VIP differs from the primary and spare devices’ IPs.
  6. Check that the VIP is in the same subnet as the primary and spare’s IPs.

Next are the steps via Routed Mode. 

The process is similar to the VPN Concentrator method, except without the VPN configuration:

  1. Set up the VIP that the primary and warm spare will share. Go to Security & SD-WAN > Monitor > Appliance status > SPARE
  2. Check that the VIP differs from the primary and spare devices’ IPs.
  3. Check that the VIP is in the same subnet as the primary and spare’s IPs.

Advantages of HA Pairing:

  • Only one license is needed for both MX units.
  • There will be minimal to zero network downtime if the primary Meraki device fails.
  • You can stay calm if existing MX hardware fails because the failover will automatically kick into action. The spare will recognize that the primary device has failed, so it will take over as the active MX, delegating the primary device as the passive MX.
  • There’s also no need for manual, on-site intervention by network administration specialists.

Disadvantages of HA Pairing:

  • You must obtain a similar model to your primary MX.
  • Warm spares using different models are unsupported. If you have to use a different model, you must use the cold swap methodology to replace your Meraki MX device.

Cold Swap: How To Replace an Existing MX Device With a Different Model

The cold swap methodology allows you to use a different MX model than your current one. It’s an excellent alternative to HA pairing if you intend to upgrade your device or switch to another network.

There are two ways to perform a cold swap replacement:

  • Quick Swap
  • Clone and Replace

1. Quick Swap

Since the dashboard network only has room for one MX device at a time, you need to remove the existing MX before installing the replacement.

Here are a few things to keep in mind:

  • The replacement will be installed in the same network as the original MX.
  • Quick swap preserves the original, non-local configurations.

Step 1: Removing the Original MX

  1. Go to Security & SD-WAN > Monitor > Appliance Status.
  2. Scroll down the page and click Remove Appliance From Network.

Step 2: Adding the New MX Via the Inventory Page

  1. Go to Organization > Inventory Page.
  2. Select the MAC address and Serial Number of the new MX device you want to add to the network.
  3. Click Add to… > Existing Network > find the network where the original MX belongs > click Add to existing.

Adding to a New Network

If you want to create a new network:

  1. Go to the Organization tab > Create Network.
  2. Create a name for the new network.
  3. Select your preferred Network Type.
  4. Select your preferred Configuration.
  5. Go to the Devices section > Check the MX devices you want to add to the network > click Claim > enter the serial numbers > click Create network.

Step 2 Alternative: Adding the New MX Via the Network Configuration Page

  1. From the Administrator view (with multiple organizations), go to the Search for network drop-down menu > choose the network where you want to add the device.
  2. Go to Network-wide > Configure > Add devices.
  3. Select the devices you want to add > click Add devices

Step 3: Add the Secondary MX as a Warm Spare

  1. From the Administrator view (with multiple organizations), go to the Search for network drop-down menu > choose the network where you added the new Meraki device.
  2. Go to Security Appliance > Appliance Status > Configure Warm Spare.

Step 4: Physically Swap the Old and New Devices

  1. Allow the device to check into the dashboard properly.
  2. Finish any necessary device upgrades.
  3. Transfer the WAN uplinks.
  4. Next, transfer all the LAN connections.

IMPORTANT: All the cables from the old MX should go to the same slots/ports in the new MX.

Advantages of Quick Swap:

  • There’s no need to reconfigure the replacement MX in the dashboard.
  • All previous client tracking data will be retained.
  • Adding new networks or deleting existing ones is not required.
  • It’s the easiest way to replace an existing Meraki MX device in a Combined Network.
  • This is the best option if your existing MX device malfunctions and is already causing network downtime, and you have no contingency plans yet.

Disadvantages of Quick Swap:

  • There’s downtime when you configure and physically install the new MX.
  • The Clone and Replace method results in less downtime.

2. Clone and Replace

As the name suggests, this process turns the replacement device into a clone of the original Meraki MX. This method is best done early as a contingency rather than a solution after hardware failure. It involves pre-staging, configuring the replacement, and letting it check into a network identical to the existing MX network.

Step 1: Clone the Existing Network

  1. Go to the Organization tab > Create Network.
  2. Create a name for the new network.
  3. Select your preferred Network Type.
  4. Go to Network Configuration > Clone from existing network > choose the original network you want to clone.

Step 2: Add the Replacement MX Device to the Clone Network

  1. From the Administrator view (with multiple organizations), go to the Search for network drop-down menu > choose the network where you want to add the device.
  2. Go to Network-wide > Configure > Add devices.
  3. Select the devices you want to add > click Add devices

Step 3: Add the Secondary MX as a Warm Spare

  1. From the Administrator view (with multiple organizations), go to the Search for network drop-down menu > choose the network where you added the new Meraki device.
  2. Go to Security Appliance > Appliance Status > Configure Warm Spare.
  3. Bring the replacement device online.
  4. Allow the device to pull configurations and firmware updates.

Step 4: Physically Swap the Old and New Devices

  1. Allow the device to check into the dashboard properly.
  2. Finish any necessary device upgrades.
  3. Transfer the WAN uplinks.
  4. Next, transfer all the LAN connections.

IMPORTANT: All the cables from the old MX should go to the same slots/ports in the new MX.

Advantages of Clone and Replace:

  • Minimal downtime; since the replacement is already configured and tested, the only downtime is when you physically swap the old device with the new one.
  • Less disruptive to your operations.

Disadvantages of Clone and Replace:

  • The clone network will not have any historical client tracking data (the data will only exist in the original network).

Get IT Management Support from the Experts

Our guide above is here to help anyone managing Cisco Meraki security appliances and networks. If you are more comfortable entrusting these tasks to experienced IT specialists, Stratus Information Systems can help.

We offer Meraki support and consulting services for on-site and remote management. Our knowledgeable team at Stratus can assist you with hardware installation, network configuration, monitoring, and more. We also have Cisco-certified engineers who can walk you through the process of replacing Meraki devices.

Our services ensure network integrity and minimize disruptive and costly downtimes. Schedule a consultation with one of our experts today.

0