Configuring 1+1 Backup by High Availability (HA)

I came across my first HA Master failure recently, and we were called to replace the unit.
Up until now, we only showcased HA availability switchover, by unplugging the Master power cable (as mentioned earlier in this thread)
I tried searching the fora and the knowledgebase about the required steps but couldn’t find all the steps necessary in one place.(OK i didn’t search thoroughly, i admit)

So this is what i did and successfully replaced the Master device and restored 1+1 Backup HA group - in case anyone else needs this information in the future
(If someone from peplink could point out any mistakes please let me know so I can correct this)

  1. The slave device has assumed Master role and all Speedfusion VPNs were up and running. The web interface of both the Virtual ip and the slave’s IP only showed status of the device, we couldn’t change any option

Solution: As pointed out earlier in this topic, this was because of the active Sync from Master checkbox. As soon as I unchecked this, we had full access to the GUI settings

  1. Downloaded the configuration from the Slave device

  2. Connected to the replacement unit, firmware downgraded it to match the FW version of the original devices (ain’t nobody got time for keeping critical devices up to date firmware-wise) and uploaded the configuration from the slave device (from System->Configuration->Upload Configuration from HA Pair)

  3. After uploading the configuration we had to change the LAN IP of the new device and the hostname.

  4. Check in Network->Misc Settings->High Availability that all settings matched between the two devices
    In the new device we specifically chose Master role and Resume Master Role Upon Recovery

  5. My biggest concern here was that we would need to reconfigure all Speedfusion Tunnels because they used the ID of the failed device (which i though was tied to the device’s hostname)

Solution: Peplink was smarter than this and the PepVPN Local ID may default to the device’s hostname but isn’t tied to it. So after uploading the configuration, the new device had the same Local ID as the old, but i could change the hostname without affecting VPN tunnels

  1. Connect the LAN and WAN interfaces to the cables that were initially plugged to the failed device

  2. As soon as the device turned on, it resumed Master Role within seconds. No issues were reported (or noticed) by the users of the speedfusion connections (boy, were they critical)

  3. Logged in to the slave’s IP and re-checked the sync config from master (with the serial number of the new device of course)

  4. Profit

Hope this info would help someone in the future
Again if someone sees any unnecessary or simply wrong steps, please let me know so I don’t mislead other people


What is the correct procedure for updating firmware on a master/slave pair with minimal downtime?


Please check the knowledge base below:


Do you have the pdf version on this great instruction?

We’re looking on “Peplink HA setup requirement and instruction guidebook” - to be documented. We need to submit this instruction in document form to FSI customer.

1 Like

we have WAN Ports on Master configured as DHCP.
Will Slave clone the MAC Addresses of the Masters WAN Ports to ensure it takes the same IP Adresses in case of Failover?
thanks a lot

1 Like

How many nubnets can add more if i deploy a Configuring 1+1 Backup by High Availability (HA)??? Thanks

@tai.nguyennetmark, can you elaborate more? Do you mean what is the maximum VLANs can be added after HA is ocnfigured?

1 Like

Yes, its the same 128Vlan, Right?

Maximum VLANs supported for the device have nothing related to the HA setup. “802.1q VLANs Supported” is depend on the product models.

1 Like

Do I have to keep a current Incontrol 2 subscription for both my master and slave unit if I am using HA, or can I keep the Master current and let the Slave units subscription lapse?
I use Incontrol 2 to create the Speedfusion tunnels between our client routers and our Datacenter.

I have an old Peplink BL 710 and now is buy a new Peplink BL 710 to HA with old Peplink. Do my new Peplink have the same firmware my old Peplink?

Hello @toannguyen290497,
Welcome to the Peplink Forum.
For HA to work you need both the same hardware version and firmware version with each device. Some of the very old models of Peplink Balance routers can not take the latest firmware.
What hardware version is your older Peplink Balance 710 ?
Happy to Help,
Marcus :slight_smile:


yeah, thank you so much. I will check my old Peplink

1 Like

When i enable Configuration Sync. on my Slave Peplink, which value on Master Peplink can sync to my Slave Peplink.

When i enable Configuration Sync. on my Slave Peplink, is all the config (WAN config, LAN config) on Master Peplink will sync to my Slave Peplink???
Can anyone help me?

@toannguyen290497, all configuration of master device will be synced to slave device after Configuration Sync is enabled. Please ensure the hardware revision and firmware version between master and slave devices are same. Please get help from your point of purchase if you need further help.



Hi TK_Liew
That’s mean on my Slave device i just need enable HA and enable Configuration Sync., don’t need config WAN interface, LAN interface,… right???

@toannguyen290497, please ensure both master and slave devices can communicate with each other via LAN interface/Untagged LAN then only enable HA with config sync.


okay thank you so much TK_Liew


We have a situation where there’s an optimizer (Optimizers are on HA too) before the link to the switch.

On our tests, when the link between the optimizer and the switch is broken, the salve becomes master, but the master stays as master. Anyone had a similar topology that could give us some tips on how to handle it?

1 Like