Meraki Community

BlakeRichardson · ‎Aug 20 2019

Not sure if this is new or I missed a notifcation somewhere but this has just popped up on my dasboard "

As part of ongoing efforts to improve the performance and resiliency of the Meraki Cloud we will be changing the IP addresses used by Cisco Meraki devices to contact the Meraki Cloud. One or more of your Meraki devices are unable to communicate with this new IP range. For more information about this upcoming change and how to resolve the connectivity issue, please click here"

The article it points at is https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Cloud_Maintenance_FAQ

btr.net.nz

MerakiDave · ‎Aug 20 2019

Hi Blake, that had to do with Meraki's growth (and the growth of the back-end systems and data centers for additional servers/shards) and the addition of the 209.206.48.0/20 address space. If you go to Help > Firewall Info you may also now see that range in the destination IP address column. In most cases, there's nothing to do, but if you're running your Meraki equipment behind restrictive firewalls that even block outbound traffic unless specifically permitted, then you would need to update those firewall rules to match that firewall info for outbound destinations. I believe the plan is to eventually remove the old/original destination IPs in favor of the 209.206 addresses, but I don't have any timeline on that, and I'd expect it to be a while.

All that said, there have been some "false positives" where I've seen that info banner in a network (my home lab network for example) where I knew it didn't apply, as I'm not blocking anything outbound, and I could safely disregard it. But it would be best to check with Meraki Support to confirm for your specific deployment, as they should have visibility into the individual firewall tests to see if they're passing or not.

tdj7397 · ‎Oct 28 2019

Hi Dave,

This is kind of related to your reply to this answer regarding Dashboard IP space... I'm trying to get a packet capture of a test meraki network and get verification/proof of how often it reaches out to the dashboard. I see the IP addresses in the help > Firewall Info area on the dashboard. But I'm trying to figure out more details on this.

When I run a packet capture on the switches in the dashboard I do see my switch reaching out to IP 209.206.58.101 but it's showing up over 100 times within just 1 minute of the packet capture. I don't see this 209 address space or any of the others when I run the packet capture on the MX/Security Appliance. So does it constantly send TCP/UDP packets to the 209 address? Or is there a time interval or another IP I'm missing?

Is there another way to accomplish what I'm trying to do? Or a whitepaper with details what rate the dashboard reaches out to the devices/vice versa. I know I read somewhere that it uses 1kbps or less on a Meraki document to monitor things and keep in contact with the dashboard etc.

Thanks in advance.

Tanner Johnson, ITILv4, ECMS1

PhilipDAth · ‎Aug 20 2019

I often get that coming up - even though the traffic is not being blocked. It's often falsely displayed.

drgnslyr · ‎Aug 21 2019

had that recently on many new networks, but not all... It's frustrating when talking to support about it, they seem to not want to really help track down what is being blocked, and once the warning goes away with no other changes, they don't have an explanation why.

Meraki Community

Additional Dashboard IP address

Additional Dashboard IP address