Meraki

Adam · ‎Jan 3 2019

Has anyone configured a Disney Circle device to work with an MX? I guess the device uses ARP Spoofing/Poisoning re: https://support.meetcircle.com/hc/en-us/articles/115001381932-How-Does-Circle-Work- and Meraki's don't appear to be supported per https://support.meetcircle.com/hc/en-us/articles/115001381571-Router-Compatibility-and-Circle

I don't have the Disney Circle on hand yet to test but here are some of the thoughts I had: Is there a way to have the MX DHCP assign the Disney Circle IP as the default gateway to avoid the need for spoofing/poisoning? Is there a setting on the MX that internally blocks ARP Spoofing/Poisoning?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

PhilipDAth · ‎Jan 3 2019

Wow that sounds like a poorly thought out network design by Disney!

ARP spoofing itself does not require the gateway to support it. The Disney device will just need to respond more aggressively, and/or rely on clients accepting gratuitous arps.

Alas you can not configure the MX to give out a default gateway other than itself. Perhaps the Disney device has a built in DHCP server itself?

jdsilva · ‎Jan 3 2019

I wonder what the IDS/IPS functionality of the MX would think about this...

http://blog.brokennetwork.ca |

@jdsilva

PhilipDAth · ‎Jan 3 2019

The Meraki MX would report that their is a duplicate IP address on the network.

Adam · ‎Jan 3 2019

I'll be testing it in the near future so I'll report the results. I like the idea/ability of the Disney Circle to make managing access time easy. But strange implementation.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

jdsilva · ‎Jan 3 2019

@Adam why not just use group policies and schedules if that's your goal?

http://blog.brokennetwork.ca |

@jdsilva

Adam · ‎Jan 3 2019

@jdsilva, the circle makes it very easy for the average home user to manage dynamic policies. If you take a pass through this https://cdn.meetcircle.com/support-files/User+Manual+-+Circle.pdf you can do some unique stuff like: setting time limits, bed time, off time, rewards etc. Look at pg 55 forward.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

DWHat · ‎Jan 6 2019

I have.

What I did was plug it directly to a switch port, set the VLAN on that switch port to the same VLAN as the wireless devices, and walked off. It worked as intended, without affecting the rest of the network.

We no longer use it for two reasons: Group policies in the MX and Apple's Screentime implementation in iOS 12. The latter made the Circle irrelevant in our setup.

Adam · ‎Jan 8 2019

I plugged it directly into the MX but that port was setup on the same vlan as the wireless. Worked as intended, no issues.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.