Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX categorizing switch DNS traffic as BitTorrent

newengineerhere
Here to help
‎Nov 9 2022 9:10 AM
‎Nov 9 2022 9:10 AM

MX categorizing switch DNS traffic as BitTorrent

Over the last few months, we've had instances where the MX would categorize our switch's statically set DNS IP addresses (they're set to use Cisco Umbrella) as BitTorrent traffic, and would block it due to our layer7 firewall rules which block BitTorrent.

 

To be more specific, our Meraki switches are statically set to Cisco Umbrella IP addresses, so once they get categorized and blocked, our entire office goes down. I confirmed this through the event log. MX appliance is using 16.16 firmware.

0 Kudos
Subscribe
9 Replies 9
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 9 2022 9:22 AM
‎Nov 9 2022 9:22 AM

Request for reclassification:

 

https://www.brightcloud.com/tools/change-request.php

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
ww
Kind of a big deal
Kind of a big deal
‎Nov 9 2022 9:26 AM
‎Nov 9 2022 9:26 AM

Thats for content filtering. L7 firewall uses nbar.

 

0 Kudos
Subscribe
In response to ww
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 9 2022 9:30 AM
‎Nov 9 2022 9:30 AM

Yes I know, but It's just a test, because It does not make any sense. I use Umbrella too, and It has been working well. He can try to put the switches on the allow list.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
newengineerhere
Here to help
‎Nov 9 2022 9:46 AM
‎Nov 9 2022 9:46 AM

What's even weirder is I have other networks with MX 16.16 using Cisco Umbrella as DNS and they weren't affected

0 Kudos
Subscribe
ww
Kind of a big deal
Kind of a big deal
‎Nov 9 2022 9:29 AM
‎Nov 9 2022 9:29 AM

There are some nbar fixes  in 16.16.4. Are you running 16.16 or 16.16.6?

 

The network should keep working even if the management tunnel is down

Subscribe
In response to ww
newengineerhere
Here to help
‎Nov 9 2022 9:31 AM
‎Nov 9 2022 9:31 AM

Running 16.16. Entire network went down. My assumption was that data plane would still function, but that was not the case. Switches all had "Bad DNS" errors.

0 Kudos
Subscribe
In response to newengineerhere
ww
Kind of a big deal
Kind of a big deal
‎Nov 9 2022 9:33 AM
‎Nov 9 2022 9:33 AM

I would try 16.16.6 or contact support to check if the nbar update in 16.16.4+ has a fix for this

Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 9 2022 9:33 AM
‎Nov 9 2022 9:33 AM

https://community.meraki.com/t5/Security-SD-WAN/NBAR-blocking-traffic-to-Umbrella-DNS/m-p/159047#M39...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Nov 9 2022 10:49 AM
‎Nov 9 2022 10:49 AM

Owch thats not a good problem to have, odd its taking everything offline though you should only lose management access with your dashboard reporting an issue with the device. 

 

The other option would be do you need to use Umbrella with your switches or could you use something else like Google. I know that doesn't resolve why thats happening but at least its a work around. 

btr.net.nz
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.