I wish they had put links to documentation of the new features in the release notes (like they have sometime done on major MR updates).
I cant seem to find the documentation of those features anywhere.
Hi @thomasthomsen here is something:
https://documentation.meraki.com/MS/Other_Topics/Digital_Optical_Monitoring
RSPAN and Smart ports are in this latest video and don't seem to be documented yet...
https://youtu.be/iXK6H6_xc9c?feature=shared
Thanks. - I did not see the last update vid.
But Im just old fashioned, I really like ( Enjoy almost 🙂 ) documentation on released features 🙂
I was hoping so much to actually test the new Port Profiles (them now being org. wide, and that has been a major wish from some of my customers for a while), but alas, that feature did not appear after the upgrade.
So Im guessing not everything is made public yet.
*Sigh* the other features ( Adaptive policy on MS130X/R, Intelligent Capture and Traffic Mirroring ) are now all on the early access-page. But smartports is still strangely missing. The "most important" (*citation needed*) feature. Bugger.
PS: the "new features" page of the forums with MS17 announcements documentation to smartports points to the "old" (Jan 2024) page about Port profiles.
Did someone miss a memo ? 🙂
Weeee ... SmartPorts are now ready in early access 🙂
A few things, just to be aware off, nothing I think is serious, or "bad", but just something you should know.
Smartports are now "org wide" 🙂 and that's fantastic.
It has two parts "Port-Profiles" and Automations.
It copies your current port-profiles here, so for example, if you have an AP portprofile on 3 networks, you will get 3 AP portprofiles in the list. You can see what network they are connected to when opening them. So, we will need a little bit of cleanup if you use port-profiles already - But that is fairly easy to do.
You can only use newly created Port-Profiles for automation.
And I really like the new "target" of Automation, of course if you have MANY switches in your org, it might be a little overwhelming.
(PS: Uh oh ... ran into a problem. Created a automation, applied it to a couple of switchports, and those switchports says they run automation. When I returned to the Smartports Automation page, the Automation I created was gone 😕 so I can not edit it, and the switch still says those ports run automation. Good thing this was my lab 🙂 ).
(PPS - Edit. It was ME who made a mistake.
Creating the Automation, I "forgot" to press save / update in the "correct order.
I was just too excited 🙂 )
Do anyone know if the API has been updated, so you can create Port-portfiles on the org. level ?
And another important question.
What is the scale ? aka. How many Automations can I create, and how many "trigger actions" can we have pr. Automation.
Do anyone know ?
I now "already" have a "wish" .... for a "convert to org. wide" for a network specific port-profile when enabling this feature. 🙂
And equally important ... the documentation is also ready : https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/SmartPorts
Hmmmm perhaps the wording here could be changed a bit.
From documentation :
"An automation is a sequence of rules, each of which is a collection of one or more match conditions. Match conditions in a rule operate as a logical AND. That is, all conditions in rule should match for the rule to be considered a match. For this reason, a match type can be used only once per rule. For example, multiple match conditions for LLDP system description cannot be added in a single rule. If multiple LLDP system description values, they should be entered as comma-separated values in the match criteria instead. Values provided in the match criteria operate as a logical OR, which means that any one of them being matched will be sufficient for the condition to be considered a match"
In the UI it is called "Match Type" and "Match criteria".
So ... would these two Automations do the same thing ? Or would one of these not work ? (see attached picture).
(Simply trying to apply a port-profile to an MR or CW AP)
My answer is yes, they will do "the same thing". But the wording of the documentation should perhaps be changed from "Match conditions" to "Match criteria" in order to reflect the UI. (or the other way around).
And "single rule" to "single criteria" ? ehh ... ??
Hmmmm ... I have now tested a Automation based on LLDP criteria for APs, and a Automation based on MAC criteria for some IP cameras.
Neither of them works 😕
The port has been configured with the correct SmartPort Automation , but the "Port-Profile" (I guess we now have to call these SmartPort profile) is never applied.
Have anyone gotten it to work ?
Or is this just me being too early, and/or too hyped and excited for this feature before anyone else ? 🙂
PS: I also tried to reboot my switch, it did not change anything. Ports are not being applied a profile
Interesting.
Whenever i set SmartPort Automation on a port (change the SmartPort Automation profile, or enable it) it actually bounces the port.
But it does still not work for me. The port stays at its original configuration.
Hmmm perhaps it actually works....... (after making some real dummy ports as default, I think I have verified this).
But it never displays that the port has been reconfigured, aka. what SmartPort Profile has been applied.
It seems to work on my accessports. - But the UI does not tell you anything.
Now testing trunk ports.
Hmmmm trunk ports behave strangely.
I created a SmartPort Profile for an AP, native vlan 1 for the AP mgmt traffic, and vlan 10 and 30 for different clients / ssids, and a SmartPort Automation with LLDP for Meraki APs.
The default config of the switch port is a dummy vlan 999 that does not exists.
The AP becomes active in VLAN 1, and I can ping it, and it is online.
That would mean that the SmartPort Automation did "something(tm)".
I have no other "automations" that use a SmartPort profile for VLAN1.
So Im guessing that it has selected the right SmartPort profile.
BUT ... all other traffic is dropped somewhere.
The real kicker, is that the mac-address table of the switch says clients are in their correct VLANs, AND (and now it gets really funny) a packetcapture on the switchport, for that AP, can actually see packets from clients ?!?!?!?
But the clients never get a reply.
When pinging a client from the firewall, I can actually see the ICMP packet from the firewall on the port as well. But no reply from the client ?!?!?!
Changing the port to a static SmartPort profile (the same one from the automation), then everything works.
huh !??!?!
So ... SmartPort Profiles Org. wide seems to work just fine. Trunk and Access.
But Automation, using the same profiles, not so much, something very strange is happening here.
Here is a pcap on that, perhaps, automated port described above.
Filtered for the client, while i try to ping it, and the client tries to reach umbrella dns.
All packets are there, but no reply in either direction.
As mentioned the default port config here is access vlan 999 that does not exists.
So since the MAC address i clearly in the switches table, and the AP is online in its proper vlan (and works), the port has been changed. But the switch seems to throw away the packets at the edge for the other vlans on that trunk ?!?!?!
I give up, this is too strange.
I know its "unfair" but I created a case.
And I just realised that you cannot create a SmartPort Profile that uses dot1x 😕
So long for global org wide dot1x Port-Profiles - I guess its a question about the Access-policy being network specific at this point in time. The org. wide SmartPort Profile does of course not "know" all the Access-policies configured on each network.
I guess org. wide Access-policy is next ? I mean, we have org. wide Radius servers, why not org. wide access-policy.
.
.
.
A few seconds later, after thinking about this. So .. when converting to SmartPort Profiles, and not being able to create a new Port-Profile on a network anymore, you loose the ability to create a network Port-Profile with an access-policy period. ... uh oh ....
Hmmm there is a workaround, but I dont know if its intentional.
So by chance, I switched networks while on the global SmartPort page, it then displayed the SmartPort Profiles for that network (network and org. wide).
When I then press create I get a "network" field on the SmartPort Profile creation pop-up thats locked to the network Im on, and there I can select the access-policy.
But ... how did I get there ? The url, when switching networks while on the org wide page switches to .... node/networkname-wireless/something/manage/switch_port_profiles ... now Im scarred.
"Is .. is that Thomas guy ok ? - he seems to speak, write, and hum .... all to himself .... a lot" 🙂
Hope this fix whatever issues 16.9 had. Nothing visible but everything worked terrible at least. Apple HomeKit to
mention one of the things. The firmware that has been the worst ever on my count
It seems like it did 🥳🥳
I'm liking these features.
I'd argue DOM should have been implemented way earlier than now but it's exciting nonetheless.
Still UDLD errors when connected to other switches (Meraki or Catalyst) with spanning tree and or aggregat. Helpdesk doesn´t know anything but today I had an phone call with an Cisco Meraki engineer and they know about this issue and working for an solution. How long it takes? I don´t know. 😒
Is this a known error on 17.x or was it also there previously ? , I think I just encountered it today 😕
No kudo for all this known issues!