Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About Twitch
Twitch
Building a reputation
Member since Jan 6, 2019
11 hours ago
Community Record
153
Posts
76
Kudos
0
Solutions
Badges
01-23-2021
04:57 PM
1 Kudo
@cmr Aha! I see. So basically, I can conceptualize VPLS as a bunch of routers plugged in to a single central switch, with all of the routers having an IP in the same subnet, all sharing the same VLAN ID? That ain't so bad, then, is it? Great call on spacing the IPs out. We currently have one MX at each site, and I am pushing hard to get rid of that single point of failure, especially here at the DC. The network is a work in progress. I really, really appreciate the help and advice. Thanks!! Twitch
... View more
01-23-2021
05:37 AM
Thanks @Bruce @cmr. Would it be correct to say, then, at least from a high-level view, that I can assign each site a new private IP range assigned to the MX as the VPLS interface, place that interface in its own VLAN, route the private range with OSPF, and as long as each site knows a route to the internal networks located at each site, the VPLS will simply pass the traffic inter-site, much like frame relay did "back in the day?" We don't want to change the IP range assigned to the internal networks, hence my desire to add another subnet just for the VPLS and rely on INTER-VLAN routing to pass the traffic. The remote sites will come through our office for Internet access, which is a 1 Gbps link. The VPLS links right now will be 100 Mbps to start with. At our office, I can either extend the demarc directly to our MX100, using one of the LAN ports (port 8, for example), bypassing the switches, or I can connect to a switch first, then connect from the switch to the MX. Are there advantages for one over the other? I'd prefer to go straight to the MX. The WAN port on our MX will stay as it is because it's our (and the remote sites once the VPLS is in running) Internet connection, hence my desire to use an MX LAN port. At the remote sites, based on what you guys have said, I can use the WAN port to connect the VPLS since all of their traffic will come back through our office anyway. Does that setup make sense? I have a clearer picture in my head now. At least I think I do... Thanks again! Twitch
... View more
01-22-2021
02:04 PM
Hey gang - my company ordered a VPLS circuit a while back and two of our site's circuits are completed and ready for us to connect to our network. The challenge is that I can't find any information about how to configure VPLS from a customer perspective - everything I find is related to service provider edge and within the service provider network configuration. I can't find anything from our (end-user, if you will) perspective. I called tech support for our VPLS provider and that was zero help - they basically told us to hire a consultant. I myself do not have any experience configuring MPLS or VPLS, both technologies have not crossed paths with me during my career, but I don't want to look like a total incompetent who is unable to get this circuit working. So, can anyone point me to a Meraki configuration guide or document that could help me bring this circuit to an up/up state? It is my understanding that VPLS is a layer 2 technology, so, from the demarc device I would assume that I would connect from the user (hand-off) port to a switchport on one of my MDF switches. Is this assumption correct? If so, is there any configuration required on the switchport, considering that VPLS is MAC based and learns the network paths via MAC addresses, if I am understanding that correctly. (I do know that if I plug a Cat 6 cable into the demarc device and one of my switches the connection comes up, but what's required behind the scenes remains a mystery...) Are IP addresses required? If so, I'm going to assume I need to tie the MX into this configuration. (But, if it's a layer 2 technology, why are IP addresses required?) All this new-fangled technology... I'm hoping that someone will have the Magic VPLS Configuration Guide out there, or some great advice to help an old guy out. I sure would appreciate it. Thanks!! Twitch
... View more
01-22-2021
09:22 AM
Well lookie there. I just learned something. Thanks for the documentation link. That page is very helpful. 👍
... View more
01-22-2021
09:03 AM
You wouldn't think welding machines would need to be connected, but they are! At least here. Lincoln Electric has a program that allows us to track the usage and performance statistics. I work for a major structural steel fabricator (we build the giant erector set pieces that are used to build skyscrapers). The data that is collected is invaluable to improving production. Truly a segment of the Internet of Things.
... View more
01-22-2021
08:47 AM
I'm with you on this one @Dustin_Hollis. We use network tags exactly as you are describing - to control the broadcasting of a specific SSID for our wireless bridge APs that connect the shop Lincoln Electric welders to the network. The tag allows the wireless bridge APs (MR30Hs) to broadcast the BRIDGE SSID while ignoring our other production SSIDs. This allows us to get the welders on the network without having to run cables to them, and also prevents nearby wireless clients from connecting to the MR30Hs that we want to use exclusively for the welders. I don't see the answer listed anywhere officially yet, but I'm with you that number 2 is correct.
... View more
01-19-2021
12:49 PM
1 Kudo
I'll take @BlakeRichardson 's water bottle if he doesn't want it. 😀 Survey submitted.
... View more
12-21-2020
09:09 AM
Thanks @cmr. Considering that our Internet edge is effectively moving to our Virginia location, would it even be necessary for us to maintain MXs at each of our remote locations, or could we just run switches alone there? I'm still not clear about how the VPLS service will terminate into our equipment with regard to port type - will it need an Internet port (in which case we would need to keep our MXs), or can it terminate into a standard switch port since VPLS is Layer 2 aware and does not use Layer 3? That is, if I'm understanding it correctly... If I'm able to reclaim those MXs from the remote sites, then I can implement MX failover at other sites since I will have gained redundant MXs.
... View more
12-21-2020
08:38 AM
Thanks everyone for the replies. I have a question regarding the single IP address - we have multiple locations in several states that will be connected to the VPLS service. Traffic from the remote sites will be traveling through our main location in Virginia to reach the Internet. Is it safe to assume that our public IP at our main office will become the IP of all Meraki devices as it relates to the Meraki cloud? I have zero experience with MPLS and VPLS, so I am playing a game of catch-up in terms of understanding the technology and what needs to be done on our end to make this transition to VPLS go smoothly, so I appreciate your advice very much. Thanks, guys. Have a great day. Twitch
... View more
12-17-2020
07:34 AM
Hello to the Crew - I have a question regarding implementing VPLS with Meraki devices. I have very limited knowledge of VPLS, and materials seem to be sparse, though I am finding some on the Cisco sites, but articles specific to Meraki implementation are few and far between. We are transitioning our connectivity between remote sites to VPLS in the very near future. Our current environment runs an MX at each site along with MS switches. My understanding is VPLS is a layer 2 technology that utilizes MAC address translation to determine network paths, basically a layer 2 WAN if I am understanding it correctly. What typically is done Meraki-wise to configure the VPLS interface? Is there any specific configuration, port settings, etc., that are required? I do not yet have specifics from our VPLS service provider. I'm just trying to get ahead of the curve, so to speak. If anyone has info, or links to material, I would be grateful. Thanks! Twitch
... View more
12-14-2020
07:59 AM
Hey Darren - that's crazy, but par for the course. Folks just don't think about the environmental conditions when it comes to technical equipment. You can talk until you're blue in the face about it, but the negative impact never reaches the gray matter on the receiving end. By the time they finally realize the extent of the problem, it's too late. Thanks for the suggestion. I think that's exactly what I'm looking for. Cheers!
... View more
12-14-2020
07:30 AM
Hello to the crew. I was wondering if anyone can offer a recommendation for a plug to use in empty SFP ports to keep steel dust out of them? I work for a structural steel fabricator and our switches in the shop live a rough life despite our efforts to the contrary. I would like to close the empty fiber ports to protect them from the elements. The pic below shows how the steel dust builds-up around the ports, and it infiltrates every nook and cranny of every piece of technology we use in the shop. Sometimes I feel like this is the place where technology comes to die - it's just not tech-friendly. Even the racks with fans and filters are not able to keep the dust out of the switches. Any suggestions? I don't suppose there is an official Meraki plug available that is the exact dimensions? Thanks! Twitch
... View more
10-07-2020
12:13 PM
Thanks - it makes sense now. I was able to configure a tag that broadcasts production SSIDs and a tag that only broadcasts the bridge SSID. Traffic is now limited to the welders on the bridge. The Meraki interface throws me for a loop sometimes. I am an old school command line guy, and sometimes things don't "click" in my brain with the GUI interface. Well, the GUI is one thing, old age is another. They both gang-up on me on a daily basis. 😁 I appreciate your help! Twitch
... View more
10-07-2020
11:13 AM
Hey Karstenl - I used that option to only broadcast the bridge SSID on the AP that is going to use it. Looking at the options on the SSID Availability page, I do not see an option for This SSID is Disabled on Some APs, which is what I'm looking for. I will have to submit that to Make a Wish. It would just be easier to configure the few bridge APs to only use the bridge SSID instead of having to create tags and individually configure each AP in our environment across all locations. Perhaps it's just me, but it would seem that having the functionality to choose the SSIDs an AP should broadcast via the simple use of an SSID list with checkboxes next to each configured SSID would be the simple way to go. That way, when a new AP is being configured, you just choose the SSIDs you want to use for that AP, click Save, and it's done. Thanks for your reply! Twitch
... View more
10-06-2020
02:22 PM
Hello to the Crew - I have a wireless bridge question. I just installed an MR30H to provide a wireless bridge connection for two Lincoln Electric welders on our shop floor. The bridge is working perfectly. The two welders are connected to ports 1 and 2 of the 4-port switch, and I have two-way communication with the welders across the bridge from a nearby AP attached to the local LAN. I only want these two welders to talk across the bridge, but the bridge has also begun picking-up traffic from surrounding wireless devices talking on our other SSIDs. My question is this: Is there a way to only allow traffic from ports 1 and 2 and block all wireless access via the bridge AP from surrounding wireless devices? In other words, I want the radio active to talk to the nearby wireless gateway, but not to any other clients. The welders should be the only devices talking to the gateway. I cannot find a way to remove the non-bridge SSIDs from the config of the MR30H so that the only SSID talking is the bridge SSID. My apologies in advance if that is clear as mud. It's been a long day. I'm tired. I cannot claim to be thinking straight at this point, and caffeine is not helping. Thanks. Twitch
... View more
09-18-2020
06:25 AM
Morning everyone. I have a question for the crew: We are currently fighting a CryptoMining malware attack on one of our servers. In the process of fighting it and adding rules to the firewall to block IPs/ports, I noticed that on the Threat Protection page there is a series of Whitelisted Rules under Intrusion Detection and Prevention. I did not configure this MX, but I am responsible for it now due to a former co-worker's termination. I am trying to determine why these rules are whitelisted and what that means in terms of analyzing traffic. To me, when an item is whitelisted, that generally means it is allowed to come through, but based on the names of these rules, it appears that the traffic should be blocked instead. Here are some rule names: - Exploit-Kit Magnitude exploit kit embedded redirection attempt - Server-Webapp DrayTek Multiple command injection attempt - Server-Webapp Zeroshell Linux Router command injection attempt Will traffic related to these whitelisted rules bypass security, or do these rules serve some other purpose? The documentation I read didn't really provide much of an explanation of behavior. Should I leave this rules, or delete them? My concern is they were added by two former employees who are no longer with the company. Thanks for any help you can offer. Twitch
... View more
08-21-2020
09:45 AM
Hello all - I am continuously getting email notifications "There was a VPN connectivity change..." in our MX100. These emails indicate that the connected went down, followed by another email usually less than a minute later saying that the connection has come back up. When this happens, I do not get any reports from remote users that they are being kicked-off or losing connectivity. From their perspective the VPNs appear to be stable. I noticed in the Dashboard that I can turn these alerts on or off, but I cannot adjust the threshold for reporting that a VPN connection has gone down. I would like to continue receiving these alerts in case a connection actually does stop working, but at this point it's almost like the Boy Who Cried Wolf. Between 12:48 AM and 12:43 PM today I have received 32 separate emails reporting a VPN "problem." Has anyone else experienced this? If so, were you able to find a resolution? Could it possibly be a configuration issue with the VPNs? Is there a way to adjust the reporting threshold? I realize that it could also possibly be an issue with our WAN service providers as well between our corporate office and the remote sites. Thanks much! Jim
... View more
01-24-2020
07:27 AM
@MerakiDave - I don't have any Meraki swag yet, so starting with a comfy pair of 100% Cloud socks would be awesome! If you still have a pair, let me know. Thanks!! Twitch
... View more
01-24-2020
07:07 AM
2 Kudos
JD, you always give great answers. Thank you so much for putting all of that together. I really appreciate it.
... View more
01-24-2020
06:54 AM
1 Kudo
Don't need the demo. We have a large Meraki production environment that runs all of our plants across several states. Thanks for the responses, folks! I appreciate it.
... View more
01-23-2020
05:42 AM
1 Kudo
I'm curious - has anyone actually been able to attend the ECMS2 training? I have never heard a single reply to my multitude of requests for a seat since the training was announced. While the course is free I have a much better chance of justifying the trip to my company. Once Cisco puts the typical $2,000+ price tag on the course my opportunity to attend disappears like a fart in the wind. I have even had our sales rep who sold us our shiny new Meraki infrastructure get in-touch with his contacts at Meraki, and still nothing but crickets. Does the training actually exist, or is it a unicorn at this point, only available to a privileged lucky few? Thanks! Twitch
... View more
01-23-2020
05:29 AM
Good morning! Does anyone know if the ECMS2 training and certification is going to be offered at Cisco Live in Vegas this year? I have been scouring the Cisco Live website to try and find some info but haven't seen anything. I'm trying to sell the Vegas trip to my boss, and Meraki training would help a great deal in my quest. Thanks! Twitch
... View more
10-04-2019
09:03 AM
Has any progress been made with being able to sign-up for the ECMS 2 course? I requested a class back when it was first announced and I have not heard a thing since. Is a more formal process in place now besides "email and wait?" Our sales guy has even reached-out to some folks at Meraki on my behalf, but nothing has ever been heard in response. Thanks!
... View more
03-18-2019
09:13 AM
Has anyone heard a response from a member of the sales team about being able to get a seat for ECMS2? I contacted them two weeks ago but so far no response. Maybe building an actual course registration page would be a better option? Thanks! Twitch
... View more
03-05-2019
09:34 AM
1 Kudo
@EliseK @jdsilva Thanks guys! We don't have an account team that I'm aware of. Our Meraki gear was purchased through a Cisco reseller who handled everything for us in terms of the order, etc. I guess that is where I'm confused - we don't technically have a "team" at Meraki to directly contact. Can you send me some contact info for someone on the account team that I can forward my request to? I truly appreciate your help!
... View more
- « Previous
- Next »
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 7 | 1156 | |
| 7 | 30870 | |
| 5 | 593 | |
| 3 | 5509 | |
| 3 | 15162 |
