Meraki

cmr · ‎Jun 17 2020

I love the space around your frames, we're lucky if we can get behind most of ours and if we can, you have to get through all the cables that for whatever reason run across your path...

cmr · ‎Jun 17 2020

If you use 3 IPs, one for the virtual one that moves between the devices then you should be fine, there is minimal packet drop during this. If you use only two IPs then they don't migrate and you will have issues for what you are trying to achieve.

cmr · ‎Jun 16 2020

Welcome to the friendliest community I've found. I started coming here when we were new to Meraki and asked a lot of questions, we now have about 150 Meraki devices of several types and love the ease of accessing the assorted features it provides. If you have any issues or aren't sure about something, just create a post and you will surely be steered in the right direction 🙂

cmr · ‎Jun 16 2020

I think you drop the R, so LIC-MX84-SDW-1Y

cmr · ‎Jun 16 2020

12.17 is out now but the only listed fix is for the MS390 series: Bug fixes MS390 DHCP server may stop working after DHCP fixed assignment or custom option configurations

cmr · ‎Jun 15 2020

I think the diagram is very confusing with the voice VLAN appearing to go to what I assume are the MXs and then not really anywhere. You have Azure on a LAN interface on the Palo Altos and a WAN interface for unknown traffic. As @PhilipDAth said, what are you trying to achieve, why do you want the MXs, is it just for the voice traffic, and if so goes much voice traffic do you have that requires dedicated MX hardware? We use Cisco ISRs for SIP trunk termination as they have hardware resources for transcoding etc.

cmr · ‎Jun 14 2020

Hi @Mohammad Unfortunately not, all MXs (apart from vMX) have to be of the same license type. Also there are now three types for physical MXs; Enterprise, Advanced Security, and Secure SD-WAN Plus.

cmr · ‎Jun 14 2020

Yes it can be in the same organisation and it would have it's own network. Each network can only have one MX config (including one HA pair).

cmr · ‎Jun 14 2020

It is more like an enterprise license. A VMX is designed to allow an Azure or AWS network of servers connect to a Meraki SD-WAN that includes your existing sites and clients. It isn't designed for end user protection as you wouldn't usually have clients behind it (perhaps cloud VDIs, but that would be the only case I can think of).

cmr · ‎Jun 14 2020

I'm pretty sure that none of the MRs have IDS. MRs are intelligent wireless access points with some security features, mainly based around content access control. i.e. controlling what the wireless clients of them can access. MXs are firewalls and with the advanced or better licensing they include many of the features you are referring to including intrusion detection. A 'full stack' Meraki deployment would have MRs providing wireless access, MSs to connect them up, power them and allow wired device access and MXs to protect the solution from the outside world. MXs can of course also control outbound traffic. MSs do have security features to control what devices are able to use each port and how their traffic is routed and controlled.

cmr · ‎Jun 13 2020

I don't see the issue, if you have two HA pairs that can't be in series, then what you have is what you need. We've had a similar setup for years and never had any issues, it just works. For those that need to know, we have HA pairs from two different vendors and run VPNs from both, traditionally one with the site to site and the other with the primary client VPN. We did briefly have three HA pairs in parallel, but that was just too much 🤣

cmr · ‎Jun 11 2020

Well, this evening I upgraded a stack of three MS210s that have L3 routing for about 10 VLANs. After going from 12.12 to 12.16, only 2-3 of the VLANs routed outside of the switch stack through the MX HA pair and over the AutoVPN to other sites. All nodes could be pinged from the dashboard but not from beyond. The APs also reported DNS and other errors, showing 50% orange. I left it for a couple of hours to see if it sorted itself out, rebooted the MXs and in the end downgraded to 12.12. Everything sprang back to life, so be careful with 12.16, on L3 210 stacks anyway, might well work with L2 or non stacked L3. Now where did I put that saw and plane?

cmr · ‎Jun 10 2020

I thought @Billy254 was referring to physical security, like a server or corporate PC has, which I don't believe the MR30H has.

cmr · ‎Jun 8 2020

@Johnfnadez can you please share the same screenshot of port 49 of the other MS?

cmr · ‎Jun 7 2020

It looks like the laptop keeps getting booted off and reconnecting, the client history tab looks like this: I tried 20MHz and 80MHz channels, no band steering, 2.4GHz only, 5GHz only, 802.11ax disabled, all behave the same, except 2.4GHz only where the AP no longer broadcasts SSIDs at all, so I've logged a support ticket...

cmr · ‎Jun 7 2020

I'm inclined to agree, I guess they are still on sale as they have unsold inventory. Oddly 26.8 stopped working with Android phones and going back to 27.1 seems to have fixed it... 🤔

cmr · ‎Jun 6 2020

@Dudleydogg 🤣 I wish I could give you more than one kudos for that!

cmr · ‎Jun 6 2020

According to this post they needed a reduced MTU and you can get support to reduce it on the MX VPN https://www.reddit.com/r/networking/comments/9aob1n/slow_ipsec_vpn_over_spectrumcharter/ Another suggested a non-Motorola cable modem was the culprit

cmr · ‎Jun 5 2020

A busy day, as another poster noticed, switches on 11.31 are being pushed to 12.14 in 3 weeks or so as it is now a stable release candidate. However 12.16 has been released and below is a combined fix list for 12.15.and 12.16, I think we might want to go straight to 12.16! 12.16 Bug fixes Filtered multicast streams cannot forward on LAG interface on MS120/125 series switches 12.15 Bug fixes MS390 LAG configuration can fail when selecting module ports and module is not installed Device local status page missing details about LAN IPv6 uplink Cable test results on MS210/225/250 series switches inconsistent on 100mbps links Routing to a particular next-hop can fail under specific conditions for non-MS390 switch stacks

cmr · ‎Jun 4 2020

@Nick no config, use unmanaged switches, we use 5 port models with MX WAN ports occupying two and ISP drop cable in the third. Two spare ports to use for diagnostics. As for the MS-120 I'd have it all on one VLAN and it can reach the Meraki cloud by going though port 9 on the MXs and then out to the internet. When dealing with outside/DMZ I always like to keep it simple as when it matters, it won't be you there, it will be someone like a security guard on the end of a phone who may not understand the complexities of the setup.

cmr · ‎Jun 4 2020

Personally I would ditch the MS120 on the ISP side and get a pair of unmanaged L2 switches, Cisco do some small ones that have been reliable for us. As for the DMZ, I'd use another separate switch for that, or if only the one host, directly cable both port 9s to the webserver. You could use the MS120 for that role Sorry, forgot to explain my reasoning, which is that is the MS120 goes down you lose everything. The purpose of two ISPs is normally to increase availability and by putting them both in one switch you have largely negated that benefit. Secondly having outside and DMZ on the same switch is not 'clean' and could easily lead to the wrong port being used for the wrong connection.

cmr · ‎Jun 3 2020

Interestingly on an MR36 it performs just fine...: Sam laptop with same drivers, hmm

cmr · ‎Jun 2 2020

@johnnyngena Z3 replaced Z1 and from your comment you are looking at home users rather than multiple corporate sites which is where my test plan came from. If you can elaborate on what exactly you want the SD-WAN to do, we can give you something more meaningful. Stay safe, Charles

cmr · ‎Jun 2 2020

The smartphone doesn't know about AD and vice-versa unless you have set it up. We use separate SSIDs for AD devices Vs employee/customer non-AD (usually smartphone) devices.

cmr · ‎Jun 2 2020

Ours was pretty simple Does it connect Does it load balance between two WAN links Does it failover gracefully, one WAN to the other Does it fail back Does it failover gracefully, HA, primary to spare Does it fail back Can you dynamically route traffic by metrics; latency, jitter etc. Can you upgrade in service Can you provision entirely offline Does it route at or near wire speed

About cmr

cmr

Community Record

Badges