Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About RichardChen1
RichardChen1
Getting noticed
Member since Mar 10, 2019
a week ago
Community Record
68
Posts
10
Kudos
1
Solution
Badges
Feb 23 2020
9:41 PM
1 Kudo
Hi @SopheakMang , Can you tell me more about your network topology with MX? Does your branch have local internet or via HQ (dplc)? In general if MX is behind a Firewall, there are outbound ports and public ips to be allowed. You can find out more from Dashboard -> Help -> Firewall info
... View more
Feb 23 2020
2:47 PM
Hi @CptnCrnch , I haven't had any handson on NPS but found this pic online, looks like custom attributes. Does this mean NPS is qualified?😀
... View more
Feb 23 2020
2:37 PM
Thank you @GIdenJoe @CptnCrnch . In order for IPSK to work, is that correct that I have to prep the below? Upload client MAC into ISE/Radius server Assign the wireless client into groups with different PSK ISE will catch the above PSK as tunnel password attribute in radius msg and check against MAC, then assign to different vlan and optionally policy?
... View more
Feb 23 2020
2:15 AM
I have read below but still not 100% how does IPSK work. https://meraki.cisco.com/blog/2019/12/the-key-for-iot/ https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication So the IPSK idea is to have a single SSID to provide different VLAN and Group Policy to different type of devices right? It is based MAB which I understand the process. However, I don't understand how Radius server/ISE assigns the Meraki Group policy to endpoint. In 802.1x Meraki doco, it uses typically airespace-id. In the IPSK doco, it mentioned Tunnel-password attribute, how does this link to different MAC and policy? Separate question: can I use windows NPS instead of ISE to achieve this feature?
... View more
Feb 20 2020
3:33 PM
"subsequent hosts must have matching VLAN information" it means the wired 802.1x info? Try use the radius authorization rule to assign the vlan id for the 2nd data domain device.
... View more
Feb 20 2020
1:40 AM
First question: are you allowing the client to access a DNS server that can resolve "testise26.nadergroup.local"? Yes I suppose. The default vlan has no group policy applied. I was wondering how to apply ACL? Second one: how does your "Walled garden" config look like? Allow ISE ip add only.
... View more
Feb 19 2020
9:30 PM
Doing a test on MS120 switch on MAB+WebAuth(Central Web Authentication with ISE) I can't find any Meraki Doco on whether it is supported or how to do it. So I followed the guide on ISE and setup the MAB + web redirection policy. However, during testing, the redirection rule is matched, but there is no redirection on the browser. Any idea? Furthermore, how does ACL/restriction applied in this case?
... View more
Feb 10 2020
7:51 PM
Client vpn was not required when we replace it. The Sophos is out of support contract and we provided internet redundancy by adding the 4G backup. I will let our Account Manager handle this for now.
... View more
Feb 10 2020
7:45 PM
Thanks @CptnCrnch Will try that on the Auvik environment. In this case, my netflow has to be on the Meraki LAN, not on the internet right?
... View more
Feb 10 2020
7:17 PM
Hi @Nash , We just replaced all Sophos FW with Meraki MX. My case would be more to do with politic than technical.😥
... View more
Feb 10 2020
4:45 PM
Hi Everyone, I understand that anyconnect ssl vpn is on the pipeline. However, I have the following statement from a Sophos MSP - can anyone share any feedback? "Meraki devices only support Layer 2 Tunnelling Protocol (L2TP), looking at the specification this isn’t secure enough to use for remote access, they are using heavily depreciated encryption methods and I strongly advise against using the L2TP option offered by the Cisco Meraki firewall. My best option for you is that we reinstate the Sophos firewall at head office as a secondary device behind the Cisco Meraki, forward the SSL VPN ports to the Sophos and allow you to access the network using this far more secure option using modern SSL encryption methods." Is L2TP not secure? My experience with Meraki VPN is that 1. it is not easy to troubleshoot on WIN environment - accessing windows and meraki logs 2. Additional work on windows to change from full to split tunnel
... View more
Feb 9 2020
2:36 PM
Hi @CptnCrnch , Could you please elaborate a bit more on netflow with live network traffic data?
... View more
Feb 7 2020
2:34 PM
I'm new to API, recently finished the Devnet Meraki Express course. I have been searching for the Dashboard API for live uplink traffic. My idea is to fetch the data every 5 mins and convert to a flow chart in xls or google sheet. (Similar to Cisco IOS SNMP poll with Solarwinds or other monitoring tool) I can't find anything on API guide https://developer.cisco.com/meraki/api/#/rest/getting-started I did find API for latency and loss.... Can anyone point me to the right direction?
... View more
Labels:
- Labels:
-
Dashboard API
Feb 6 2020
5:32 PM
Has anyone tested this with MS Team? We use deskphones that register with MS team and "Telstra" as the ITSP that provides the external calling capability. I tried above IP address with UDP (which I found from the deskphone usage portal) but none of them is pingable. Any idea?
... View more
Dec 5 2019
4:01 PM
Hi Phillip, Thanks for the update. Any idea where I can find the pricing of "D2_V2 and D2_V3"? Regards Richard
... View more
Dec 5 2019
2:45 PM
Hi Team, I'm new the vMX in Azure. My question is regarding the correct vmsize/spec for vmx to work on Azure. As per Meraki guide "vMX100 Setup Guide for Microsoft Azure", the size should be: However, our presales team has purchased this Questions: Will the above spec work for vmx? Where can I find recommendation for vmx vmsize?
... View more
Nov 12 2019
4:28 PM
Hi Rustle77, What options are you looking for?
... View more
Nov 6 2019
8:59 PM
Is it possible to enable it? My point is: how to check 4G link health if they can't be enabled?
... View more
Nov 6 2019
6:11 PM
Hi Everyone, I'm using MX67C-WW with single internet link via 4G SIM in the builtin slot. Under dashboard "Network usage" and "Historical data/latency/loss" have never worked. All showing "insufficient data to plot" Is this expected for single 4g internet? If not, how to fix it?
... View more
Sep 30 2019
11:08 PM
Hi Phillip, I was able to redistribute static route to DMVPN/EIGRP. However, I was unable to find out the option on MX to create static route destine to DMVPN subnet to the next hop. In my case the next hop is the HQ MX vpn concentrator. If I apply the next hop as the local MX GW it will not work. Any suggestion? Does this mean I need to setup BGP on HUB MX, spoke MX and DMVPN HQ router?
... View more
Sep 30 2019
1:50 PM
Hi Everyone, I have done the first part: Internet terminate on HQ MX84 with static route for MPLS subnets point back to the HQ MPLS router IP. It works perfectly. When I tried to create a nonautovpn peer and advertise one of the MPLS subnet which is part of the static route, the MX gave the error msg saying it is overlapping. My next target is to address above "Non-Meraki VPN routes are not advertised to AutoVPN peers." - need further feedback: There is not enough budget on replacing the 3rd party VPN device with MX. Here is what I proposed: - using the HQ CISCO 2901 MPLS to be the HUB of the IPSEC VPN 1. Port forward UDP 500/4500 to the HQ 2901 router LAN interface ip 2. Create traditional ipsec vpn between HQ2901 and remote peplink device 3. Create vpn ACL to route peplink subnets via ipsec vpn and vice versa Will this work?
... View more
Sep 16 2019
3:53 PM
Thanks, I have seem the documentation but still not sure about the questions I asked in the post. Does this covers all incoming/outgoing traffic? The option is to deny traffic to/from, so I block China, it mean no traffic come in and going out to China? Any option to apply on port forward allow ip by countries?
... View more
Sep 16 2019
2:30 PM
Hi Everyone, I found GEO IP filtering only appears under Layer 7 FW rules - does this mean it will apply to all inbound and outbound traffic for a specific country? IE: if I block US, does that mean I won't be able to browse to US website as well? I received a requirement to restrict countries under Port Forward "Allowed remote IPs" - is there any workaround to achieve this?
... View more
- « Previous
-
- 1
- 2
- Next »
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 7576 | Feb 10 2020 7:51 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 2682 | |
| 1 | 2957 | |
| 1 | 5006 | |
| 1 | 1956 | |
| 1 | 7773 |
© 2024 Cisco Systems, Inc.
