Community Record
2290
Posts
2254
Kudos
207
Solutions
Badges
Jan 24 2019
8:37 AM
1 Kudo
We were having a discussion yesterday about this in another topic. I suppose one of the ports is connected to a switch and the other to the printer? We're not sure it's supported without having support change some settings. But it might be. Can you check the following setting in Network/General, if it's set to Have no access, change it and have them appear connected to the SSID of your choice: See here for the other discussion: https://community.meraki.com/t5/Wireless-LAN/MR52-and-MR53-ports/td-p/36123/jump-to/first-unread-message
... View more
Jan 24 2019
4:43 AM
Thanks for the feedback. I wonder if it works without the port profiles feature though. In other words, if you're okay with having one global setting that determines what happens when you wire up a client to an AP. The way I see it the port profiles feature allows extra configuration, i.e. specifying VLAN per port per AP. From that link it's also mentioned that the global setting would be ignored for the MR52, MR53 and MR84 once that's enabled.
... View more
Jan 23 2019
11:38 AM
2 Kudos
Thank you very much for answering! Indeed, a firewall rule that referred to that subnet, did not exist in the MX. When the rule or policy is erased, changes are being made normally on the platform. With respect to the subnet addresses and their reservation, I will have to create new ranges to correct the ones I had to erase. Greetings and a thousand thanks again!
... View more
Jan 23 2019
10:10 AM
2 Kudos
Thank you very much to all for the information and the tips sent, analyzing in depth I chose to place in the option of Block/white URL's of the policy: APPEND. With this when the client requests a massive change I use an API that adds the URL (block / white) in the general content filtering and with this applies to the group policy that has been created in each Meraki. Of course in this time I have to enter one by one on each device to add the config however for the future it will no longer be necessary.
... View more
Jan 23 2019
9:59 AM
No but you can get the last seen time (epoch/unix time) from the client details: GET Return the client associated with the given identifier {{baseUrl}}/networks/{{networkId}}/clients/{{clientMac}} {
"id": "k1af98e",
"mac": "8c:85:90:aa:aa:aa",
"ip": "192.168.0.113",
"ip6": "",
"description": "Miles-MacBook-Pro",
"firstSeen": 1520683433,
"lastSeen": 1527370304,
"manufacturer": "Apple",
"os": "Mac OS X 10.13",
"user": null,
"vlan": "1",
"ssid": "viaPostman",
"wirelessCapabilities": "802.11ac - 2.4 and 5 GHz",
"smInstalled": false,
"recentDeviceMac": "88:15:44:bb:bb:bb",
"clientVpnConnections": null,
"lldp": null,
"cdp": null
}
... View more
Jan 23 2019
5:55 AM
For situations like this, where a vendor needs remote access to their equipment, we would typically require that they have their own internet connection and firewall. If that isn't possible or feasible, we would isolate all of their equipment in a separate zone from ours and create firewall rules to allow communication between zones as needed. Other times we would piggy-back onto a client network but we always had an isolated L2 VLAN. YMMV but I think as it stands, you're kind of stuck without rearranging the network.
... View more
@MOT Don´t worry, this has happened to me too. Kudos to @BrechtSchamp for being fastest.
... View more
Jan 23 2019
3:36 AM
1 Kudo
I did not yet know about the well-behaved part of the FW. But looking at it it makes a lot of sense in terms of economizing ports. Thanks for your endurance in answering my questions. Mat
... View more
Jan 23 2019
2:09 AM
I don't know for certain. I believe that when the user logins their MAC address becomes "authorised" on the Meraki side. That MAC address authorisation will remain in affect for the configured period. The ongoing authorisation has nothing fuether to do with AD until it expires.
... View more
Jan 22 2019
3:10 PM
Hmm, that is interesting. I was just looking at a clients MX, and they have manual port forward configured and have dual WAN circuits. We are using SD-WAN - and the WAN ports are running AutoVPN active/active - and it is working. One thing of note though is that their WAN2 has a public IP directly on it - so no NAT is required for AutoVPN to WAN2.
... View more
Jan 22 2019
11:45 AM
If it was me, I would just expand your pool of IP address space for the devices that are attaching. Note that you do expose yourself to a possible DHCP exhaustion attack using the approach you are using (and you are in a school ...). With a DHCP exhaustion attach you can download existing attack tools, and all they do is send DHCP requests using different MAC addresses until the DHCP server has no IP address space left to give out to real clients. The second approach I would use is to just use a NAT mode SSID. With 16 million IP addresses it makes a DHCP starvation attack improbable. With the hashing method that Meraki uses with a NAT mode SSID to generate DHCP client addresses - it is probably impossible.
... View more
Jan 22 2019
11:40 AM
3 Kudos
@Dan that will work fine. When the Z3's talk out to wherever your VPN concentrator is they will punch unique ports in the NAT of the ISP router. These unique ports will be used to send traffic from the VPN concentrator to each unique Z3. This document describes how it works. https://documentation.meraki.com/MX/Site-to-site_VPN/Automatic_NAT_Traversal_for_IPsec_Tunneling_between_Cisco_Meraki_Peers#How_does_Automatic_NAT_Traversal_Work.3F
... View more
Jan 22 2019
9:26 AM
Having to do it for every shard makes sense. Propagation can be fussy. I hope you all get it resolved soon - if it's frustrating for me, it must be worse for the support staff at Meraki who are trying to fix.
... View more
Jan 22 2019
1:24 AM
Thanks for the replies all and I've noted your ideas. It seems however I'm stuck with this solution of having to use the cisco routers as I guess LISP is not supported in Meraki and my goal here is to remove the cisco and only use the Meraki L3 switches. regards Paul.
... View more
Jan 21 2019
1:44 PM
Thanks for sharing! Haven't tested it, but it's good to know it's here if I ever need it.
... View more
Jan 21 2019
12:55 AM
Thanks a lot for everyone's kind reply.
... View more
Jan 18 2019
9:06 AM
Sounds like a bug, I'd contact with Meraki Support.
... View more
Jan 18 2019
8:15 AM
thanks for your help that removing from spare status would have really thrown me it is all good now 🙂
... View more
Jan 17 2019
3:46 AM
Just a quick update as I'm only on site once a week, I tried changing the DNS server address to Google's and OpenDNS, once I closed and reopened the browser the group policy setup on the MX65 worked as it should do :). Is there any reason why my ISP DNS would be causing the issue? I'm going to contact them but was wondering if anyone had any thoughts on why changing the DNS address to OpenDNS would be a bad move? Thanks, Stu
... View more
Jan 16 2019
6:52 PM
1 Kudo
Hi. I figured out the problem incase this happen again to someone else or another case. The problem was not on the Meraki's. The issue was actually on the Cisco 9500 Core Switch. Someone must have turned off the DHCP service for some reason. After enabling back on, DHCP across VLANs now work. So this look to be resolved as of now. Thank you all again for your time with this!
... View more
Jan 16 2019
1:57 PM
My original assumption was faulty. I assumed that I would be able to block everything except for Zscaler traffic. This did not work. Even though the traffic is bound for Zscaler, it still gets blocked by the MX. The Meraki firewall must still see the url and blocks it. I think that BrechtSchamp is right. I would have to block traffic at the L3 firewall for this to work. Thanks for the help.
... View more
Jan 16 2019
8:08 AM
Bingo... I have Read Only permission, indeed. I though that simple GET request would have been allowed, at least. Thanks
... View more
My Accepted Solutions
Subject | Views | Posted |
---|---|---|
3044 | Aug 28 2020 5:51 AM | |
2688 | Jun 17 2020 4:24 AM | |
12172 | Jun 16 2020 3:34 AM | |
4540 | Jun 15 2020 3:00 AM | |
2649 | May 28 2020 9:08 AM | |
3281 | May 28 2020 8:57 AM | |
4011 | Apr 29 2020 6:42 AM | |
3868 | Apr 10 2020 6:26 AM | |
4183 | Apr 9 2020 8:19 AM | |
10635 | Apr 1 2020 6:32 AM |
My Top Kudoed Posts
Subject | Kudos | Views |
---|---|---|
32 | 36413 | |
29 | 159982 | |
27 | 59425 | |
12 | 30959 | |
12 | 13286 |