Community Record
1013
Posts
529
Kudos
33
Solutions
Badges
Feb 15 2018
6:48 AM
@rarodrigo by trunk port do you mean the uplink? Typically this port will show up in the dashboard with an up arrow.
... View more
Feb 14 2018
12:44 PM
@DunJer622 can you include a screenshot? WAN Static IPs can be configured from the local status page.
... View more
Feb 14 2018
12:41 PM
1 Kudo
Totally not trying to schmooze the thread owner but this was by far my favorite thread in the forums. I learned a ton about other users configurations and best practices. Truly a checklist of important items.
... View more
Feb 14 2018
12:01 PM
2 Kudos
If you want to be able to get to its local status page remotely then you need to go to Security Appliance>Firewall and add your IP to the 'Web (local status & configuration)' section. Also go to Network Wide>General and check the 'Remote device status pages' setting and make sure it is set to 'Remote devices status pages enabled.'
... View more
Feb 14 2018
7:45 AM
2 Kudos
In our workshops, open with high ceilings but a lot of metal etc... we place them about 75' apart. We typically mount them around 15' off the ground facing down depending on what options there are from the ceiling.
... View more
Feb 13 2018
2:46 PM
If the traffic is NAT'd to your SMTP server couldn't you do the monitoring on that server? Alternatively you could mirror the port going to/from your mail server to whatever monitoring platform you wanted to use.
... View more
Feb 13 2018
8:05 AM
By AD Authentication do you mean 802.1x Radius? If so then it does look like you could have that selected for Network Access section and the spash 'Click-Through' is served by the Meraki servers so no certificate needed.
... View more
Feb 13 2018
6:24 AM
You can't 1:1 NAT anything that needs connectivity to the provider address space?
... View more
Feb 12 2018
10:17 AM
@Dash you can create the same vlan/subnet at each site as long as it isn't part of the VPN tunnel so you don't get routing issues between sites. Regarding point 3, I haven't found a way to accomplish that. I contacted Meraki support and they didn't have a solution so I just made two public vlans. Secure public and regular public. The secure public is the public only subnet/vlan where I'd failover my 802.1x devices and devices that would otherwise be secure. The regular public subnet is for devices that are not otherwise secure and just need internet. Crude solution but I haven't come up with a better one in the meantime. @PhilipDAth any ideas for this?
... View more
Feb 9 2018
2:53 PM
1 Kudo
Will each MX have its own internet connection? If so then you could safely use the same subnet on all of the MX's and just have it route out the internet. A few things to keep in mind. 1. If your MXs are VPN'd together then make sure to not include the guest subnets in the VPN 2. If you make a guest vlan/subnet on the MX it will automatically be routable to/from your production network so you'll need to go to Security Appliance>Firewall to create a rule to prevent the guest vlan/subnet from being able to talk to your other vlan/subnets. 3. Any device on the guest subnet will be able to see/ping any other device on the guest subnet unlike the way the wireless Meraki guest subnet works with segregating each client.
... View more
Feb 9 2018
2:45 PM
1 Kudo
In my experience the throughput has always just been the down speed. No indication of upload speed. But I stopped using that test in lieu of running http://www.speedtest.net/ from a client machine since I typically need to know the circuits upload capabilities as well. Also if you have two WAN connections that tool doesn't give you the ability to select which one you want to test the throughput on. So it'll likely just use whichever you have specified as the primary uplink. The last section in the article @PhilipDAth linked above provides some interesting clarification. https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Throughput_test_to_the_Web_from_Cisco_Meraki_devices#Comparing_to_Similar_Throughput_Tests
... View more
Feb 9 2018
7:09 AM
1 Kudo
Usually multimode cables are orange. But that would be something good to confirm or compare with the old configuration. I learned this the hard way when I spent an hour troubleshooting fiber one day only to realize I was using a single mode cable instead of multimode. Once I switched to the multimode cable I was fine. But that entirely depends on if the upstream fiber is single or multi etc. Also looks like your SFP is single mode. Was that SFP and cable working on the old setup or is this a new setup?
... View more
Feb 9 2018
6:55 AM
1 Kudo
The SFP should be a constant. No configurations needed aside from your port config which you did as trunk. Your jumper is yellow so usually that is an indication that it is single mode not multi mode. But its most important that the fiber cable (jumper) matches the rest of the fiber run to its destination. Whether that be single mode or multi mode. Did the fiber work before on the old Cisco switch or is this a new configuration you are working on?
... View more
Feb 9 2018
6:53 AM
1 Kudo
I agree with @Markus comment. The NPS config on each server will be important to review. There are a lot of moving parts to make sure NPS is configured properly on both the server and also on the clients (GPO). Shared secret, Policy Conditions/Constraints, etc...
... View more
Feb 9 2018
6:42 AM
1 Kudo
If I run that same test from the Meraki dashboard it fails but my radius is working fine with NPS. I think I called Meraki about that a long time ago but I can't remember what they said about the reliability of that test. So you may want to try connecting an actual client to your SSID to test.
... View more
Feb 9 2018
6:37 AM
2 Kudos
In my experience it was usually an issue with me not understanding the fiber and getting the wrong jumper. Single mode vs multi mode etc or having the pair flipped on one side or the other.
... View more
Feb 7 2018
7:48 AM
I see you marked the thread as solved. Were you able to find a solution or just moving on to support?
... View more
Feb 7 2018
7:34 AM
1 Kudo
Well I just downloaded a CSR from my dashboard and it appears to look the same as yours. So your next step may be support to make sure there isn't an issue with the CSR export.
... View more
Feb 7 2018
6:57 AM
Error would seem to indicate an issue with the CSR. Are you the copy of the CSR you downloaded from the Meraki dashboard isn't corrupt? Maybe after you've downloaded the CSR try opening it in notepad. The content of the file should look something like this with different hash information in the middle. -----BEGIN CERTIFICATE REQUEST----- MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl 4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D 6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn -----END CERTIFICATE REQUEST-----
... View more
Feb 6 2018
3:00 PM
2 Kudos
That article isn't bad. Basically I did the following when I went through this. 1. Plugin the MX to an internet connection so it can check-in and be managed 2. Add it to the same network as the existing MX84 that you are going to replace. It'll add as a spare and get the same config as the current MX84 3. Configure the new MX84 with any WAN interface static IPs. Those won't migrate over automatically. Anything you configure on the MX local config page won't migrate over automatically. 4. Rack the MX84 directly above below your current MX84 if possible 5. Once ready move cables port by port from the old MX84 to the new one (this will result in interruption but it should be minimal < 60 seconds).
... View more
Feb 6 2018
2:54 PM
4 Kudos
It may be that your account doesn't have full administrator permissions. You should have an 'Organization' option on the left like this. To clarify, I believe your account needs 'Organization' permissions to be able to delete Administrators. Otherwise you were just likely setup as an Admin of your network which won't give you Organizational powers like add/remove admins.
... View more
Feb 6 2018
1:36 PM
3 Kudos
Try going to Organization>Administrators to remove them. Looks like you may have been in Network Wide>Users
... View more
Feb 5 2018
3:01 PM
10 Kudos
Learned something interesting from support about flow preferences today. If you are using dual connections for your MX and you setup an internet traffic flow preference it doesn't include ICMP traffic. Even if you have the protocol set to 'Any'. ICMP will always go out whatever you have designated as the 'Primary Uplink'. Caused me a little grief today while troubleshooting so hopefully it can save you a little time.
... View more
My Accepted Solutions
Subject | Views | Posted |
---|---|---|
4427 | Sep 27 2018 8:08 AM | |
8824 | Sep 26 2018 9:27 AM | |
2700 | Sep 25 2018 6:58 AM | |
21982 | Sep 20 2018 8:05 AM | |
2787 | Sep 10 2018 12:21 PM | |
3203 | Aug 30 2018 6:29 AM | |
7564 | Aug 17 2018 11:08 AM | |
2479 | Aug 13 2018 6:47 AM | |
6138 | Aug 12 2018 5:53 PM | |
16845 | Jul 12 2018 11:19 AM |
My Top Kudoed Posts
Subject | Kudos | Views |
---|---|---|
11 | 19013 | |
10 | 3676 | |
8 | 36482 | |
6 | 7612 | |
5 | 2787 |