The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About PhilipDAth
PhilipDAth

PhilipDAth

Kind of a big deal

Member since Aug 26, 2017

Thursday

Philip D'Ath

Auckland, New Zealand

http://www.ifm.net.nz/

Groups
  • API Early Access Group

    API Early Access Group

    598
View All
Kudos from
User Count
Isha_Sharma
Isha_Sharma
1
JonathanFourie
JonathanFourie
2
DarrenOC
DarrenOC
300
GFrazier
GFrazier
5
ww
Kind of a big deal ww
105
View All
Kudos given to
User Count
Ryan_Miles
Meraki Employee Ryan_Miles
493
cmr
Kind of a big deal cmr
716
UKDanJones
UKDanJones
20
JFurlong
JFurlong
2
AmileeSan1
Meraki Employee AmileeSan1
14
View All

Community Record

13268
Posts
9651
Kudos
1006
Solutions

Badges

CMNA
Meraki Master
Community All-Star 2023
Community All-Star 2022
Community All-Star 2021
Community All-Star 2020 View All
Latest Contributions by PhilipDAth
  • Topics PhilipDAth has Participated In
  • Latest Contributions by PhilipDAth
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 512
  • Next »

Re: Can I use an RJ11 port with a RJ45 converter to connect a cisco meraki ...

by Kind of a big deal PhilipDAth in Switching
Wednesday
1 Kudo
Wednesday
1 Kudo
Looking at alternative solutions - could you go wireless?   Failing that, you could consider using VDSL media converters, but if there are a lot of ports, it could get expensive quickly.   If you have Cat3 cabling - VDSL would be the only way to use that cabling. If you have Cat5, you could look at using 100Mb/s only - but personally, I would rather change to WiFi.   I think I would get a cabling company in, get a quote and confirm what kind of cabling is installed. ... View more

Re: VPN to Azure and Failover Circuit

by Kind of a big deal PhilipDAth in Security / SD-WAN
Tuesday
3 Kudos
Tuesday
3 Kudos
>On the Azure side, I am certain I just need to configure 2 VPNs - one pointing to the MX Primary Circuit IP; the other pointing to the MX Secondary Circuit IP.   I give you a 10% chance of getting this to work.  Expect this approach to fail.   As already mentioned, a VMX is the way to go. ... View more

Re: SIM PIN MX67C-WW

by Kind of a big deal PhilipDAth in Security / SD-WAN
Tuesday
Tuesday
ps. This will depend on your carrier and SIM - but I have never had to touch the PIN number field. ... View more

Re: 802.1X radius timeout

by Kind of a big deal PhilipDAth in Wireless LAN
Monday
Monday
>The interesting thing is this that this only occurs on eap-tls   Perhaps they haven't been configured to trust the root CA certficate. Perhaps they require a minimum of a SHA2 signed root CA certificate and it is only SHA1 signed.   >what message would be sent after a radius accept message  as I would expect that to be final message   Hard to say.  Could be COA.  Could be an additional or secondary challenge.  Need to check client log to see what it is saying. ... View more

Re: 802.1X radius timeout

by Kind of a big deal PhilipDAth in Wireless LAN
Monday
Monday
I don't think you are having an actual timeout - I believe one end (either the client or the RADIUS server) is refusing to respond to a message, which looks like a timeout from a packet capture perspective.   But I suspect on either the client or the RADIUS server, there will be additional information. ... View more

Re: Best practices for wireless subnetting in high-rise buildings

by Kind of a big deal PhilipDAth in Wireless LAN
Monday
Monday
How many total devices are you expecting (or planning to allow) to connect?   Depending on the number of devices, I would either run with a single subnet for the whole building, or split the subnets into chunks above and below the mechanical floors.  Failing that, a subnet per floor and enable L3 roaming. https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MR_Wireless/Wireless_Layer_3_Roaming_Best_Practices    If this is an apartment building, I would also consider using WPN, and making each apartment their a separate virtual network. https://documentation.meraki.com/MR/Encryption_and_Authentication/Wi-Fi_Personal_Network_(WPN)      ... View more

Re: 802.1X radius timeout

by Kind of a big deal PhilipDAth in Wireless LAN
Monday
Monday
What does the event log say on the client?  What reason does it give for disconnecting?   It might be the client is refusing the connection after it is accepted.  Perhaps the client does not like the RADIUS server certificate or something like that. ... View more

Re: Looking for MR46 & MR56 stencils

by Kind of a big deal PhilipDAth in Off the Stack
Monday
Monday
If you are a Cisco Partner, you can also find resources in the Merai Partners portal. https://www.merakipartners.com/s/MarketingResources  ... View more

Re: Introduction

by Kind of a big deal PhilipDAth in Introduce Yourself!
Monday
2 Kudos
Monday
2 Kudos
Thanks for joining the community. ... View more

Re: Client VPN (anyconnect) program Password expired resetting

by Kind of a big deal PhilipDAth in Security / SD-WAN
Monday
2 Kudos
Monday
2 Kudos
Do you use any SAML providers, such as Cisco Duo or Office 365?  Are you able to enable the password reset function in those?   If you can, then change AnyConnect to also use SAML authentication and that same system. https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SAML_Configuration  And as a bonus, you will also gain easy MFA capability. ... View more

Re: SMS Authentication

by Kind of a big deal PhilipDAth in Wireless LAN
Monday
Monday
I don't have a single customer using TXT based authentication.  Can you change to one of the other options? ... View more

Re: WAN Interface Bouncing

by Kind of a big deal PhilipDAth in Security / SD-WAN
Monday
Monday
I also doubt this is an MX issue ...   But let's try and break the problem down further.  Perhaps next Monday, can you plug the MX circuit directly into the primary MX (this will obviously mean your warm spare is not working).  This will bypass your switch, and a couple fo connections. If the issue still happens, you know it is directly related to the ISP and primary MX (since everything else was not plugged in).   Does the uplink graph in the dashboard show any big traffic flows at this time (perhaps someone is doing a big upload/download).   This is the list of things monitored on the uplink: https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failover#Failover_Connectivity_Tests  Ask Meraki support to confirm which event is causing the failover.  Perhaps it is the link going down.  Perhaps the link is staying up, but the tests are failing. ... View more

Re: Client VPN Connection Alerts

by Kind of a big deal PhilipDAth in Security / SD-WAN
Monday
2 Kudos
Monday
2 Kudos
There is no such alert for this.   I have never had a customer request this before - so know that this is a very unusual request.   I'm not sure how I would even go about it.  Perhaps you could write a Python script to call the API every 5 minutes and request the event logs, parse out the AnyConnect client connection events, and then generate an alert based on that. ... View more

Re: Meraki Local Authentication - MR 802.1X

by Kind of a big deal PhilipDAth in Wireless LAN
Monday
Monday
For local certificate authenticate, you upload a root CA certificate.  The MR will alow anything to authenticate that uses a certificate from that root CA certificate.   It doesn't matter if it is a user or a machine. ... View more

Re: Extendind the VPN to Azure - vMX + Azure Virtual Firewal + Azure Vir...

by Kind of a big deal PhilipDAth in Cloud Security / SD-WAN
Sunday
Sunday
>If understand correctly I will need an separate VNET for the vMXs,   A separate subnet is sufficient.   >a virtual Firewall (here I'm assuming it will be a Azure virtual FW)   I haven't seen anyone else Azure Firewall for this.  Everyone uses network security grounds.   Is your Azure spread across multiple regions?  Another simple option is to just put one (or two) VMXs into each region. ... View more

Re: Now available: An official Ansible collection for Meraki Dashboard API ...

by Kind of a big deal PhilipDAth in Developers & APIs
a week ago
1 Kudo
a week ago
1 Kudo
Wow, that is interesting! ... View more

Re: Is it possible to install a Meraki MX security appliance in an AWS envi...

by Kind of a big deal PhilipDAth in Security / SD-WAN
2 weeks ago
2 weeks ago
I don't know - but NAT mode is available for VMX.   If you were keen to do an experiment, you could request another VMX on trial, and do a test deployment, and see what happens. ... View more

Re: Is it possible to install a Meraki MX security appliance in an AWS envi...

by Kind of a big deal PhilipDAth in Security / SD-WAN
2 weeks ago
3 Kudos
2 weeks ago
3 Kudos
This was historically the case.  About 6 months ago the VMX gained support for NAT mode, and Meraki changed it so this is now the default deployment option (bad!!!). https://documentation.meraki.com/MX/Other_Topics/vMX_NAT_Mode_Use_Cases_and_FAQ .   This was done primarily to offer full tunnel client VPN support for VMX.  In NAT mode, a user can VPN in and access the Internet (the VMX will NAT their traffic). HOWEVER, all AutoVPN spoke traffic is also NATed when accessing cloud servers.  The bonus of this is you no longer need to configure any routing in the public cloud - as all traffic (client VPN and AutoVPN) is NATed to the VMX private IP address and appears to come from that IP.   This is a major pain.  Servers CAN NOT access spokes - because the spokes sit behind NAT.  For example, you can't have a server in the cloud send a print job to a printer on-premise over AutoVPN using a VMX in NAT mode (actually I lie - you can make it work, but you have to configure NAT port forwards, just like if you have a physical MX attached to the Internet and wanted to give access to something from the Internet to an internal server - but this is a nasty solution for this use case).   As a consequence of this, I never use NAT mode for VMX.  Also note you can't change this setting post-deployment.  If you want to change it you have to delete the VMX and re-deploy it.     Looping full circle, now you can have a VMX in NAT mode like a "typical" on-premise VMX. Does the VMX support IPS or contenting filtering while running in NAT mode (like its on-premise counterpart)?  I don't know.  I have never used NAT mode on VMX, so have never tested this out.  But I think there is a reasonable chance this will work. ... View more

Re: Hello Meraki Community!

by Kind of a big deal PhilipDAth in Introduce Yourself!
2 weeks ago
2 weeks ago
Thaks for joining the community @eakinj7 . ... View more

Re: Python Library v1.37.1 🐍✌🏼1️⃣⏺️3️⃣7️⃣⏺️1️⃣

by Kind of a big deal PhilipDAth in Developers & APIs
2 weeks ago
2 weeks ago
Any chance of getting my bug fixed ... https://community.meraki.com/t5/Developers-APIs/Bug-in-asyncio-library-message-is-dict/m-p/207644#M8876  ... View more

Re: Dashboard API Version 1.37.0 Released ☁️1️⃣⏺3️⃣7️⃣⏺0️⃣

by Kind of a big deal PhilipDAth in Developers & APIs
2 weeks ago
2 weeks ago
Update installed.  🙂 ... View more

Re: Trying to unenroll Windows device from Devices list, get "No Eligible U...

by Kind of a big deal PhilipDAth in Security / SD-WAN
2 weeks ago
1 Kudo
2 weeks ago
1 Kudo
You should be able to remove the agent using add/remove programs. ... View more

Re: Introduction Message, "Hello!"

by Kind of a big deal PhilipDAth in New to Meraki
2 weeks ago
1 Kudo
2 weeks ago
1 Kudo
Thanks for joining the community @Ambrose1 . ... View more

Re: Is it possible to install a Meraki MX security appliance in an AWS envi...

by Kind of a big deal PhilipDAth in Security / SD-WAN
2 weeks ago
2 weeks ago
The "V" in "VMX" means virtual - it is an MX.  You typically use the VMX as a VPN concentrator.   Amazon doesn't charge for security groups, used for firewalling, so I am not sure where the cost aspect comes from? ... View more

Re: MR30.5 is out - Many fixes !

by Kind of a big deal PhilipDAth in Wireless LAN
2 weeks ago
2 weeks ago
I have been finding WPA3 unreliable.  I wonder if this might sort it out. ... View more
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 512
  • Next »
Kudos from
User Count
Isha_Sharma
Isha_Sharma
1
JonathanFourie
JonathanFourie
2
DarrenOC
DarrenOC
300
GFrazier
GFrazier
5
ww
Kind of a big deal ww
105
View All
Kudos given to
User Count
Ryan_Miles
Meraki Employee Ryan_Miles
493
cmr
Kind of a big deal cmr
716
UKDanJones
UKDanJones
20
JFurlong
JFurlong
2
AmileeSan1
Meraki Employee AmileeSan1
14
View All
My Accepted Solutions
Subject Views Posted

Re: L3FirewallRules source/dest set to VLAN

Developers & APIs
65 Wednesday

Re: Topology not working?

New to Meraki
49 Wednesday

Re: Client VPN Connection Alerts

Security / SD-WAN
66 Monday

Re: Convert Standalone Switches to Stack

Switching
123 2 weeks ago

Re: Get a list of clients org wide that has a custom or whitelist policy as...

Developers & APIs
112 3 weeks ago

Re: MV Recommendations for our MDF's

Smart Cameras
104 3 weeks ago

Re: High Bandwidth consumption

Wireless LAN
229 3 weeks ago

Re: No Policy Options on some computers

Security / SD-WAN
79 a month ago

Re: 2 ISP connection

Wireless WAN
117 ‎08-22-2023 02:52 PM

Re: The finer points of System Manager

Wireless LAN
96 ‎08-22-2023 02:10 PM
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Welcome! Please introduce yourself.

Community Tips & Tricks
53 114249

Re: Community Challenge: Show off your WiFi chops for a chance to win!

Community Announcements
23 13807

Re: The annual points contest is BACK and better than ever!

Community Announcements
22 5782

Before and After Pictures

Off the Stack
22 49407

Thank you Cisco Meraki Social Team

Off the Stack
19 1345
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Cookies
  • Terms of Use
© 2023 Meraki