About PhilipDAth

PhilipDAth

> Now, all of a sudden, a few DNS entries are missing from fileshares What do you mean DNS entries are missing from file shares? DNS is used for establishing a name to IP mapping, and file shares are used for - well - file sharing. I don't get how they are related.

PhilipDAth

> Things go south whenever I plug a switch into the repeater. Anything acting as a DHCP server plugged into this switch (or the switch itself)? If so, they'll make the repeater think it is another gateway.

PhilipDAth

> the Windows agent needs to be reworked ASAP. 100% agree.

PhilipDAth

A packet capture usually highlights the issue. https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Packet_Capture_Overview

PhilipDAth

Batch your API requests together using action batches. https://developer.cisco.com/meraki/api/#/rest/guides/action-batches/

PhilipDAth

I'm wonmdering if you have a buggy firmware load on that MX. Could you trying plugging it into an existing working network and let its WAN port DHCP an address and then come online? I suspect it needs a firmware upgrade.

PhilipDAth

No idea, but they have done a great job.

PhilipDAth

I just came across these excellent tool - XCA. https://hohnstaedt.de/xca/ It is a free Windows tool that lets administrators run a CA - easily. You can easily create certificates for your users for WiFi authentication, process CSRs, export in all the common formats, and have the database shared amongst your support people - so anyone can generate the certificates. Amazing.

PhilipDAth

> Needed to build an extra phase 2 tunnel instead of putting 2 subnets in one phase 2 configuration. The unfortunate thing is this is outside of your control. You can simply put forward the solution you recommend.

PhilipDAth

Doe your phase 2 have more than 1 subnet in it? If so, then others have previsouly said you need to (on the Fortinet) " Needed to build an extra phase 2 tunnel instead of putting 2 subnets in one phase 2 configuration."

PhilipDAth

ps. If it was me, I'd just go for a fixed 60s. Give the camera enough time to really power down.

PhilipDAth

I don't know of anyway to do that. You could try querying the port status and waiting until you see it becomes disabled. https://dashboard.meraki.com/api_docs#return-a-switch-port

PhilipDAth

The closest is: Organization/Summary Report and then messing with the "Network" drop down at the top. I say "closest", because it doesn't really deliver what you are asking for. But worth a look.

PhilipDAth

I've been using it for at least a year. I've had no problems, performance or otherwise.

PhilipDAth

Because the only information the RADIUS server gets is the users name and password. The RADIUS server is not told which machine the user is logging in from. Consequently there is no way to restrict the machine being used. This is a fundamental restriction of the Windows L2TP over IPSec client. Microsoft did not create a way for the machine name to also be passed or authenticated.

PhilipDAth

You have to setup a server and the raw data will be sent to it as it is collected. https://documentation.meraki.com/MR/Monitoring_and_Reporting/Scanning_API

PhilipDAth

What kind of device is the remote end? Is either end behind another device doing NAT?

PhilipDAth

I use AWS Lambda as well and get the same latency issue. Lamba is slow to start scripts (or slow to instantiate the script). This article seems to have a good discussion about this. https://medium.com/@zaccharles/making-net-aws-lambda-functions-start-10x-faster-using-lambdanative-8e53d6f12c9c

PhilipDAth

I don't know what BIP means. MPLS is a method of forwarding packets using labels. It is a technology used by carriers. It can be used for Internet and WAN circuits.

PhilipDAth

If you go: Security & SD-WAN/Appliance Status/Uplink you can see the current Cellular state and a graph of live circuit usage.

PhilipDAth

The API only gives you the raw data, so you would have to process that yourself to come up wit something similar. So that is not going to be simple. There is not going to be a straightforward way of getting this programatically.

PhilipDAth

I can't say you can plug it into any LAN, because some places have far more restrictive firewalls than others, but typically, yes you can just plug it in and then connect to it.

PhilipDAth

Is your machine set to use dhcp, including for DNS? Are you trying to set the management IP for the switch? If so, you could just plug the switching into an existing working network, let it get a DHCP address, and then change it via the dashboard.

PhilipDAth

You don't mention what model switch it is; but did you plug into the management port of the switch?

PhilipDAth

> Could you elaborate more on "we do all client management via Amazon AWS" ? We operate a SOCKS proxy tunneled through SSH via a server located in Amazon AWS. Any remote manage of clients is done via that. It also logs every IP flow through it, and connectivity to it is authenticated using an SSH key.

PhilipDAth

Community Record

Badges