Meraki

PhilipDAth

I would consider paying for a tool like Boundless Digital to automate this for you. https://www.boundlessdigital.com/network-management/meraki-automation/move-devices-and-networks/

PhilipDAth

You can only use org split into a new org, not an already existing org that already has networks. https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Organization_Split_Overview_and_FAQ

PhilipDAth

What kind of client device? Windows 11? iPad? Android tablet? What kind of authentication? 802.11x? WPA2-PSK And to be clear, you are saying they are failing to associate to the WiFi when they return to the original location, as opposed to being able to associate and some other step (like DHCP) failing? What does Wireless Health report?

PhilipDAth

What is the MR model? Is the SSID using bridge mode? Are you running current stable or better firmware?

PhilipDAth

I'm not sure. But you will need to re-run the onboarding tool. If you have an extra dormant switch in the dashboard afterwards, remove it. Note that there is now a cloud native IOS-XE which is more reliable when it comes to interfacing with Meraki. https://documentation.meraki.com/MS/Cloud-Native_IOS_XE

PhilipDAth

Wow, ok. Sounds like you need MX650s ....

PhilipDAth

And both MX are crashing still?

PhilipDAth

If this is a critical requirement for you then you need to deploy Cisco ISE and perform posture assessment. You trying to use a technology beyond its capabilities.

PhilipDAth

Which limit are you running into? Session limit? CPU limit?

PhilipDAth

See if you can narrow down the feature causing the issue. If you turn of AMP and content filtering - does the problem still happen?

PhilipDAth

The problem is agressive mode has fundamental security compromises. This is not a Meraki thing. It is a protocol thing. That is why no body should be using it anymore. https://raxis.com/blog/ike-vpns-supporting-aggressive-mode/

PhilipDAth

A special thank you to @LostInTranslate and @bailey_hawker . And a big thank you to everyone else.

PhilipDAth

Well done. Great hints to help everyone.

PhilipDAth

What I would do (and have done in the past), is on the primary MX create a new VLAN and assign a LAN port to it. Plug the second WAN port on the spare MX into it. Then it can fail over to the cable connection.

PhilipDAth

Done. Being optimistic, I have already decided who I would give it to if I won!

PhilipDAth

What about using the VMX in the other region as the backup, and configure a link between the two Azure regions that can act as transit?

PhilipDAth

Check the log on the Palo Alto.

PhilipDAth

You need to use 1Gb/s SFPs in the SFP+ slots. 10Gbe fibre SFP+s wont drop down in speed.

PhilipDAth

(1) Yes, it would enable SNMP on every device. I suspect this is what your customer wants. (2) Not if you are accessing it via the LAN. It works fine over AutoVPN.

PhilipDAth

I believe it was terminated in January 2025. You can't buy it anymore. I assume those with it can only use it until it expires.

PhilipDAth

Is the Docker network sitting behind NAT? If so, you'll need it to bridge to the local LAN.

PhilipDAth

I can't get the dashboard to allow me to do this upgrade.

PhilipDAth

Snap! The same tool that I use. 🙂

PhilipDAth

I use this online tool when I have to create option 119 (very rare). https://jjjordan.github.io/dhcp119/

PhilipDAth

You can't do this using only iPSK without RADIUS.

About PhilipDAth

PhilipDAth

Philip D'Ath

Community Record

Badges