Meraki

PhilipDAth · ‎May 3 2019

Tihs is almost certainly an issue with your cellular carrier filtering inboud traffic to you. With any luck you carrier will offer an APN where they do not do this. If you Google the name of your carrier and terms like "L2TP" or "VPN" and "APN" you might be able to find this. Once you have an APN you can use you'll need to open a support case and ask them to configure the MX68 to use that APN.

PhilipDAth · ‎May 3 2019

Are you getting to connect to a fixed line broadband or a celluar connection on the MX? What happens when it didn't look? Do you get to enter a username and password? Do you get any error message?

PhilipDAth · ‎May 3 2019

You don't need to actually charge/bill the customer. You would use the "Use fast prepaid login page" option. Check out thsi documentation: https://documentation.meraki.com/MR/Splash_Page/Customizing_Splash_Pages_for_Fast_Prepaid_Card_Billing_SSIDs

PhilipDAth · ‎May 3 2019

With a recent client I did we installed certificates onto all the printers so they could authenticate just like a user. The client understands they can only buy printers that support 802.1x as a result - but it gives the best security model. No exceptions. In their case they also had TV's, but I put these onto a seperate network that has no access to anything internal.

PhilipDAth · ‎May 3 2019

Seperate networks are mostly a thing of the past now, and mostly people only use combined networks. I typically do all my firewall rules on just the MX, rather than both the MX and MR. Also on the client page you can select to apply the group policy by connection or SSID, so you can apply it to the client for only one type of connection it is using.

PhilipDAth · ‎May 2 2019

>I was wondering where the CPU utilization chart was.. It appears to be overworked Well at least we know, the unit is maxed out.

PhilipDAth · ‎May 2 2019

You could also consider using an "RF Profile". There is a ubilt in one called "Open Office Profile". https://documentation.meraki.com/MR/Radio_Settings/RF_Profiles

PhilipDAth · ‎May 2 2019

I like @kYutobi initial answer - but I would use a minimum bit rate of 12Mb/s for maximum compatibility.

PhilipDAth · ‎May 2 2019

Static DHCP reservations will be maintained. I don't think that dynamic DHCP will be. Expect that to be lost. Something that catches a lot of people out is the MS250 only has 10Gbe SFP+ ports. So if you want to plug in a copper circuit make sure you get a copper SFP.

PhilipDAth · ‎May 2 2019

I would use a single SSID. Have you considered using any of the billing options? https://documentation.meraki.com/MR/Splash_Page/Billing_for_Wireless_Access

PhilipDAth · ‎May 2 2019

Go to: Organization/Summary Report Select just HQ network. Scroll to the very bottom to device utilisation. How heavily utilised is it?

PhilipDAth · ‎May 2 2019

The CPU gets carved up between different things. If you are driving the CPU hard with crypto doing 100Mb/s of traffic it wont leave a lot of CPU available for other things. I think you are going to need some bigger hardware ... Some options: * Replace the MX65W with an MX68W. It has significantly more punch. This is the nicest solution. A nice simple design. * Installed an additional MX67 at HQ (it will have to go into its own seperate network) and put it into VPN concentrator mode. Configure this to terminate all the AutoVPNs leaving the main MX65W just doing Internet and WiFi (so disable AutoVPN on the original MX65W at HQ). This is the cheapest solution.

PhilipDAth · ‎May 1 2019

No. But you're right, it would be usefull.

PhilipDAth · ‎May 1 2019

I misread the heading to say: Announcing the winners of our April Fools Contest

PhilipDAth · ‎May 1 2019

Wow what a slog. I need to sleep.

PhilipDAth · ‎May 1 2019

Do the APs usually respond to ping? Perhaps they have a built in firewall.

PhilipDAth · ‎May 1 2019

Well done @JimL and everyone else how managed to score some loot.

PhilipDAth · ‎Apr 30 2019

@DroneDelivery there are several best practice guides depending on what you want to do. This is one of the basic ones: https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices

PhilipDAth · ‎Apr 29 2019

Service provider NAT can also cause issues. Getting a static IP address on the DSL will normally solve this.

PhilipDAth · ‎Apr 29 2019

It is nearly always NAT bugs on the DSL router. It is unlikely to be the MX.

PhilipDAth · ‎Apr 29 2019

Some routers have bad UDP NAT code in them, and expire the sessions out quickly - causing connectivity issues. Is the same kind of DSL router being used for WAN1 and WAN2? If they are different, I bet the one on WAN1 has an issue. Is their any firmware upgrades available for the DSL router connected to WAN1?

PhilipDAth · ‎Apr 29 2019

@MegaSmithers Meraki switches can tell you what port a device is connected too. Just add those columns to the display. Tracing cables is the old way of doing things. No one does that anymore. Do you know about magic URLs like switch.meraki.com that a user can type into their browser to also establish where they are plugged into? You can learn about these here: https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Meraki_Device_Local_Status_Page

PhilipDAth · ‎Apr 28 2019

So when you say "resolved", you are saying you don't have a problem anymore, correct? And you are just posting the information to help others?

PhilipDAth · ‎Apr 27 2019

DHCP is fine as long as it is a public IP and stays the same.

PhilipDAth · ‎Apr 27 2019

Does the 2911 and the MX both have a public static IP directly on their interfaces, of its one of them behind a NATing device?

About PhilipDAth

PhilipDAth

Philip D'Ath

Community Record

Badges