Meraki

PhilipDAth · ‎Sep 16 2017

You would have to put each customer into their own subnet so each customer had their own VRRP gateway. Would you also need some kind of layer 2 circit between the two sites that trunked all the VLANs.

PhilipDAth · ‎Sep 16 2017

Maybe. What features of ISE are you hoping to replacing, or what features have you been using? If you also use the Systems Manager agent you can replicate a lot of the functionality of ISE using dynamic tags.

PhilipDAth · ‎Sep 16 2017

I'm confused by your question. With regard to servers, if you dual connect them to two switches and configured the NICs on the server as Active/Standby then a single port failure will cause the server to start using the standby NIC in the other server.

PhilipDAth · ‎Sep 16 2017

No Cisco ASR supports the same SD WAN system that Meraki uses.

PhilipDAth · ‎Sep 16 2017

I have seen this happen randomly on many phones. Try going into the SM app on the phone and click the Afw account link, so it tries to sign up for an account again. This usually fixes it.

PhilipDAth · ‎Sep 16 2017

When content filtering blocks something it gives a reason why. What reason is it giving?

PhilipDAth · ‎Sep 14 2017

I haven't done this for quite a while. You need to add an extra match in NPS to match the SSID. I think you need to match on "Called-Station-ID". Basically look in the event viewer to see what is being sent to you as well in the RADIUS request and add something for that. This article same some related info. https://social.technet.microsoft.com/Forums/windowsserver/en-US/fa662135-3ddd-4699-a8eb-83f9f85b5674/nps-calledstationid-regex-pattern?forum=winserverNAP

PhilipDAth · ‎Sep 14 2017

Create a black list policy. System Manager/Settings Add Setting More Android/Android Systems Apps Change the List Type to Blacklist. Save Factory reset the phone, and all the software that came with the phone should be allowed.

PhilipDAth · ‎Sep 14 2017

The physical MX's have their maximum throughput software limited. They could easily do this to a a virtual version as well.

PhilipDAth · ‎Sep 14 2017

It would be great if you could give me some Kudos as well. 🙂

PhilipDAth · ‎Sep 14 2017

Identity should be their email address. Leave "anonymous identity" blank. Password should be there password. Make sure their account is "authorised". I found this guide on how to set it up. https://documentation.meraki.com/MR/Encryption_and_Authentication/WPA2_Enterprise_Profile_Setup_on_Android

PhilipDAth · ‎Sep 14 2017

I don't think this is likely. With the Amazon and Azure products the Meraki "Intellectual Property" is protected. You can get at or see the raw disks (or the machines) to get the intellectual property. If it was on a private VMWare server you could ...

PhilipDAth · ‎Sep 14 2017

If you have no VPNs configured then you don't have an issue. If you are only using AutoVPN you don't have an issue. If you are using either client to site VPN or a third party site to site IPSec VPN then you have an issue. The only "fix" you have to use is to make sure you are using a long hard pre-shared key. Personally - I use 24 character pre-shared keys. This will mitigate the risk - but the PCI report will still say the same as it wont know you are using a PSK that is nor practically break-able.

PhilipDAth · ‎Sep 14 2017

Have you tried the beta firmware? It may be that the issues you opened the ticket about have been resolved in them.

PhilipDAth · ‎Sep 14 2017

Make sure the date and time on the machine are correct.

PhilipDAth · ‎Sep 14 2017

If you want to be able to deploy apps without user intervention on Android you must put the device into Device Owner mode. https://documentation.meraki.com/SM/Deployment_Guides/Android_Enterprise_Deployment_Guide_(Android_for_Work) If you think this is tricky - wait till you have to do an Apple device.

PhilipDAth · ‎Sep 13 2017

I think I have figured this out. Set the phase 2 authentication to MSCHAPv2.,

PhilipDAth · ‎Sep 13 2017

I have not seen this happen myself - unless there really is an IP address conflict. I assume there is no chance there are two DHCP servers on the LAN? Are both devices configured to use DHCP, or is one/both using a static IP address?

PhilipDAth · ‎Sep 13 2017

Negative, the Cisco "Support Forums" are on Lithium as well and they don't have the same limitations .

PhilipDAth · ‎Sep 13 2017

If you think my response helped it would be great if you could give me some Kudos and mark my answer as correct.

PhilipDAth · ‎Sep 13 2017

Did you make those three ports on the MS220 access ports?

PhilipDAth · ‎Sep 13 2017

You can also say to create the new network by copy the existing network.

PhilipDAth · ‎Sep 13 2017

Is Samsung cloud an actual app? Do you think you could find its ID? It may be that it is being caught by some other restriction.

PhilipDAth · ‎Sep 13 2017

I noticed that usernames are very restrictive as well. My surname has an apostrophe in it and I couldn't enter that either.

PhilipDAth · ‎Sep 13 2017

You are correct, It is software limited to that maximum speed. To support Gigabit you would need to jump all the way up to an MX250. https://meraki.cisco.com/products/appliances/mx250 An MX100 can do 750Mb/s. https://meraki.cisco.com/products/appliances/mx100

About PhilipDAth

PhilipDAth

Philip D'Ath

Community Record

Badges