Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About RomanMD
RomanMD
Building a reputation
Member since Apr 14, 2020
Thursday
Community Record
133
Posts
131
Kudos
16
Solutions
Badges
07-13-2021
07:57 AM
You have not posted the screen with the static route you are trying to configure, but it is not possible to add a static route with a destination subnet of a vlan defined on the MX itself.
... View more
07-13-2021
07:45 AM
2 Kudos
I think it is important to have more details in order to understand your topology. What is the SSID configuration: NAT, Bridge, L3 roaming, etc..? Are there any settings like 802.11r or 802.11w enabled? Are they(APs) connected to the same switch infrastructure? Are they(APs) in the same management Subnet? If the SSID is bridge, is the vlan allowed on all APs?
... View more
07-13-2021
07:39 AM
Is that the authentication for client? Does your AP have a static IP, or is it DHCP? Is the AP connected to a controller or is EBW? Is the policy checking for NAS ID? I am just thinking that after reconnect the AP is getting a new IP and the Radius packet a sourced from different IP if the policy is not checking for the NAS ID... but I am not radius expert at all... and last but not least - go away from EAP-FAST on ISE<2.6 and iPhones 🙂 I had too much trouble with TLS version miss-match.
... View more
07-13-2021
06:15 AM
2 Kudos
Alternatively, if your clients are connected via Meraki MR access points you could use isolation there. I think what you are trying to achieve, is Adaptive policy, which should be supported by MX'es at a later stage.
... View more
07-03-2021
03:18 AM
The other option would be, to have Local Dashboard accounts.. isn't it? I think local Dashboard accounts are allowed regardless other authentication options are enabled for the organization.
... View more
07-03-2021
12:05 AM
4 Kudos
You know what, a setting that's often ignored: Go in the Radio profiles and disable Client Balancing which is enabled by default. I have experienced a lot of problems because of Client Balancing, and that should not be enabled if one wants to have a stable environment.
... View more
07-01-2021
08:04 AM
According to your initial request I think further clarifications are needed. What devices do you manage? Access points only? Or do you have also Meraki MX and switches? I am asking, because you say "but I need a DHCP option 150 to be configured on the Meraki wireless". The DHCP options are set on the DHCP server. So if you have a Meraki MX or L3 switch which acts as DHCP for the Voice vlan - then you can set the option in the Meraki. Otherwise, if the DHCP is still a 3rd party machine (Windows, Linux, Infoblox, etc.) then you have nothing to configure in Meraki.
... View more
07-01-2021
07:41 AM
2 Kudos
Option 150 is not predefined DHCP option, but you always can configure any custom options with values type String, HEX or IP. So, the answer is - yes, you can configure option 150, either on L3 switch or on MX appliance.
... View more
06-23-2021
11:11 AM
1 Kudo
I would connect the Internet Port of the MX to the router via a L2 switch. I would connect with a PC to the same VLAN and start the Wireshark to see the DORA process. Also, make sure that the configuration in Internet Port 1 for VLAN Tagging says "Don't use vlan tagging".
... View more
06-23-2021
10:58 AM
1 Kudo
Hi, 1. you need to know if this is Single Mode or Multi mode fiber. Since you say this is OM4, then it must be Multimode. For multimode: MA-SFP-10GB-SR MS420 does not support 40Gb QSFP modules. 2. same as in the first point.
... View more
06-18-2021
03:02 AM
@rhbirkelund it only works like this if you have you housekeeping in Excel 😂
... View more
06-18-2021
02:53 AM
Never used the action batches at all, but I believe that for removing the device the action is "remove" not "delete". Not sure about the Warm Spare config.
... View more
06-18-2021
02:37 AM
1 Kudo
Maybe I've not understood you correctly, but for site-2-site vpn you can either have a default route checked if your MX is in Spoke mode or Exit Hub if it is in Hub mode. If that is what you are trying to accomplish then the /networks/{networkId}/appliance/vpn/siteToSiteVpn should help you do the changes.
... View more
06-17-2021
12:49 AM
Description:List the uplink status of every Meraki MX, MG and Z series devices in the organization If you don't have any of those devices in the organization, then you will have an empty array, but that's nothing you can't handle. Just check the length of the response array, if it is 0 -> skip and go further or whatever logic you need.
... View more
06-16-2021
06:38 AM
There is no trick for this. Most probably you are trying to access the shared folders via name which cannot be resolved. You can try to access them via IP address, or make sure you access them via FQDN which can be resolved. Also, worth looking if there are any group policies/firewall rules which will block port 445.
... View more
05-19-2021
02:34 PM
1 Kudo
Unfortunately, you don't seem to be able to do much when the org is in Co-Term. I also found it frustrating but all the Endpoints are mostly for the PDL model.
... View more
05-18-2021
10:56 AM
1 Kudo
The most obvious way is to loop thru the user list: import meraki
API_KEY = 'xxxxxxxxxxxxxx'
dashboard = meraki.DashboardAPI(API_KEY)
network_id = 'xxxxxxxxxxxxxxx'
required_username = 'myuser@name.com'
users = dashboard.networks.getNetworkMerakiAuthUsers(
network_id
)
for user in users:
if user["email"] == required_username:
pprint(user) Pythonic way would be to substitute the for loop with list comprehension: myuser = [user for user in users if user["email"]==required_username]
pprint(myuser)
... View more
05-18-2021
10:25 AM
The Meraki world is not different than normal Cisco world. Having that vlan100 on both MX and core switch and acting as management vlan for switches doesn't sound good for me. That's the only thing that I want to point. We have similar setup in our location. I have the management vlan on MX which is a native vlan on the MX port and acting as management for switches, then another vlan on the switch core for management of the access points. I need another vlan just because S2S VPN, but in your case another vlan for AP's is not needed.
... View more
05-18-2021
09:36 AM
1 Kudo
I don't have the full picture of your network but assuming you only have Mx, switch and Client VPN, and everything is behind the switches then: what is the Management VLAN all about? Is it the management for the switches only? Then it does not make any sense to have the vlan100 interface on the stack. It is better just to have that as native vlan on the MX port. If it is for some other purposes, then again... what's the purpose?
... View more
05-16-2021
12:51 PM
2 Kudos
Have you checked the RADIUS logs from which IP the requests are coming from? If my memory serves me well, when I was testing the Client-VPN the request to Radius were coming with the source IP of the highest vlan id. Now, that you moved the VLANs to the switch, the IP from which the requests are going out to RADIUS have also, probably, changed. Can you verify that?
... View more
05-03-2021
10:36 AM
1 Kudo
I do two three different things: 1. either store in the environment variable 2. either store in the database in the setting table (usually using this when the scripts run on Django) 3. either way - I have an encryption/decryption algorithm, so the key is not stored in plain text. It does not mean that the key is fully safe, as long as one will have access to the algorithms, but at least having the encrypted API key does not make much sense for some ....
... View more
05-03-2021
10:27 AM
Hello, it is possible, of course. It is possible to create/update almost any settings from from dashboard, but this requires you to be familiar with some programming/scripting language. Assuming that by "blocking IP" you mean that you want a L3 firewall rule or an inbound firewall rule, here are the Endpoint descriptions. https://developer.cisco.com/meraki/api-v1/#!update-network-appliance-firewall-l-3-firewall-rules https://developer.cisco.com/meraki/api-v1/#!update-network-appliance-firewall-inbound-firewall-rules
... View more
04-22-2021
09:49 AM
1 Kudo
NBAR2 will not disturb the clients at all, but NBAR2 will not be available in a mixed environment. I have just discovered this hard way few days ago when my script had trouble adding one AP to a network. You want to read "Disabling NBAR" paragraph. https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Network-Based_Application_Recognition_(NBAR)_integration_with_MR_access_points
... View more
04-20-2021
11:11 PM
1 Kudo
I am totally with Philip. Don't mix. Either build the environment with MR46 (preferred), either only Wifi5. You will start running into different issues and unavailability of certain features like NBAR2. When you'll have the env ready and working and later on you will want to add another wifi5 AP, you will have to disable traffic analysis, add new ap, enable traffic analysis. This one problem, and I am not sure which other may appear...
... View more
04-20-2021
01:20 AM
3 Kudos
I have a replication of Cisco WLC controllers infra in few locations and it is exactly like you said. Except, I am doing exactly like WW suggested - on the switch I have a trunk port with native vlan for management, and other vlans to tunnel different type of clients, including Guests.
... View more
- « Previous
- Next »
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 436 | 03-30-2023 11:16 AM | |
| 2967 | 06-24-2022 05:57 AM | |
| 906 | 06-22-2022 12:21 AM | |
| 375 | 06-22-2022 12:02 AM | |
| 431 | 06-15-2022 07:31 AM | |
| 2582 | 08-24-2021 03:32 AM | |
| 1521 | 07-30-2021 01:24 PM | |
| 1439 | 07-15-2021 12:44 PM | |
| 2476 | 07-13-2021 10:30 AM | |
| 3163 | 07-01-2021 08:04 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 11 | 695 | |
| 8 | 556 | |
| 6 | 1702 | |
| 5 | 375 | |
| 4 | 446 |
