Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About OVERKILL
OVERKILL
Building a reputation
Member since Jul 17, 2020
Friday
Community Record
117
Posts
65
Kudos
4
Solutions
Badges
03-22-2022
09:40 AM
Looks like two different countries (China, Russia). But the volume is just a trickle now compared to when it was on 443. I haven't seen any hits on it today for example. This client is a car dealership, so yeah, definitely no business in those countries, lol. Also, no further flaps of course, since AnyConnect isn't getting hammered now.
... View more
03-21-2022
07:47 PM
Yes, I'll be reaching out to Rogers (the ISP) and seeing what they can do in terms of blocking this traffic. The few I traced were China, FWIW.
... View more
03-21-2022
03:24 PM
Yep, I have Advanced Security on the other two MX84's (and my MX64), but this client went with the less expensive license. Meraki support got back to me and confirmed 100% CPU spikes that likely corresponded with the flaps and the hits to AnyConnect. Not sure what they will be able to do about it though. I'm seeing a few already even with the new port choice, though clearly nowhere near as many, so they must be running port scans.
... View more
03-21-2022
08:33 AM
Yep, exactly, and it seems like this particular network is being targeted, at least that's my theory based on what I see in the logs for it vs my other MX84's with AnyConnect. Would be really nice with some form of geoblocking for this service. This particular unit only runs Enterprise, so it doesn't have any of the advanced protection stuff or L7.
... View more
03-21-2022
08:01 AM
2 Kudos
Interestingly, my MX64 has shown AnyConnect as being available (and I tested it, it worked) since the 16.xx betas. I'm not on 17.xx yet and I see this on the client VPN screen:
... View more
03-21-2022
07:46 AM
Heard back from support this AM. @Make_IT_Simple you may find this amusing, they suggested the same thing as you about EEE being enabled. These are older 2960S models, EEE isn't available (the sh eee status command doesn't even work) and I advised them accordingly. I also made it a point to mention the AnyConnect port change, as this AM? No flap. We'll see what the rest of the week brings but I've suggested they start looking there in terms of a potential cause.
... View more
03-20-2022
07:56 PM
4 Kudos
Looks like he will have to contact Telstra and have them add a data code to his SIM, as I found this:
... View more
03-20-2022
07:48 PM
Will do, that's the purpose of this thread. I thought it was quite an interesting issue and I'm not seeing it on my two other MX84's, both with AnyConnect, but neither of them are getting hammered on 443 like this one was. Both have the same fibre service too, conveniently. I'll update tomorrow whether it happens in the morning or not. It seems to happen most frequently around 9:20-9:40AM based on the logs, but can also happen later in the day again.
... View more
03-20-2022
07:11 PM
I have 4x 2960's behind it, one as a 3x stack, one as a standalone for a separate network. There's also a cheap Trendnet PoE 100Mbit switch that runs an Aruba AP for guest WiFi on its own VLAN and it uses a rate limited WAN link on WAN2 at 10Mbit. None of the 2960's have energy efficiency enabled and the MX flaps ALL the active ports at once, which you can see in the screenshot, that includes both WAN links (which are connected to an Alcatel/Lucent ALU for fibre) and all three LAN links. This only started in February that I can see from the logs, the equipment has been the same for at least a year and AnyConnect was only enabled near the end of last year.
... View more
03-20-2022
07:06 PM
1 Kudo
Based on one of the earlier posts, it sounds like yes, there needs to be a config change by support so that it actually uses that APN in practice.
... View more
03-20-2022
06:14 PM
Good point on the NAT, I can see a 10.10---- in his screenshot where he edited out the cellular IP address.
... View more
03-20-2022
06:10 PM
If they are blocking 443, you can put it on another port, it's configurable. I'd give it a shot, it's more apt to work than L2TP.
... View more
03-20-2022
05:51 PM
Just use AnyConnect. I ran into a similar issue recently (cell wouldn't work, but it worked fine with a laptop) so I just had him download the AnyConnect client and it worked perfectly right out of the gate.
... View more
03-20-2022
03:25 PM
2 Kudos
I have a ticket open with Meraki on this issue, but the run-down: I have a site that I switched to AnyConnect near the end of last year, just using the default config, as they only have a couple of users, so default port of 443. Well, a few weeks ago, I get a call from them that their "internet is going up and down". Check the dashboard, see no immediate evidence of this happening (all green) and told her I'd upgrade them to 16.16, which I had scheduled, that night, and we'll see if that fixed it. Well, we had one day of nothing happening and then it started again.Checked the logs more thoroughly this time and saw that all ports that had a link on them had flapped. Odd. I searched specifically for that and saw that this appeared to be happening at least once a day.I opened a ticket and they apparently saw some issues in the logs and told me they were sending me a new unit. Excellent I thought. So, installed the new unit and figured I'd check the logs to ensure that this error message was gone. It wasn't. I was seeing the exact same thing with the replacement unit: Support didn't seem concerned because the customer hadn't complained yet, but I logged into the 2960 stack that's one of the units behind the MX and it was showing its uplink being connected/disconnected when I see the flap in the MX logs, so clearly, this is still actively taking place (GI1/0/1): Then I noticed that the AnyConnect service seemed to be restarting at the same time: Also, because of the use of the default, port, the AnyConnect service was getting hammered by foreign IP's and this appeared to be triggered it to restart: So, while I wait on support to get back to me, I just changed the port AnyConnect was on to stop the hammering, and, so far, it has been 24hrs and no interface flap, but the real test will be tomorrow morning when all the users are back, as this may just be an unrelated correlation. However, IF this observation does indeed show that the hits on the service are triggering the interface flap, there is clearly an issue with the service that will have to be dealt with.
... View more
Labels:
- Labels:
-
Other
03-11-2022
09:47 AM
May not be related to your situation, but I had a site that was on 16.14 that was fine until last week and then they started experiencing outages. Upgraded them to 16.16 the night before last to see if it would help, had another outage again today. Outage apparently lasts 5 or 10 minutes. Checked the logs and it flapped ALL the active interfaces: It's connected to a stack of 2960S switches and its logs show the link, fluttering at 9:27 then going down at 9:35 then coming back up at the time we see there in the Meraki log. The flutters don't show in the Meraki log, only the result of what appears to be all of the active interfaces resetting including the WAN links. I opened a support case this AM, we'll see what's going on.
... View more
03-07-2022
02:02 PM
This moves 16.xx into GA, so for those of us using AnyConnect through the Beta and RC, I know we have to buy AnyConnect licenses, which I have my wholesaler working on now, but how much of a grace period is there, assuming there will be license enforcement now?
... View more
02-16-2022
07:38 PM
Yes, I can confirm the same. For the last few weeks, just ensuring a client workstation has all the latest updates resolves the problem.
... View more
02-14-2022
11:19 AM
6 Kudos
You can do a lot of the pre-deployment configuration in the cloud but the device will need a way to download that configuration when it is hooked up. I've done this with a few devices that were being sent to remote sites. One was an MX64 being sent to a satellite clinic with a static cable connection. I logged into the webUI on the device and configured the WAN information so that it would work once connected. Then I built the remainder of the config via the portal which the device pulled down once it was connected on-site. Does that answer your question?
... View more
02-14-2022
11:10 AM
You need to provide some significant clarification on your topology, as the way it is worded, there is a ton of ambiguity on a number of key areas. 1. You say you have an "upstream DHCP Server pool". Provide some more details on this. You are not using the MX for DHCP? 2. You say you are using the Meraki DNS servers. There are no Meraki-specific DNS servers, the device, if it is handling DHCP, will either proxy or relay your ISP's DNS servers, or allow you to select Cisco's Umbrella or Google DNS. 3. Your mention of the MX84 being .2 while you mention .1 being dowstream, you need to provide some clarification here. Which IP is handling NAT/PAT? Or are you using the MX in transparent mode? A diagram of your topology or even a rough overview would greatly aide in providing some much needed clarity on your setup, and subsequently allow for far more productive feedback.
... View more
01-17-2022
10:05 AM
Yes, the 14.xx releases aren't impacted because the vendor_ID flag isn't set in the firmware. That was added with the 15.xx series and that seems to be what is causing the issue on the Microsoft side.
... View more
01-15-2022
10:57 AM
AnyConnect IS available on the Meraki platform, currently without a fee (because you need to be running 16.xx) but there will be a charge once the 16-series because stable.
... View more
11-02-2021
10:07 AM
2 Kudos
Interesting one today: We have a few Z3's at various teleworker residences. One of them has an MR20 on site as well, to provide wireless in a back section that the Z3 doesn't cover. Today, get a call that one of their devices won't connect. Everything else has WiFi. Interesting. Hop on the portal, see the devices connected, didn't pay much attention to what they were in fact connected to. Restart the Z3 and the AP, everything reconnects except this one device. Then it dawns on me that they are all connecting to the MR20. Signal strength is not great, as many of these devices are quite close to the Z3. Clearly, the wireless on the Z3 had stopped working when I had applied the 15.44 update (it had been working fine before) and this killed the wireless. A restart didn't bring it back. So, updated the unit to the 16.14 RC and boom, the wireless came back. This is the 2nd Z3 I've had bizarre wireless issues with, both of which in the same location (Cisco replaced the first one). The AP was a later addition and wasn't there when the first one conked out. Anybody else experience this?
... View more
10-14-2021
08:15 PM
Pretty minor upgrade from 16.12 from the looks of things, thanks for the share.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 442 | 04-14-2022 12:28 PM | |
| 3016 | 04-03-2022 10:49 AM | |
| 1264 | 03-21-2022 03:24 PM | |
| 1391 | 07-18-2021 08:54 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 6 | 451 | |
| 4 | 1468 | |
| 3 | 192 | |
| 3 | 409 | |
| 3 | 2728 |
