Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About harmankardon
harmankardon
Getting noticed
Member since Sep 12, 2021
Thursday
Community Record
74
Posts
40
Kudos
1
Solution
Badges
Aug 31 2022
11:01 AM
I probably haven't worded things clearly. On the MX, all ports are trunk ports and the native VLAN for all ports is VLAN 1 which means VLAN 1 is untagged in the context of the MX. If I set an access port on the Meraki switch to VLAN 1, when the switch forwards frames from this switch port to the MX, are these frames now tagged when the arrive at the MX? Or do they arrive untagged because VLAN 1 is the native (untagged) VLAN? If they do arrive tagged at the MX, does the MX then remove the tag before forwarding out on other ports?
... View more
Aug 31 2022
10:29 AM
I have an MX with a LAN setting of "VLANs" (as opposed to Single LAN) with only one VLAN configured, VLAN 1. All ports on the MX are configured as Trunk with native VLAN set to VLAN 1. I'd like to introduce a Voice VLAN to this network which I will add as VLAN 65 and leave the MX ports configured as they currently are. The VoIP phones are all connected to a Meraki switch and the Meraki switch is connected to the MX. The phones all have a PC attached to them. The plan is to configure the ports on the Meraki switch as access ports and set the data and voice VLAN appropriately. The rest of the network consists of unmanaged switches connected directly to the MX. So this network is currently flat with no VLAN tagging. My question is about what happens when I set the data VLAN to VLAN 1 on the Meraki switch ports used by the phones. I know the switch will tag the phone traffic as VLAN 65 when it forwards phone traffic to the MX, but will it actually "tag" the data (PC) traffic as VLAN 1 when it forwards to the MX or does the switch know that VLAN 1 is the native (untagged) VLAN and leave it untagged? Essentially trying to figure out if a Voice VLAN can be added without affecting the untagged nature of the current flat data network.
... View more
Jul 13 2022
4:58 AM
Shameless bump. After upgrading to MX 17.7 and the MX 17.8 (patches notes for both mentioned fixes for device reboots), I am still experiencing random reboots with several of our MX67C devices. I have a ticket open with support now and they have confirmed these random reboots are a known issue and engineering is working on it, but no other details. I'm stuck between a rock and a hard place because 17.x allowed us to get cellular failover working on many of our MX67C but these device reboots are very disruptive as the brief loss in internet connectivity causes some of the systems at this location to crash (a whole other unrelated can of worms). Anyone else experiencing anything like this and have a workaround? I've asked Meraki if the reboots are related to a specific setting or configuration (since it seems to happen at some locations and not others) but all I get is "it's a known issue" and nothing further.
... View more
Jun 12 2022
1:41 PM
3 Kudos
I logged in a couple of days ago and was presented with a new page I have never seen before, it was titled Summary (Beta). On this page it gave a brief overview of the organization, and it including an "Uplinks" health widget. This was a nice feature because it was the first time I'm aware of that I could look in one spot to find out the status of the primary WAN uplink and the integrated cellular uplink for all sites (we are using MX67Cs at all our sites with built-in LTE modem). Prior to this, I had to manually check the Appliance Status -> Uplink tab for each site. Today that new Summary (Beta) page is gone, any idea if/when it will be coming back?
... View more
Jun 10 2022
4:44 PM
Hoping this resolves what I believe to be a rebooting issue with some of our MX67C firewalls running 17.6 and 17.7.
... View more
May 11 2022
5:53 AM
I experienced a similar issue with the MX67C after upgrading to MX 17.6: https://community.meraki.com/t5/Security-SD-WAN/WAN-throughput-on-MX67C-running-MX-17-6-firmware/m-p/143392 Some others with similar hardware/firmware setups chimed in that they were not experiencing the same issue, so it doesn't seem to affect all instances of MX 17.6. I eventually gave up because WAN link is the bottleneck at all our production sites.
... View more
May 11 2022
5:38 AM
Most of our sites using MX67C with MX 17.6 firmware have been running without any issue, in fact MX 17.6 resolved a number of issues (mostly related to cellular). But some sites seem to experience minor interruptions to their connectivity a few times a week. I get notified of this by a series of email alerts that usually come in the following order: "VPN connectivity changed" email stating site-to-site VPN to that site went down. "Uplink status changed" email stating site has switched to cellular as its uplink. "VPN connectivity changed" email stating site-to-site VPN to that site came back up. "Uplink status changed" email stating site has switched back to Internet 1 (wired WAN) as its uplink. "VPN connectivity changed" email stating site-to-site VPN to that site went down. "VPN connectivity changed" email stating site-to-site VPN to that site came back up. "Cellular came up" email stating the site has connected to a cellular network. From the first email to the last email is usually 2 minutes or so. The other day, I happened to notice I get a similar sequence of emails in the same time period if I manually reboot or power cycle a MX67C running MX 17.6. In the past I have noticed that an MX67C running MX 17.6 connects to the dashboard via cellular first for about 30 seconds or so before switching to wired WAN when booting up, which I believe triggers the emails regarding cellular failover. Unfortunately (and one of my pet peeves with Meraki) is that there is no "device boot" event in the event log. The Connectivity bar on the Summary page does show around 2 minutes of no connectivity but no way for me to know if there was a true WAN outage or if the device rebooted. I will dig into this deeper with Meraki support in the hopes they can identify reboot events, but wondered if anyone else was seeing anything similar?
... View more
Mar 30 2022
10:23 AM
I didn't even know this Meraki document existed! Thanks for pointing me in the right direction. The Client VPN Overview Meraki doc doesn't even mention that page. The URL for anyone else seeing this is: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Managing_User_Accounts_using_Meraki_Cloud_Authentication
... View more
Mar 30 2022
10:14 AM
I finally got a chance to test (I probably should have tested first), as far as I can tell client VPN users with Meraki Cloud Authentication can reset their own password via that URL.
... View more
Mar 30 2022
10:04 AM
I guess I should have clarified, we are using Meraki Cloud Authentication. I had one of my users forward me their welcome email and it has a link to https://account.network-auth.com/ which does seem to allow users to change their password. @alemabrahao was your answer assuming we were using a different authentication type?
... View more
Mar 30 2022
8:48 AM
Ok so if I am an admin for multiple dashboard organizations and one of them is set to force 2FA, that affects my dashboard account meaning regardless of which organization I am signing in for, I will be forced to use 2FA?
... View more
Mar 30 2022
8:37 AM
For client VPN, I believe the following to be true: 1. If account type is Guest, client VPN password is set by a dashboard admin via the dashboard. 2. If account type is Administrator, client VPN password is the users dashboard password. Are both of these assumptions true? And for #1, can the users reset their password themselves? And do the options in Organization -> Settings -> Security Settings apply to both client VPN users and dashboard admins? If it doesn't apply to dashboard admins, is it possible to force 2FA for admins some other way?
... View more
Mar 30 2022
8:22 AM
3 Kudos
Interesting. I had the opposite result with built-in cellular on our MX67C devices, they wouldn't properly take APN override on MX 15.44 (among other cellular connectivity issues) but when we upgraded to MX 17.6, the APN override worked right away and it resolved a few other cellular issues. For USB modems, it does say (in the 17.6 patch notes) that certain models don't work with USB cellular but it doesn't list the MX64W, strange. It does seem that Meraki's support for USB cellular modems seems to be lacking ever since they released the built-in models and the MG line. Here's a snippet from https://documentation.meraki.com/MX/Cellular/3G%2F%2F4G_Cellular_Failover_with_USB_Modems "New USB modem approvals are currently on hold until further notice. All ongoing evaluations for USB modems will be updated on this page as soon as completed. We recommend to upgrade to the integrated/MG models for cellular connectivity and reach out to your sales contact." That doesn't sound very promising....
... View more
Mar 28 2022
5:44 AM
Interesting. In terms of minimizing downtime this seems like the best solution. Allows me to fully configure the destination network before having to move devices or licenses. Any gotchas you can think of with this method?
... View more
Mar 25 2022
11:49 AM
I thought this was the case as well, but the support engineer I spoke with said all they can do is help move devices/licenses, nothing regarding configuration.
... View more
Mar 25 2022
11:48 AM
I'll have a look at this, thanks.
... View more
Mar 25 2022
10:30 AM
What is the best way to move a network from one organization to another? I know that licenses and devices can be easily moved, but is there a way to move a whole network? I'm not even sure how I'd do it manually by re-creating the network in the destination organization. With a switch for example, I can't configure individual ports until the switch is present in the new network, but if I move it to the new network then I lose the ability to see what it's configuration was in the old network. Do I have to manually document every single bit of device configuration on the existing network before I start moving devices? I'm thinking this would lead to a lot of downtime. I may have to do this for several networks, hoping to find some way to automate or at least avoid the potential for human error.
... View more
Mar 24 2022
10:16 AM
I was seeing Profile Not Found immediately after upload and after refreshing the page. Checked again today after the dashboard maintenance and looks like its fixed now. Thanks for the clarification on the .XML extension, that confused me when I was checking the local Profile folder on my computer to see if the profile actually got pushed.
... View more
Mar 23 2022
5:18 PM
Thanks @Ryan_Miles !
... View more
Mar 23 2022
5:08 PM
When I upload a profile in the Profile Update section of the AnyConnect settings page, any profile I upload (created with the AnyConnect VPN Profile Editor) shows "(No Profile Found)". After spending some time trying to figure out what was wrong with my profile, I decided to try connecting and the profile was actually pushed and seemed to work. Am I safe to assume this is just a bug in the dashboard user interface?
... View more
Mar 23 2022
11:30 AM
Is sorting by Usage on the Network-wide -> Clients page not working properly for anyone else? I've tried a few different time periods on multiple networks and multiple organizations, and in every situation, sorting clients by Usage results in a list that is not sorted by usage (haven't figured out what its actually sorting by).
... View more
Mar 22 2022
9:45 AM
1 Kudo
Also having trouble with this, L7 peer-to-peer is blocking our remote support tool.
... View more
Mar 21 2022
3:32 AM
2 Kudos
For anyone on a MX67C/MX68C running into issues with integrated cellular and custom APN's, try upgrading to MX 17.6 firmware. I was running into lots of issues with the integrated cellular on older firmware: some devices I could not set a custom APN myself (had to be set on the backend by Meraki support), and none of my devices would seem to take the public static IP APN from our cellular carrier (would never get the assigned public IP, always got a CGNAT IP). After upgrading to MX 17.6, all of these issues went away. My understanding is that the cellular portion of the MX 17.x firmware is now the same as what is used in the MG line of products. In addition, there are a number of undocumented improvements in MX 17.x like: Eliminated that the flood of "events dropped" that appear in the event log on devices with integrated cellular modems even if the modem was disabled and there was no SIM installed. New Cellular Status tab on local status page. Ability to set APN from local status page. Ability to set APN username and password from local status page. Ability to set cellular IP type from local status page. If you aren't having any luck between Meraki support and your cellular provider, give MX 17.6 a shot.
... View more
Mar 19 2022
5:04 PM
Interesting, how were you able to exceed the 600 Mbps hard limit by such a significant amount? Also very surprised to see that you are seeing higher throughput numbers with security enabled vs. disabled, that doesn't seem to make sense. Either way, I re-tested again tonight and discovered that right after a reboot, I get 600 Mbps even with security features enabled. Some period of time later after doing some minimal browsing and cellular testing, I tried the speedtest again and I'm back to down to 275 Mbps. No change in the WAN connection, if I take the uplink cable out of the MX and plug it into laptop I get 1 Gbps. I rebooted the MX again and speeds went back up to 600 Mbps. Fortunately none of the sites I'll be deploying MX 17.6 to have anything greater than 200 Mbps so not an issue for now. Perhaps I'll just wait and see if this resolves as MX 17.x matures. Side note: each time I reboot the MX67C, when it comes back online it starts out on cellular for about 30 seconds (status light purple and confirmed via tracert) before switching to wired uplink.
... View more
Mar 19 2022
4:50 PM
I'm using Ookla and using my ISP's speedtest server, I have no trouble saturating the link if I bypass the MX67C. I tried nperf but closest server is almost 1000km away, not able to saturate even when bypassing the MX.
... View more
- « Previous
-
- 1
- 2
- Next »
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 721 | Oct 11 2022 10:23 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 12 | 1370 | |
| 4 | 2007 | |
| 3 | 3316 | |
| 3 | 631 | |
| 3 | 6983 |
© 2024 Cisco Systems, Inc.
