The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About jcottage
jcottage

jcottage

Here to help

Member since Oct 1, 2018

‎03-18-2020

John Cottage

Kudos from
User Count
TBee
TBee
1
tsmooth
tsmooth
1
Trisha
Trisha
1
PhilipDAth
Kind of a big deal PhilipDAth
3
CarolineS
Community Manager CarolineS
1
View All

Community Record

15
Posts
9
Kudos
0
Solutions

Badges

CMNA
CMNO
First 5 Posts View All
Latest Contributions by jcottage
  • Topics jcottage has Participated In
  • Latest Contributions by jcottage

Re: vMX100 in Azure Active/ Warm Standby

by jcottage in Security / SD-WAN
‎03-18-2020 08:21 AM
1 Kudo
‎03-18-2020 08:21 AM
1 Kudo
Because Azure does not use ARP to do IP discovery it is unfortunately not.  Deploying anything in Azure/AWS for Active/Standby has been very clunky in my experience. For the most part it involves API calls to remap the active IP address or routing to the unit that is taking over.  ... View more

Re: Cisco ISE 2.4 with Meraki MS mab authentification

by jcottage in Switching
‎11-23-2018 09:01 AM
1 Kudo
‎11-23-2018 09:01 AM
1 Kudo
Can you share the contents of the  Authorization Profile sent from ISE to the switch.   It should match whats in this KB: https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Dynamic_VLAN_assignment_via_802.1X_(RADIUS)_for_MS_Switches   ... View more

Re: How are you dealing with the 802.1x changes in 10.x?

by jcottage in Switching
‎11-01-2018 01:17 PM
‎11-01-2018 01:17 PM
At this point I would reach out to support. This is defiantly not working as intended. ... View more

Re: How are you dealing with the 802.1x changes in 10.x?

by jcottage in Switching
‎11-01-2018 07:24 AM
‎11-01-2018 07:24 AM
Session time out and idle time out are 2 different timers. I found a good description of the timers on this MR KB. Are you doing MAB auth or 802.1x for the devices down stream of the phones, because when the re-auth timer hits 802.1x auth should fail but MAB may still stick.   https://documentation.meraki.com/MR/Splash_Page/Configuring_RADIUS_Authentication_with_a_Sign-on_Splash_Page   I haven't been able to find a KB that lists supportes radius vars for the MS side.  ... View more

Re: How are you dealing with the 802.1x changes in 10.x?

by jcottage in Switching
‎11-01-2018 05:36 AM
‎11-01-2018 05:36 AM
Hey bigben386,   What radius server are you using?   I have seen similar behavior in traditional Cisco(Catalyst) with IP phones. The IP Phone keeps the session active even if the device is disconnected from the phone. We added an idle timeout to the session on the radius server. I'm not sure if the MS devices support that setting.  ... View more

Re: Network Access Control/NAC

by jcottage in Wireless LAN
‎11-01-2018 05:28 AM
‎11-01-2018 05:28 AM
Hey Tom42,   The MRs will work with all sorts of radius based solutions for NAC. The support matrix you really need to look at is the NAC to OS. The MRs just pass the radius traffic. Can you provide a link to the doc you are looking at?   This article refers to using Cisco ISE as as the NAC solution: https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_WPA2_Enterprise_with_RADIUS_using_Cisco_ISE     ... View more

Re: DHCP / routing with template binding

by jcottage in Switching
‎10-27-2018 07:59 AM
1 Kudo
‎10-27-2018 07:59 AM
1 Kudo
Updating old thread. You can now do layer 3 in templates  https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MS_Switching/Templates_for_Switching_Best_Practices#Layer_3_Routing_.26_DHCP   ... View more

Re: ISE support

by jcottage in Off the Stack
‎10-26-2018 07:29 PM
‎10-26-2018 07:29 PM
Hey AKR,   To mimic open monitor mode I believe we would assign an "Access Policy" to the port that was configured to have "URL redirect walled garden" enabled and allow access to 0.0.0.0/0.       ... View more

Re: Please introduce yourself

by jcottage in Community Tips & Tricks
‎10-23-2018 12:38 PM
2 Kudos
‎10-23-2018 12:38 PM
2 Kudos
Hello all,   Name is John Cottage. I work for a Cisco VAR in the NYC tri-state area. My main focus is Cisco's security portfolio(ISE, SteathWatch, Firepower, AMP). As there is now alot of integration and overlap with the Meraki offerings, I do alot of Meraki installs as well.    From the Meraki cert side I have both the CMNO and CMNA ... View more

Re: Getting the splash page to load on a Windows device

by jcottage in Wireless LAN
‎10-23-2018 12:23 PM
2 Kudos
‎10-23-2018 12:23 PM
2 Kudos
Make sure you have captive portal strength set to "Block all access untill sign-on is complete".   Windows should notice it can't get to the internet and detect the splash page and prompt you to "log in to wifi". When you click the prompt Windows will then launch the default browser(Chrome, Firefox,....why would using anything else..) to the following URL: http://www.msftconnecttest.com/redirect    This is obviously the ideal scenario and works 80-90% of the time. For the other uses cases I have used http://neverssl.com. Web site owner made it for this exact use case.      ... View more

Re: CWA-VPN

by jcottage in Wireless LAN
‎10-23-2018 05:52 AM
‎10-23-2018 05:52 AM
I don't believe you can use a group policy to change the " Client IP assignment" mode from VPN to bridge. This is set at the SSID not at the host.   You can however use a group policy to change a vlan and add ACLs to host.   ... View more

Re: Cisco ISE CWA with Meraki MX

by jcottage in Wireless LAN
‎10-23-2018 05:40 AM
‎10-23-2018 05:40 AM
VS,   Adding the airspace ACL/group policy is not a requirement after the user is authenticated. The COA sent from ISE will start a new session with the new information. However adding a group policy that only allows access to the internet is a great defense in depth strategy in case something else happens.   ... View more

Re: Routing MX 84 to Cisco 3750 Core

by jcottage in Security / SD-WAN
‎10-16-2018 06:27 AM
‎10-16-2018 06:27 AM
Hey Tony,   Is the goal to replace the ASA? ... View more

Re: Routing MX 84 to Cisco 3750 Core

by jcottage in Security / SD-WAN
‎10-15-2018 02:53 PM
‎10-15-2018 02:53 PM
Hey TonyBoy,   With out knowing more about your topology I personally cant give you a 100% answer however I can tell you that as long and the MX and the 3750 have IP interfaces on the same vlan you will be able to route between them.    Side Note: using vlan 1 is against best practice in Cisco world but not necessarily in the Meraki world ... View more

Re: Native VLAN mismatch?

by jcottage in Switching
‎10-15-2018 02:43 PM
2 Kudos
‎10-15-2018 02:43 PM
2 Kudos
Based on my historical work with HP switches the untagged vlan is the same thing as the "native" vlan in cisco speak  ... View more
Kudos from
User Count
TBee
TBee
1
tsmooth
tsmooth
1
Trisha
Trisha
1
PhilipDAth
Kind of a big deal PhilipDAth
3
CarolineS
Community Manager CarolineS
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Please introduce yourself

Community Tips & Tricks
2 31959

Re: Getting the splash page to load on a Windows device

Wireless LAN
2 5373

Re: Native VLAN mismatch?

Switching
2 1823

Re: vMX100 in Azure Active/ Warm Standby

Security / SD-WAN
1 1305

Re: Cisco ISE 2.4 with Meraki MS mab authentification

Switching
1 1815
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki