- About ph0t0g
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
ph0t0g
Getting noticed
Member since Oct 31, 2018
01-14-2019
Community Record
27
Posts
6
Kudos
0
Solutions
Badges
12-27-2018
08:21 AM
1 Kudo
If you just want to get up and running with a minimal or reading, try this document. https://documentation.meraki.com/MX/MX_Quick_Start Once you are logged into the dashboard, you can use the best-practice documentation above to configure specific features, like VPN or setting up security. And, of course, if you get stuck, you can post your problem in one of these forums. Good luck. Peter
... View more
Hi Felix, I would try emailing support if you can't reach them on the phone. 3600 pings in an hour works out to 1 per second. I just can't see how that is generating 70MB/Sec because a ping is only 64bytes. Again, I would grab a packet capture off of that uplink port (Network Wide -> Packet Capture) and post the .pcap file here. -P
... View more
Felix, Taking a closer look at the second picture, it seems like you got 4.21GB of ping traffic over a period of 1 hour (which works out to about 70MB/sec. Yeah, that is an issue. You are essentially seeing a ping flood. I assume that the device at 198.162.1.250 is your switch. I would run a packet trace on the uplink port just to make sure all that traffic is being generated from the switch itself. Did you ever get a hold of Meraki support? -P
... View more
Hi Felix, The first picture you posted shows one ping about every 2 seconds. That should have no effect on your network. I'm not sure what the second picture is showing because there is no elapsed time. -P
... View more
11-20-2018
06:28 AM
Do you mean 70Mb/sec? If so, that is a different issue then I experienced. My "background" data usage is around 0.5Kb/sec.
... View more
11-13-2018
11:24 AM
1 Kudo
I know some IDS/IPS vendors have test sites for their products. They basically send a test pattern that will be picked up as a threat by their IDS/IPS. http://www.kerio.com/control/ips-test This is similar checking your AV by scanning the EICAR test file. Does anyone know of such a test for Sourcefire's SNORT? Or any other simple testing tool? Thanks. -P
... View more
11-13-2018
09:44 AM
I don't know a lot about security penetration testing, but I would like to test my MX's IDS/IPS. I tried nmap, but it did not produce any events in Security Center. I have Metasploit running but I don't know what tests to try. Has anyone tried this before? Any suggestions would be appreciated. -P
... View more
11-09-2018
11:52 AM
1 Kudo
@Daghan post made me feel a little better. @Mitch_Hennessy posts made me apprehensive. However, I re-upped my Meraki licenses for another year. C'mon Meraki, don't make me look stupid. -P
... View more
11-08-2018
08:49 AM
After considering my last post, I decided to try this... I have not had time to test it yet, but it should work. -P
... View more
11-08-2018
08:39 AM
Thanks Ben83. I can see how that would work, but I wish I did not have to reconfigure my IP address scheme to accommodate a guest network. I was hoping I could do something like this, but only for the wired LAN... A common usage for this would be the "guest SSID" scenario. Changing the Policy for traffic destined to the Local LAN from Allow to Deny prevents clients on the Guest SSID from accessing the LAN but still allows connections to the Internet. This feature can be used in both Bridge Mode and NAT Mode. However, when you put in the destination of "Local LAN" for a MS or MX firewall ACL, you get.... There were errors in saving this configuration: Destination address must be an IP address or a subnet in CIDR form (e.g. '192.168.1.0/24'), or 'any' Maybe I should add this to my wish list. -P
... View more
11-08-2018
07:45 AM
I have a similar question, so rather than add a new topic, I will piggy-back on this one. So it I have this right, in order to create a "Guest" VLAN that will only have internet access, you have to explicitly deny access from that "Guest" VLAN to every other VLAN in the network?
... View more
11-07-2018
09:10 AM
I was running a packet capture on a MS220-8p's uplink port and discovered that the switches IP was constantly pinging the google dns server 8.8.8.8. I can see no reason for this. Any ideas? 17:08:05.873574 IP 172.16.1.202 > 8.8.8.8: ICMP echo request, id 38582, seq 8257, length 64 17:08:05.885341 IP 8.8.8.8 > 172.16.1.202: ICMP echo reply, id 38582, seq 8257, length 64 17:08:06.873886 IP 172.16.1.202 > 8.8.8.8: ICMP echo request, id 38582, seq 8258, length 64 17:08:06.884531 IP 8.8.8.8 > 172.16.1.202: ICMP echo reply, id 38582, seq 8258, length 64 17:08:07.874352 IP 172.16.1.202 > 8.8.8.8: ICMP echo request, id 38582, seq 8259, length 64 17:08:07.885525 IP 8.8.8.8 > 172.16.1.202: ICMP echo reply, id 38582, seq 8259, length 64 17:08:08.874992 IP 172.16.1.202 > 8.8.8.8: ICMP echo request, id 38582, seq 8260, length 64 17:08:08.886283 IP 8.8.8.8 > 172.16.1.202: ICMP echo reply, id 38582, seq 8260, length 64 17:08:09.875136 IP 172.16.1.202 > 8.8.8.8: ICMP echo request, id 38582, seq 8261, length 64 17:08:09.886267 IP 8.8.8.8 > 172.16.1.202: ICMP echo reply, id 38582, seq 8261, length 64 17:08:10.875321 IP 172.16.1.202 > 8.8.8.8: ICMP echo request, id 38582, seq 8262, length 64 17:08:10.886453 IP 8.8.8.8 > 172.16.1.202: ICMP echo reply, id 38582, seq 8262, length 64
... View more
11-07-2018
08:45 AM
Thanks, that was it. I configured the Policy, but forgot to add the switch IP as a RADIUS Client.
... View more
11-07-2018
07:29 AM
I have a very simple setup in my lab. It's one MX65 connected to one MS220-8P connected to one MR30H. I set up a Radius server and configured the MR30H to use it for network authentication. Works great. Today I wanted to set up Radius authentication for some of the switch ports on the MS220-8P . I created an access policy and entered in the same information for the Radius server that I entered for the AP (the same IP address, port number, and secret). However, when I use the "Test" button, it comes back with "1 switch failed to connect to the RADIUS server". I re-checked everything three times. There is nothing in the switch Event Log. How can it be that the AP on the switch can access the Radius server, but the switch itself cannot?
... View more
11-05-2018
12:57 PM
2 Kudos
Mitch, Thanks for taking the time to lay all that out for us. I too was on the Bash Meraki Bandwagon until I read you two posts. I don't pretend to understand all of it, but I got enough to realize there is a lot to consider when starting to look at IPv6. We as consumers and they as vendors have a lot of difficulties to overcome and not much time to do it. It seems we don't have much choice but to educate ourselves as quickly as possible (as it seems like you are doing). IPv6 is the only way forward, so we might as well start taking our lumps now. I am still undecided whether to keep my Meraki equipment, or try to find another vendor who's SMB products are further along with IPv6 (if such a vendor exists - suggestions welcome). Three to six months before a timeline is available? Ooofa! That's very concerning.
... View more
11-05-2018
07:11 AM
I tried connecting from another workstation in the domain and it seems to be working as designed. I was a little confused about the name of the wireless network that the GP creates, but I figured that out by experimenting a little bit. I also tried connecting with an Android phone and a iOS tablet and both worked fine. So, I think I am good for now. Thanks for replying to this thread (even though it's in the wrong forum).
... View more
11-02-2018
11:40 AM
Yes. If I choose User only, it does not work. If I choose Computer or User, then it logs straight in ( I assume with the computer account). The AD group contains both the username and the computer as members. It is added to the NPS server as a condition. Here are the settings under advanced. There is an option for single sign on, but it is unchecked. I have not checked with my phone yet. I will do that and let you know the results. I probably will set it to User and Computer eventually, but I want to make sure both ways work first. I did not mention before, but the CA is also on the same server as the NPS so that should not be an issue. Thanks for you help so far.
... View more
11-02-2018
10:32 AM
OK, I set the RADIUS Wireless Policy to use Computer Authentication Mode instead of User Authentication. . I then ran gpupdate on the client and tried to connect. It connected straight away, without asking for credentials (as I believe it should under this setting). However, I would prefer to use User Authentication so devices that are not in the domain can connect. Is there something else I need to change after I switch the policy to User Authentication?
... View more
11-02-2018
09:57 AM
Thanks for the reply Nolan. Yes, I am using NPS, and used a specific IP (static). I followed the document you linked to as closely as possible, and rechecked everything twice. Still no luck. I configured the supplicant using Group Policy as specified in the document under "(Optional) Deploy a PEAP Wireless Profile using Group Policy", but I will check it again.
... View more
11-02-2018
08:35 AM
I am attempting to configure RADIUS authentication for the first time. The AP is a MR30H. I set up two SSID's. One for Shared Key and one for RADIUS (following the instructions here). I can authenticate using the Shared Key just fine, so I know the basic AP setup is working. RADIUS authentication just returns "Can't connect to the network" without ever prompting for credentials. No error message appears and there are no entries in Event Viewer on the RADIUS server or the client. Here are some details... - RADIUS server is Windows Server 2016 and is on the same VLAN as the AP - When I run the test from the Meraki Dashboard from the AP to the Radius server, it prompts for AD credentials and the test is successful. - Access Control Settings are: Network Access: WPA2-Enterprise with <my Radius Server> WPA2 Encryption Mode <WPA2 Only> Client IP Assignment <Bridge mode: make all clients part of the LAN> ** all other settings are at the defaults I know this is not a lot of info to go on, but this is the first time setting up a RADIUS server for me and I don't know where to look next. Thanks. P.S. Sorry, meant to put this under Wireless. Don't know how to move it there.
... View more
11-01-2018
09:42 AM
1 Kudo
Thanks. That got me passed the 809 error. Then I got another error saying "The connection was terminated..." I googled that and came up with this article that fixed the problem. http://help.vanishedvpn.com/support/solutions/articles/17000062078-how-to-fix-the-connection-was-terminated-by-the-remote-computer-before-it-could-be-completed-
... View more
11-01-2018
08:21 AM
I know this is an older thread, but I am having the identical problem that Carlos had. Android devices VPN in just fine to my MX65, but Windows 10 will not. The Windows devices are getting error 809. Carlos said he fixed this error by opening the ports in the Meraki documentation, but does not link to that document. Does anyone know where that document is, or how to fix the 809 error? Thanks.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 8423 | |
| 1 | 836 | |
| 1 | 980 | |
| 1 | 8263 | |
| 1 | 33447 |
