Community Record
1964
Posts
2418
Kudos
119
Solutions
Badges
Jun 24 2022
8:02 AM
I have encounted this bug many time. I'm pretty sure we have a case open on that and a fix is confirmed. We are on a holiday , I will try to confirm next sunday !
... View more
Jun 21 2022
7:03 AM
6 Kudos
MX do not support link aggregation. You can still plug 2 links , but 1 of them will be in the blocking state
... View more
Jun 21 2022
5:11 AM
Let's say our branch look like that : (Branch A ) MS390 -> MX250 ( Internet ) -> MX450 ( HUB ) -> ( internet ) -> MX250 -> MS390 ( Branch B ) Does the MX need to support SGT ? Or only the access layer ? So you don't think that the SGT are coming to existing models , they will need to release new models to support it ?
... View more
Jun 20 2022
6:31 PM
Hi , After hearing couple sessions about SGT and TrustSec at Cisco Live , we are now interested to try SGT/Adaptive Policy on our Meraki environement. We already have tons of MS350 and a working Cisco ISE. 1- Do you really need a MS390 to make SGT work ? I don't get that part : Without this configured on Peer to Peer links, the SGT value will not be propagated on packets. This configuration is ONLY for inline SGT capable devices and will not work with MS switches previous to the MS390 https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Adaptive_Policy/Adaptive_Policy_MS_Configuration_Guide We obviously don't want to do static assignement to ports. All dynamic via ISE. Has anyone tried that yet ? What was your experience and setup ? EDIT : then found the more detailed doc : https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Adaptive_Policy/Adaptive_Policy_Configuration_Guide Which explained some of my questions. Silly me Thanks 🙂
... View more
Jun 8 2022
10:31 AM
1 Kudo
Hi , Please refer to the official API documentation : https://developer.cisco.com/meraki/api-latest/#!get-network-clients It should be something like : dashboard.networks.getNetworkClients( network_id, total_pages='all' )
... View more
Jun 7 2022
10:14 AM
2 Kudos
I think this is more related to vulnerabilities. Let's say you find a bug with their implementation of a feature that doesn't involve a security issue ( or a vuln ) you won't get paid. Don't quote me on that !
... View more
To your knowledge , does this affect all the APs under 28.X code ?
... View more
Great post and great explanation ! MTU , MSS can always be a nightmare to troubleshoot 🙂
... View more
Hi , This is one of the options : either check the syslogs for that event ( link below ) , or get the devices that are alerting via API : https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Alert_-_Recent_802.1X_Failure
... View more
May 31 2022
5:48 AM
3 Kudos
Just tried it and works like a charm ! Are you sure that the provided ip=X.X.X.X has been configured on your MX ? ( SD-WAN & Trafic shaping ) :
... View more
May 31 2022
5:42 AM
Good idea ! However , Meraki has stated that the re-auth timer is a fixed 1h because of hardware limitation. I would be great to adapt the firmware to reprocess the auth either on a timer like you suggested or via the dashboard ( eg : re-auth all clients in the ''Tools'' tab or something like that )
... View more
May 30 2022
2:44 PM
Hi , We have a setup with MX68 with all ports configured with Hybrid Auth ( 802.1X and MAB ). In certain regions , we often lose power and the MX will reboot. Most of the time ( 90% of the time ) , the devices directly connected to the MX will be up before the MX has time to get the VPN tunnels up. Since the VPN tunnel is not up yet , the 802.1X and MAB auth fails. On the MX there is a 802.1X reauth timer of 1 hour , so the devices that supports 802.1X will re-auth after 1 hour and will come up online. ( not ideal but still better than nothing ). The MX do not support CoA ( yet ? ) so we can't do anything to force a re-auth However , many devices do not support .1X and will fail to auth and will never re-auth unless you do a port cycle ( which we can't do on a MX ) or you unplug the ethernet cable. Do you guys experience this ? Any wild suggestion ? We can't disable the port because the MX are in a big template with many other sites , we can't place a small 8 port switch ( too expensive , too many sites ). I feel like I'm out of options ( simple ones though ) Thanks ,
... View more
Labels:
- Labels:
-
Other
Traceroute is ICMP based , many hops on the Internet will process ICMP with a ultra low priority. MTR is often tcp/udp/icmp based and since they are both different , you will recevied different results. Here is a great explanation : https://www.cloudflare.com/learning/network-layer/what-is-mtr/
... View more
May 22 2022
11:23 AM
2 Kudos
Hi , Please refer to the documentation : https://developer.cisco.com/meraki/api-v1/#!get-network-traffic The timespan for which the information will be fetched. If specifying timespan, do not specify parameter t0. The value must be in seconds and be less than or equal to 30 days.
... View more
May 12 2022
12:49 PM
Hi , I have a hard time understanding this documentation : https://documentation.meraki.com/MS/Access_Control/Meraki_MS_Group_Policy_Access_Control_Lists Let's say I have a simple network A with 5 switches. I want to create Group Policy A,B,C with 40 L3 rules each. Can this be achieved ? This is the part that confuses me : The per-switch limit of 32 rules with layer-4 ports is shared between QoS and Group Policy ACL rules. However, while every QoS rule with a port range counts towards the limit, a Group Policy ACL rule with port range is counted only if a client device in that group is connected to the switch.
... View more
May 12 2022
5:43 AM
1 Kudo
I didn't have the courage to comment that. I don't see how ranting here is helping at all. I have seen couple posts with that attidude and It has not encouraged me to do some testing on my end.
... View more
May 11 2022
7:29 PM
2 Kudos
I wish it would simply be in the footer OR the URL that would be nice ! Good suggestion
... View more
May 11 2022
11:40 AM
A "quick" way to find endpoint of expect results : api.meraki.com/api/v1/openapiSpec then CTRL+F "static" and it was the first result 🙂
... View more
May 11 2022
10:08 AM
When capturing on Internet you don't even see the ESP , ISAKMP packets ? Are you sure you are not applying a pre-capture filter ?
... View more
May 11 2022
10:03 AM
1 Kudo
I see 2 ways of doing it. You could maybe use a template and do the changes on the templates or use the APIs to push the changes on all the desired networks.
... View more
May 11 2022
8:28 AM
I was able to confirm that a MX will not forward trafic if the vlan is not present on the MX. Here are my tests : MX 15.44 with vlans from 1-1035. ARPs are from vlans 3000-3035 on SW#1 and not forwarded downstream to SW#2 via le MX Setup : PCAP#1: PCAP#2 :
... View more
May 10 2022
10:21 AM
I'm using this endpoint daily without any issues. Have you tried to remove some of the filters ? Like OS
... View more
May 10 2022
8:00 AM
2 Kudos
Spamming Tree , is that a typo or intended pun 😂
... View more
Kudos given to
My Accepted Solutions
Subject | Views | Posted |
---|---|---|
148 | yesterday | |
181 | 2 weeks ago | |
382 | 4 weeks ago | |
555 | Nov 18 2024 10:57 AM | |
506 | Nov 15 2024 7:55 AM | |
3449 | Nov 12 2024 5:35 AM | |
748 | Nov 8 2024 4:29 AM | |
1997 | Nov 6 2024 3:07 PM | |
585 | Nov 5 2024 12:25 PM | |
404 | Nov 5 2024 6:08 AM |
My Top Kudoed Posts
Subject | Kudos | Views |
---|---|---|
15 | 3828 | |
13 | 2740 | |
13 | 8261 | |
12 | 1962 | |
11 | 1118 |