Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About JF1
JF1
Getting noticed
Member since Dec 11, 2018
a week ago
Community Record
25
Posts
6
Kudos
0
Solutions
Badges
a week ago
Interestingly Meraki have since requested we disable 802.11w on the associated SSID. Clearly there is some issue there! We will do this and perform further testing in an attempt to see if its a contributing factor to the issue. Thanks for the input
... View more
a week ago
An update for anyone interested as I see a few RADIUS related posts recently. We have found that Microsoft Credential Guard may be impacting this. Disabling Credential Guard and clients can connect. We are continuing to investigate, however potentially worth looking at this if anyone else is having issues
... View more
3 weeks ago
I have asked that, as I dont support the server infrastructure. Thanks for the input. Ive also got a ticket open with meraki support so I can see what they advise.
... View more
3 weeks ago
On the RADIUS server the first log for the affected device is a log from the AP, destination the RADIUS server - Access-Request The response in Wireshark to the log above is from the AD server to the AP - Access-Challenge This repeats so the next log is from the AP, destination the RADIUS server - Access-Request The response in Wireshark to the log above is from the AD server to the AP - Access-Challenge This repeats one more time - next log is from the AP, destination the RADIUS server - Access-Request The response in Wireshark to the log above is from the AD server to the AP - Access-Challenge So ultimately I dont see an Access-Reject or Access-Accept
... View more
3 weeks ago
No I dont. Other than the "Length:" under a few headings but I don't think this is related? Found this guide - RADIUS Issue Resolution Guide - Cisco Meraki The last packet I can see is an Access-Challenge response (to an Access-Requested message) from the RADIUS server to the AP.
... View more
3 weeks ago
Hi I am having an issue with an SSID that uses Radius Authentication. The problem is intermittent and doesn't affect all users, however the users / devices who are affected consistently have the problem. If an affected user attempt to connect to said SSID they receive an error advising unable to connect to said SSID. In the Meraki dashboard I see this error:- "Client made an 802.1X authentication request to the RADIUS server, but it did not respond." In the 2 scenarios we have 2 laptops both registering via the same access point. The laptops are the same model and have been imaged the same. I have performed a number of packet captures for both working and failed connection attempts. When reviewing the packet capture, for the working scenario I can see an access challenge, access request and an access accept. The failed attempts I only see the access challenge and access request - we don't see the accept. When performing a packet capture on the RADIUS server, I cant see this issuing the Access-Accept Has anyone seen this before? I presume the RADIUS server should issue the Access-Accept and therefore the RADIUS server is likely causing the issue? I'm struggling to find a resolution and hoping someone may be able to help. Thanks
... View more
12-21-2022
02:24 AM
Thanks you 🙂
... View more
12-21-2022
02:24 AM
Thank you 🙂
... View more
12-21-2022
02:17 AM
Thanks. For this particular client we see the same benefits for the per device model. I just need to ensure that as part of the conversion process from co-term to per device we dont experience any outages.....configs arent lost.... no service disruption. I presume its a fairly seamless process?
... View more
12-21-2022
01:18 AM
My bad, I did search prior to raising the post however I failed to find that page within the documentation. Thanks for clarifying
... View more
12-21-2022
01:09 AM
Hi We have a client who wants to move from a co-term licence model to the per device model. Has anyone done this or does anyone have a step by step guide? Within the Licence Info page I can see the "convert to per device licensing option". I am hoping its a case of clicking this. All devices will be given an end date aligned with the co-term model. Then when loading new licences we apply to specific devices? Im hesitant about jumping in and selecting "convert to per device licensing option" without knowing what the next steps are. Thanks in advance James
... View more
10-27-2022
12:20 PM
Our issue appeared to be resolved by a firmware upgrade. The issue first started occurring on security appliances running firmware 16.16. Meraki advised there were known issues in this version relating to memory leaks in certain scenarios that resulted in the appliance failing. Following lengthy discussions and analysis from meraki we upgraded to MX16.16.3 and touch wood since we havent had any further repeats (we have carried out 2 Nessus scans across all networks including hubs). During our discussions Meraki support did also mention they have means to temporarily whitelist IP addresses of scanners to alleviate potential knock on compute complications on security appliances - in our scenario this ultimately wasnt required however it may be an option. Id suggest chasing Meraki...
... View more
10-26-2022
04:20 AM
1 Kudo
We have seen similar previously. We raised a case with Meraki who advised if the first packet is allowed, the dashboard will report the threat as "allowed", even though all other packets are blocked and therefore the threat is actually blocked. Here are the case notes "After discussing this with the specialist and to add a bit more detail to the explanation I provided. Snort will analyse a copy of the original traffic, once it made a decision about whether the traffic is malicious or not it will look for the "original" traffic in the flow table, but if it's not there is nothing else that can happen. The 'original' traffic will be processed normally, and is subject to all the other elements. it's likely that the packet was discarded before getting to the flow table" Did you receive a response from Meraki? This issue is a real concern for us, we see this scenario regular as ultimately, if Meraki are correct in what they are saying the Dashboard is misrepresenting the truth - surely thats not correct and a design flaw?
... View more
10-17-2022
08:12 AM
In a word no, not at the minute. The latest notes received on the case advise "During the call, I managed to establish that your MX has been running into a known issue that is currently being worked on by our engineering team." The roll back to MX16.16.6 addressed our issue. I was advised we should receive some more detailed routes around the cause. I will share these if received.
... View more
10-17-2022
03:55 AM
For awareness Meraki support advised the above issue is a bug. We have rolled back to the previous firmware
... View more
10-17-2022
03:19 AM
We upgraded a site to this firmware at the weekend. We now have an issue whereby client endpoints are unable to browse to the internet. We can ping the internet fine, DNS is resolving, however we cant browse. I cant see any obvious cause. Has anyone else encountered this?
... View more
06-22-2022
09:45 AM
Hi Im hoping someone can clarify something. We have a pair of MX250s in an active passive build. These have the Advanced Security Licence. I recently noticed that in Security Centre a number of "Threats" had been allowed. This was the case even though the Threat wasn't whitelisted, and therefore in my mind the traffic should be blocked. I raised a case with Meraki support who advised " I was analysing these logs and saw that the same signature was showing as blocked previously, so I understand that the dashboard might be misleading in this case. Basically, the MX will look up the flow based on the source and destination information associated with the event along with the flow direction. If the flow that created the event is not found, then the MX would log the flow as "Allowed". This means that it is possible that the flow was dropped before the MX looked for it." Essentially (if my understanding is correct) the Dashboard and Security Centre is misreporting and these Threats were actually dropped. Essentially false flag alerts. I questioned with Meraki support who advised this is design intent and suggested I raise the good old "make a wish" if a change is needed. Can anyone explain this in greater detail, does this make sense to you as it doesn't to me....am I missing something or is this a design flaw? Thanks in advance.
... View more
05-23-2022
02:55 AM
2 Kudos
For those interested some further feedback on this issue. The firmware we are running 16.16 - there are some known issues relating to IPS / IDS that can result in a memory leak and hardware crash. A new firmware release is expected early June that addresses this issue. Also, in regards to StevePhipps comment - from our experience when the scan was ran there are a number of "connections" initiated to the security appliances (prior to the scan under BAU this connection count was around 100k, when we initiated the scan this jumped to over 500k), these "connections" lead to an increase in CPU and memory usage and in our scenario this led to a drop in performance.
... View more
05-06-2022
09:20 AM
Hi We had a number of sites loose connection to the Meraki Dashboard between 16:58 and 17:10. I am trying to identify if this was a network outage or a Dashboard issue. Did anyone else recieve a series of "network has become unreachable from the Meraki cloud." and "network regained contact with the Meraki cloud." between these times? Thanks
... View more
04-11-2022
06:19 AM
1 Kudo
Hi, I think this maybe more of a wish / design request, however does anyone know if a Meraki Dashboard status page exists? Reason I ask, on a number of occasions we have received alerts advising of devices losing connection. These can be a good indicator of a network outage, however recently the issue has been with the availability of the Meraki Dashboard. hence me having a mild panic attack when actually the issue is availability of the Dashboard. It would be beneficial if Meraki had some form of Dashboard status page, or released live notifications regarding issues of this nature? Any advise / thoughts would be appreciated. Regards
... View more
03-30-2022
03:35 AM
2 Kudos
When performing a Nessus security scan, our MX250 appliance becomes unresponsive and crashes. We have noted that if we disable IPS / IDS this behaviour does not occur. Therefore whilst the scan was running we disabled IPS / IDS and have since re-enabled. However we don't believe this is normal behaviour. Does anyone have any experience of this? We do have a ticket open with Meraki support however feedback to date hasn't been helpful. thanks in advance
... View more
My Top Kudoed Posts
