The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About tantony
tantony

tantony

Head in the Cloud

Member since Dec 19, 2018

4 weeks ago
Kudos from
User Count
cmr
Kind of a big deal cmr
2
CarolineS
Community Manager CarolineS
4
MeredithW
Community Manager MeredithW
5
Inderdeep
Kind of a big deal Inderdeep
2
UCcert
Kind of a big deal UCcert
1
View All
Kudos given to
User Count
cmr
Kind of a big deal cmr
2
KarstenI
Kind of a big deal KarstenI
2
Ryan_Miles
Meraki Employee Ryan_Miles
1
PhilipDAth
Kind of a big deal PhilipDAth
3
Inderdeep
Kind of a big deal Inderdeep
1
View All

Community Record

300
Posts
59
Kudos
4
Solutions

Badges

100 Posts
50 Posts
First 5 Posts
50 Kudos
25 Kudos
First 10 Kudos View All
Latest Contributions by tantony
  • Topics tantony has Participated In
  • Latest Contributions by tantony
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 11
  • Next »

Re: DUO for Clien VPN MFA

by tantony in Security / SD-WAN
‎04-06-2022 06:17 PM
‎04-06-2022 06:17 PM
It turned out the reason I couldn't login, and I wasn't getting anything on Duo mobile app was because the AD user account I created didn't have the necessary permissions.  I have the Duo MFA working now.  But I'm kind of confused.   Because, I didn't ask Meraki to adjust the time out, but I was still able to get the Duo push notification and login.  So may be the timeout adjustment is not necessary? ... View more

DUO for Clien VPN MFA

by tantony in Security / SD-WAN
‎04-05-2022 05:10 PM
‎04-05-2022 05:10 PM
I'm trying the DUO MFA, but after I enter my username and password, I'm not getting any notifications / push on my iPhone, and eventually I got a time out error on the VPN client.  Is this because I did not call Meraki to adjust the time out?   https://community.meraki.com/t5/Security-SD-WAN/Using-DUO-for-2FA-how-to/m-p/38442  ... View more

Re: Virtual MX

by tantony in Security / SD-WAN
‎03-21-2022 12:41 PM
‎03-21-2022 12:41 PM
Thanks, I do prefer a physical MX like I have now, but just wanted to know the virtual MX instance works. ... View more

Virtual MX

by tantony in Security / SD-WAN
‎03-21-2022 12:20 PM
‎03-21-2022 12:20 PM
My company is expanding, and we might be moving to a second building.  This means I need another MX for site-to-site VPN.  I'm also looking into the possibility of a virtual MX appliance, but I know anything about this.  From what I know, this can be hosted in AWS, Azure, etc.  But how does the physical connection happen? ... View more

Re: Blocking traffic to / from Russia?

by tantony in Security / SD-WAN
‎02-23-2022 06:56 AM
‎02-23-2022 06:56 AM
Thanks, that's what I thought, but I guess better safe than sorry. ... View more

Blocking traffic to / from Russia?

by tantony in Security / SD-WAN
‎02-22-2022 06:40 PM
‎02-22-2022 06:40 PM
Anyone here blocking traffic to / from Russia on their Meraki especially with high risk of cyber attack from Russia?   Even if I block traffic from Russia with MX layer 7, what would happen if an actual hacker from Russia uses VPN to be in 'US'?   Is Meraki smart enough to 'unmask' the VPN from Russia pretending to be from US? ... View more
Labels:
  • Labels:
  • Firewall

Re: MX device local status page

by tantony in Security / SD-WAN
‎12-16-2021 02:59 PM
‎12-16-2021 02:59 PM
Any security issues with leaving the status page open for all users? ... View more

Re: MX device local status page

by tantony in Security / SD-WAN
‎12-16-2021 02:58 PM
2 Kudos
‎12-16-2021 02:58 PM
2 Kudos
 ok thank you @cmr  ... View more

Re: MX device local status page

by tantony in Security / SD-WAN
‎12-16-2021 02:52 PM
‎12-16-2021 02:52 PM
@cmr  Thanks, so I can only temporarily disable it?  How do I do that on the MX dashboard? Is there any security issues with leaving it open? ... View more

MX device local status page

by tantony in Security / SD-WAN
‎12-16-2021 02:39 PM
‎12-16-2021 02:39 PM
By default does any user on the network have access to the MX device local status page (the default gateway IP) also known as the http://wired.meraki.com page?   Because a user could see what the default gateway is by doing an ipconfig and go to the ip to see the local status page right?     Is there a way to restrict access to the local status page or wired.meraki.com page only to the admin users? ... View more

Client VPN 2FA with MFA extension for NPS

by tantony in Security / SD-WAN
‎12-06-2021 05:57 AM
‎12-06-2021 05:57 AM
I would like to enable 2fa for client VPN.  Currently the users enter their AD credentials for VPN.  I've setup NPS in my AD servers, and made them the RADIUS in Meraki dashboard for VPN.   I'm deciding between Duo and Azure MFA.  How's azure MFA extension for NPS?  How does this work?  After the user enter their AD credentials in the VPN client, they get a phone alert?  Is MFA extension free?     https://community.meraki.com/t5/Security-SD-WAN/Meraki-VPN-Client-Azure-MFA/td-p/48322   https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension     ... View more

Re: Meraki client VPN 2FA

by tantony in Security / SD-WAN
‎10-29-2021 05:13 PM
‎10-29-2021 05:13 PM
@PhilipDAth  Thanks, I'll use port 1912 for Duo Auth Proxy.  Yes, I'm already using both of my DCs as RADIUS for redundancy  .   ... View more

Re: Meraki client VPN 2FA

by tantony in Security / SD-WAN
‎10-29-2021 06:38 AM
‎10-29-2021 06:38 AM
Am I thinking this correct?  It sounds like I need to contact Meraki directly to enable the timeouts and may be the settings for AnyConnect. ... View more

Re: Meraki client VPN 2FA

by tantony in Security / SD-WAN
‎10-28-2021 11:39 AM
‎10-28-2021 11:39 AM
Yes, Duo looks easier.  There was a Meraki documentation on setting up 2FA which featured RSA, Microsoft Azure, but I can't find that link.     On my RADIUS server, I'm running NPS on port 1812.  For VPN authentication on AD.  So I should run the Duo Auth Proxy on port 1912 on the same RADIUS server?  I'm actually using 2 RADIUS servers, both also Domain Controllers.   Do I need to contact Meraki to do this?  Because I saw something about Meraki need to change the timeout to wait for proxy?  Like I said, I'm using the native Windows VPN client, should I be using AnyConnect if I want to use 2FA?   Is there any documentation that shows me the exact steps? ... View more

Meraki client VPN 2FA

by tantony in Security / SD-WAN
‎10-28-2021 07:52 AM
‎10-28-2021 07:52 AM
Currently, I'm using RADIUS authentication for VPN.  I'm using Active Directory servers as the RADIUS.  I'm using Windows 10 native VPN client also.  So when a user logs in, they open their Windows 10 VPN client, then enter their Active Directory username and password, and if everything is correct, they're connected to VPN.   I would like to enable 2FA on the VPN.  If I understand correctly, I cannot do this from the native Windows 10 VPN, but I can do this from AnyConnect?  How exactly would I do this?  So when I user types in their AD credentials, I would like them to enter the correct PIN or something like that as a secondary authentication method.   I know I have to use third party vendors such as Duo, RSA, Azure etc. for the 2nd part of the authentication   From my research, Duo is the easiest to setup.  Anyone else using RSA or Azure?  The below post says I need to contact Meraki to adjust the timeout settings.   https://community.meraki.com/t5/Security-SD-WAN/Using-DUO-for-2FA-how-to/td-p/38442.  ... View more

Re: Dynamic ARP Inspection (DAI)

by tantony in Full-Stack & Network-Wide
‎08-30-2021 10:34 AM
‎08-30-2021 10:34 AM
Love to hear if anyone is using 802.1X on their network also. ... View more

Re: Dynamic ARP Inspection (DAI)

by tantony in Full-Stack & Network-Wide
‎08-30-2021 10:33 AM
‎08-30-2021 10:33 AM
Ah right, I forgot about that part.  I already have the trunk and lags as trusted, and rest untrusted.   So far, I've only enabled DAI on one of the switch, and everything is working. ... View more

Re: Dynamic ARP Inspection (DAI)

by tantony in Full-Stack & Network-Wide
‎08-30-2021 10:19 AM
‎08-30-2021 10:19 AM
Wouldn't the client's MAC already have to be in the DHCP Snooping table even to get DHCP?  I'm talking about a new device that never connected before. ... View more

Dynamic ARP Inspection (DAI)

by tantony in Full-Stack & Network-Wide
‎08-30-2021 08:17 AM
‎08-30-2021 08:17 AM
Sorry if this is the wrong place, I couldn't find a general network section.  My switches are Netgear (I know, I know), and I have DHCP Snooping enabled, and I'm also thinking about enabling Dynamic ARP Inspection (DAI).  Do you guys have DHCP Snooping and DAI enabled at your production network?   I know DAI looks at the DHCP Snooping database to compare the MAC and IP, but with people working from their home, what happens when they return to work since their laptops will not be in the DHCP Snooping database.  I know you can manually add them but that's a lot of work.   Also, what about 802.1X authentication, anyone using them on their production network?   I'm trying to make my production network more secure. ... View more

Re: 🎁 🍰 🎈 Happy 4th Birthday, Meraki Community! 🎈 🍰 🎁

by tantony in Community Announcements
‎08-30-2021 08:12 AM
2 Kudos
‎08-30-2021 08:12 AM
2 Kudos
Happy Birthday Meraki  ... View more

Re: WiFi router or Access Point for use in tunnels / mining environment

by tantony in Wireless LAN
‎08-08-2021 01:22 PM
‎08-08-2021 01:22 PM
@PhilipDAth    I agree, but that's the only vendor I could find so far.  Any suggestions? ... View more

WiFi router or Access Point for use in tunnels / mining environment

by tantony in Wireless LAN
‎08-08-2021 10:15 AM
‎08-08-2021 10:15 AM
Does Meraki make any AP to be used in tunnels?  So far, the only solution is a company called Eion wireless. What I'm trying to do is this.  When people go into tunnels, I want to get a live feed of what they're doing.  I can put a switch for this, but I'm trying to reduce cabling to make it more user friendly since the people that go into the tunnels move around a lot, and any cables will be in their way, and could easily get damaged.   If I can get an AP to work in the tunnels (not all tunnels are a straight line, some have bends, the depth is 60ft from top to bottom of the tunnel entrance), it will more easier to use.  The users will carry smart phones which will connect t to the AP to provide live video and audio.   I found this AP that might work since this is designed for use in tunnels.  Does Meraki make anything like this or any suggestions?  I'm looking for a rugged AP since the work environment is dusty, dark, cold etc.   http://eion.ibeam-solutions.com/product/tunnel    This is what I'm thinking so far       ... View more

Re: DHCP snooping and Dynamic ARP Inspection

by tantony in Switching
‎07-29-2021 06:35 AM
‎07-29-2021 06:35 AM
@KarstenI  Thank you  ... View more

Re: DHCP snooping and Dynamic ARP Inspection

by tantony in Switching
‎07-29-2021 06:16 AM
‎07-29-2021 06:16 AM
@KarstenI  I agree I need Meraki switches, I have a MX84 does that count?  😀   Just to make sure I understand, if I enable DHCP snooping, I don't HAVE to enable DAI.   But for DAI to work efficiently, the DHCP snooping database need to populate.   Is that right?  I'm new to switch security. ... View more

DHCP snooping and Dynamic ARP Inspection

by tantony in Switching
‎07-29-2021 06:02 AM
‎07-29-2021 06:02 AM
Sorry if this is the wrong place to ask, but my switches are Netgear switches.   I would like to enable DHCP snooping and Dynamic ARP Inpection (DAI) on my switches.  If I understand correctly, DAI works with the DHSP snooping database to compare the MAC address.  My question is, if I enable DHCP snooping, do I have to enable DAI also to work properly?     Can I just enable DHCP snooping?  The reason is because I tried DHCP snooping + DAI on one of the switches to test, and as soon as I enabled DAI, I lost the uplink. ... View more
Labels:
  • Labels:
  • Layer 2
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 11
  • Next »
Kudos from
User Count
cmr
Kind of a big deal cmr
2
CarolineS
Community Manager CarolineS
4
MeredithW
Community Manager MeredithW
5
Inderdeep
Kind of a big deal Inderdeep
2
UCcert
Kind of a big deal UCcert
1
View All
Kudos given to
User Count
cmr
Kind of a big deal cmr
2
KarstenI
Kind of a big deal KarstenI
2
Ryan_Miles
Meraki Employee Ryan_Miles
1
PhilipDAth
Kind of a big deal PhilipDAth
3
Inderdeep
Kind of a big deal Inderdeep
1
View All
My Accepted Solutions
Subject Views Posted

Re: Can't ping a subnet from VPN

Security / SD-WAN
1524 ‎05-17-2019 12:25 PM

Re: Meraki MX and UniFi AP

Security / SD-WAN
12751 ‎05-10-2019 07:18 AM

Re: Does Meraki MX need connection to the Meraki cloud / Internet?

Security / SD-WAN
7647 ‎04-15-2019 06:02 AM

Re: Can't ping a device on the network

Security / SD-WAN
37126 ‎01-29-2019 09:26 AM
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Photo Contest: Be featured in the Cisco Meraki Quarterly!

Community Announcements
6 14395

Re: Odd WAN behavior

Security / SD-WAN
4 1512

Re: Welcome! Please introduce yourself.

Community Tips & Tricks
4 34579

Your hobbies

Off the Stack
3 2195

Re: MX device local status page

Security / SD-WAN
2 618
View All
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2022 Meraki