Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About tantony
Community Record
300
Posts
59
Kudos
4
Solutions
Badges
04-06-2022
06:17 PM
It turned out the reason I couldn't login, and I wasn't getting anything on Duo mobile app was because the AD user account I created didn't have the necessary permissions. I have the Duo MFA working now. But I'm kind of confused. Because, I didn't ask Meraki to adjust the time out, but I was still able to get the Duo push notification and login. So may be the timeout adjustment is not necessary?
... View more
04-05-2022
05:10 PM
I'm trying the DUO MFA, but after I enter my username and password, I'm not getting any notifications / push on my iPhone, and eventually I got a time out error on the VPN client. Is this because I did not call Meraki to adjust the time out? https://community.meraki.com/t5/Security-SD-WAN/Using-DUO-for-2FA-how-to/m-p/38442
... View more
03-21-2022
12:41 PM
Thanks, I do prefer a physical MX like I have now, but just wanted to know the virtual MX instance works.
... View more
03-21-2022
12:20 PM
My company is expanding, and we might be moving to a second building. This means I need another MX for site-to-site VPN. I'm also looking into the possibility of a virtual MX appliance, but I know anything about this. From what I know, this can be hosted in AWS, Azure, etc. But how does the physical connection happen?
... View more
02-23-2022
06:56 AM
Thanks, that's what I thought, but I guess better safe than sorry.
... View more
02-22-2022
06:40 PM
Anyone here blocking traffic to / from Russia on their Meraki especially with high risk of cyber attack from Russia? Even if I block traffic from Russia with MX layer 7, what would happen if an actual hacker from Russia uses VPN to be in 'US'? Is Meraki smart enough to 'unmask' the VPN from Russia pretending to be from US?
... View more
Labels:
- Labels:
-
Firewall
12-16-2021
02:59 PM
Any security issues with leaving the status page open for all users?
... View more
12-16-2021
02:52 PM
@cmr Thanks, so I can only temporarily disable it? How do I do that on the MX dashboard? Is there any security issues with leaving it open?
... View more
12-16-2021
02:39 PM
By default does any user on the network have access to the MX device local status page (the default gateway IP) also known as the http://wired.meraki.com page? Because a user could see what the default gateway is by doing an ipconfig and go to the ip to see the local status page right? Is there a way to restrict access to the local status page or wired.meraki.com page only to the admin users?
... View more
12-06-2021
05:57 AM
I would like to enable 2fa for client VPN. Currently the users enter their AD credentials for VPN. I've setup NPS in my AD servers, and made them the RADIUS in Meraki dashboard for VPN. I'm deciding between Duo and Azure MFA. How's azure MFA extension for NPS? How does this work? After the user enter their AD credentials in the VPN client, they get a phone alert? Is MFA extension free? https://community.meraki.com/t5/Security-SD-WAN/Meraki-VPN-Client-Azure-MFA/td-p/48322 https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension
... View more
10-29-2021
05:13 PM
@PhilipDAth Thanks, I'll use port 1912 for Duo Auth Proxy. Yes, I'm already using both of my DCs as RADIUS for redundancy .
... View more
10-29-2021
06:38 AM
Am I thinking this correct? It sounds like I need to contact Meraki directly to enable the timeouts and may be the settings for AnyConnect.
... View more
10-28-2021
11:39 AM
Yes, Duo looks easier. There was a Meraki documentation on setting up 2FA which featured RSA, Microsoft Azure, but I can't find that link. On my RADIUS server, I'm running NPS on port 1812. For VPN authentication on AD. So I should run the Duo Auth Proxy on port 1912 on the same RADIUS server? I'm actually using 2 RADIUS servers, both also Domain Controllers. Do I need to contact Meraki to do this? Because I saw something about Meraki need to change the timeout to wait for proxy? Like I said, I'm using the native Windows VPN client, should I be using AnyConnect if I want to use 2FA? Is there any documentation that shows me the exact steps?
... View more
10-28-2021
07:52 AM
Currently, I'm using RADIUS authentication for VPN. I'm using Active Directory servers as the RADIUS. I'm using Windows 10 native VPN client also. So when a user logs in, they open their Windows 10 VPN client, then enter their Active Directory username and password, and if everything is correct, they're connected to VPN. I would like to enable 2FA on the VPN. If I understand correctly, I cannot do this from the native Windows 10 VPN, but I can do this from AnyConnect? How exactly would I do this? So when I user types in their AD credentials, I would like them to enter the correct PIN or something like that as a secondary authentication method. I know I have to use third party vendors such as Duo, RSA, Azure etc. for the 2nd part of the authentication From my research, Duo is the easiest to setup. Anyone else using RSA or Azure? The below post says I need to contact Meraki to adjust the timeout settings. https://community.meraki.com/t5/Security-SD-WAN/Using-DUO-for-2FA-how-to/td-p/38442.
... View more
08-30-2021
10:33 AM
Ah right, I forgot about that part. I already have the trunk and lags as trusted, and rest untrusted. So far, I've only enabled DAI on one of the switch, and everything is working.
... View more
08-30-2021
10:19 AM
Wouldn't the client's MAC already have to be in the DHCP Snooping table even to get DHCP? I'm talking about a new device that never connected before.
... View more
08-30-2021
08:17 AM
Sorry if this is the wrong place, I couldn't find a general network section. My switches are Netgear (I know, I know), and I have DHCP Snooping enabled, and I'm also thinking about enabling Dynamic ARP Inspection (DAI). Do you guys have DHCP Snooping and DAI enabled at your production network? I know DAI looks at the DHCP Snooping database to compare the MAC and IP, but with people working from their home, what happens when they return to work since their laptops will not be in the DHCP Snooping database. I know you can manually add them but that's a lot of work. Also, what about 802.1X authentication, anyone using them on their production network? I'm trying to make my production network more secure.
... View more
08-30-2021
08:12 AM
2 Kudos
Happy Birthday Meraki
... View more
08-08-2021
01:22 PM
@PhilipDAth I agree, but that's the only vendor I could find so far. Any suggestions?
... View more
08-08-2021
10:15 AM
Does Meraki make any AP to be used in tunnels? So far, the only solution is a company called Eion wireless. What I'm trying to do is this. When people go into tunnels, I want to get a live feed of what they're doing. I can put a switch for this, but I'm trying to reduce cabling to make it more user friendly since the people that go into the tunnels move around a lot, and any cables will be in their way, and could easily get damaged. If I can get an AP to work in the tunnels (not all tunnels are a straight line, some have bends, the depth is 60ft from top to bottom of the tunnel entrance), it will more easier to use. The users will carry smart phones which will connect t to the AP to provide live video and audio. I found this AP that might work since this is designed for use in tunnels. Does Meraki make anything like this or any suggestions? I'm looking for a rugged AP since the work environment is dusty, dark, cold etc. http://eion.ibeam-solutions.com/product/tunnel This is what I'm thinking so far
... View more
07-29-2021
06:16 AM
@KarstenI I agree I need Meraki switches, I have a MX84 does that count? 😀 Just to make sure I understand, if I enable DHCP snooping, I don't HAVE to enable DAI. But for DAI to work efficiently, the DHCP snooping database need to populate. Is that right? I'm new to switch security.
... View more
07-29-2021
06:02 AM
Sorry if this is the wrong place to ask, but my switches are Netgear switches. I would like to enable DHCP snooping and Dynamic ARP Inpection (DAI) on my switches. If I understand correctly, DAI works with the DHSP snooping database to compare the MAC address. My question is, if I enable DHCP snooping, do I have to enable DAI also to work properly? Can I just enable DHCP snooping? The reason is because I tried DHCP snooping + DAI on one of the switches to test, and as soon as I enabled DAI, I lost the uplink.
... View more
Labels:
- Labels:
-
Layer 2
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 1524 | 05-17-2019 12:25 PM | |
| 12751 | 05-10-2019 07:18 AM | |
| 7647 | 04-15-2019 06:02 AM | |
| 37126 | 01-29-2019 09:26 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 6 | 14395 | |
| 4 | 1512 | |
| 4 | 34579 | |
| 3 | 2195 | |
| 2 | 618 |
