Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About Twitch
Twitch
Building a reputation
Member since Jan 6, 2019
Friday
Community Record
153
Posts
76
Kudos
0
Solutions
Badges
06-27-2023
12:21 PM
Correct. There is an update available, but I have not had a chance to look into which version the update will take us to.
... View more
06-26-2023
07:40 AM
Morning ww - we are allowing DHCP servers, though I am not sure why the description for the server has a different name for VLAN 40 considering that it's the same server that is listed for VLAN 1. For some reason, Meraki seems to think that the DHCP server for VLAN 40 is the LAN interface of the 4331 router (the listed MAC is for the Gig 0/0/1 interface on the 4331, but I'm assuming this has something to do with the relay config.)
... View more
06-26-2023
07:00 AM
Morning everyone. I'm seeing some weirdness with DHCP Relay. We have a Cisco 4331 router connected to Meraki MS210-48P switches running firmware version 15.18. The 4331 router handles all of the layer 3 functions for the network, and has two subinterfaces configured - one for VLAN 1 (0/0/1.10) and one for VLAN 40 (0/0/1.40). The VLAN 40 subinterface has ip helper-address 10.0.10.7 pointing to the domain controller, which handles DHCP for both subnets. The problem is clients in VLAN 40 are not getting an IP address. The screenshot below was captured on the DHCP Servers & ARP page under Switching. It gives me the impression that the DHCP server is offering an IP address to the client, but it appears that the client never receives that offer, and ultimately times-out with a message stating that the DHCP server could not be found. The 4331 is forwarding the DHCP messages to the server, but the responses are not making it back to the client. Has anyone experienced this issue? Is Layer 3 Routing required for Meraki switches to properly handle the DHCP relay? (I would think the switches are simply receiving a unicast message destined for the domain controller from the router due to the DHCP relay config and no special configuration would be required on the switches to simply pass the traffic out of the correct port to the domain controller) Thanks! Twitch
... View more
02-16-2023
08:44 AM
@alemabrahao- That's what broke the Internet for us, and what I'm trying to avoid. Apparently, Talos isn't very Intelligent, which is why I want to avoid accepting any of these new categories that are being pushed out until I hear that everything is working like it's supposed to. It looks like Meraki is trying to push the categories out now regardless of whether or not the MX is on version 17.
... View more
02-16-2023
08:36 AM
1 Kudo
Good morning. A while back our MX updated to version 17.10.2 firmware, which came with changes to Content Filtering categories. Accepting those changes and the firmware upgrade effectively broke web browsing and WiFi Calling for several of our sites. We had to get support to downgrade the firmware in order to restore browsing. Once the MX was back on version 16.16 everything began working again. This morning I went to make a change to Content Filtering, and the Review Suggestions notice is back and I cannot get past it. The MX is still on version 16.16, but I do not want to accept these changes to Content Filtering given what happened less than a month ago. The problem, though, is the only option seems to be clicking on Confirm Changes to accept the new categories - there is no option to Cancel or click X to close this window. So, the Dashboard has effectively hijacked my ability to make the changes I need to make unless I put our operations at risk. This seems just a tad ridiculous to me. Is there any way to close this window without making any unwanted and unneeded changes? Thanks! Twitch
... View more
08-12-2022
12:05 PM
Hello to the Crew - I just enabled a syslog server for URL logging on our MX. The entries are reaching their destination successfully, but we noticed that the log entries do not include the corresponding username associated with the entry - instead of the username the entry just lists UNKNOWN. See below: Is it possible to have the usernames included with the log entries when they are sent to the syslog server natively by the MX, or will a third-party tool be needed the get that information? I do not see any options to modify what is included/excluded with URL logging except selecting URLs from the syslog entry drop-down menu. I should note that we are hoping to gather URL log information for both wired and wireless clients. Thoughts? Thanks! Twitch
... View more
06-16-2022
08:20 AM
1 Kudo
"Fisher Price dashboard reboot." 😂 I just clicked on "Try It Now," and boy, do I regret that. I don't see an option to go back to the old (much, much better) version, either.
... View more
06-16-2022
08:15 AM
5 Kudos
So I just switched to the new version of the Meraki dashboard. Can I get some free Meraki sunglasses to go with it? Waaaaaay too much white, and not enough contrast to separate the sections or save my retinas. The pages are painful to look at it. Please, either add some contrast or add an option for dark mode, or ship me some Meraki-branded sunglasses. Thanks. Twitch
... View more
02-18-2022
10:47 AM
Hello to the Crew - question for you: We have a non-Meraki Peer VPN between our office and our parent company. While the VPN terminates MX to MX, right now we are different organizations so the tunnel has to be a non-Meraki peer setup. As long as we don't make any changes to the subnets configured on both ends, the VPN works great. If, however, if we add or remove a remote private subnet from either end of the config, the VPN quits working. The only way to restore functionality is to completely rip-out the config on both ends and put it back. It seems like IPSec gets hosed and the traffic just stops transiting the VPN once a change is made. Naturally, recreating the tunnels on both ends reestablishes IPSec and the tunnel works fine once again after that. Has anyone else seem a similar behavior? Is there a fix or workaround? I am not aware of any way to "pause" the VPN, make the required changes, and then start it up again. Thanks! Twitch
... View more
01-28-2022
01:15 PM
Weird - I clicked the Reply button and this post was suddenly accepted as the solution. Not sure how that happened, but anyway... @KarstenI- looks like the Gigacubes are only good in the UK. I take that's where you are using yours? The website doesn't appear to mention service/availability here in the disUnited States.
... View more
01-28-2022
01:13 PM
Thanks, guys. I just spoke with Meraki support and the tech told me that the Inseego USB8L is not compatible with Meraki. Back to the drawing board.
... View more
01-27-2022
01:38 PM
Hello to the Crew - does anyone know where I can access the current list of compatible USB modems for the MX-64? The list is inaccessible from this link: https://documentation.meraki.com/MX/Cellular/3G%2F%2F4G_Cellular_Failover_with_USB_Modems "New USB modem approvals are currently on hold until further notice. All ongoing evaluations for USB modems will be updated on this page as soon as completed. We recommend to upgrade to the integrated/MG models for cellular connectivity and reach out to your sales contact." The model I am attempting to use is the Inseego 4G Global Modem USB8L. I need this to be a primary Internet connection for a tractor-trailer drop yard in the middle of nowhere that has cell signal but nothing else. The MX has been configured and connected to the dashboard via wired connection here at the office, but when I plug the modem in and disconnect the wired connection, the MX never fails-over to the cellular connection. Note that when I plug the cellular modem into a laptop I am able to reach the Internet without any issues. The MX, however - no joy. The firmware on the MX is up-to-date at 15.44. Given the current supply-chain mess, we can't get an MG21 for at least 180 days of lead time, and of course the connection at the yard needs to be operating immediately. Any thoughts? Thanks. Twitch
... View more
Hey gang - We are considering replacing a Cisco 4331 router with an MS-250 switch setup to run L3 switching and OSPF. Our VPLS setup currently runs an IOS router at each remote site as well as here at our data center. The VPLS endpoints all use 172.16.50.x/24, and all of the routers are running OSPF in backbone area 0. In order to put the L3 switch in place, I need to configure an SVI and assign a VLAN number. My question is this: Will the remote sites give a a flying fig about what the VLAN # is since the interconnection between sites runs at L3 with OSPF and not VLANs (our circuits strip VLAN tags anyway)? In other words, will the VLAN # assigned to the SVI on the switch here at the data center simply be a local construct that only the local switch cares about? It would seem to me that as long as 172.16.50.1 and 172.16.50.2, etc, are reachable over the VPLS via OSPF, then the local VLAN number associated with the SVI should not matter to the remote sites. Is my assumption correct? Thanks! Twitch
... View more
Karstenl - that did it. I was having a hard time translating IOS to Meraki-speak, so to speak, and didn't understand how to assign an individual SVI IP to the test switch so that the stack and the test switch were in the same VLAN. I initially created the SVI on the test switch, but did not have the corresponding interface configured on the stack. I deleted the SVI from the test switch and created it on the stack, then figured-out how to add an SVI with a unique IP in the same VLAN on the test switch, and now the two are neighbors and routes have been exchanged. Thanks for your help. I learned something today. Twitch
... View more
Here is the diagram. I forgot to mention that the reason for this test is a desire to use MS-250 switches with L3 Switching enabled and running OSPF to replace the Cisco IOS routers at all remote VPLS sties. My goal with the test is to prove the concept and verify that OSPF will form the neighbor relationships and fully exchange routing information in the same way that the current IOS routers are. The switch in the lower-left of this diagram represents the test switch. It is currently cabled directly to the switch stack.
... View more
Hello to the crew - I am trying to get an OSPF neighbor relationship to form between our switch stack and an MS-250 switch with OSPF and L3 Switching enabled. The switch stack is running OSPF already, and has a neighbor relationship with some IOS routers.The single switch is connected via Ethernet directly to the switch stack. However, I cannot get the neighbor relationship to form between the single MS-250 and the switch stack. Note that the stack and the single switch are both in Area 0 with all timers set to their defaults. An SVI is configured on the single switch. The switch ports are both trunks. It's Monday. I'm tired. I don't think the coffee is strong enough. I must be missing something simple. Thanks. Twitch
... View more
10-22-2021
12:42 PM
7 Kudos
I figured it out. The problem was self-inflicted, like so many are. I have three MR30 APs set-up as wireless bridges for another network on the table next to my desk. My phone/laptop were both trying to associate to the bridges instead of the MR74 on the ceiling, which is connected to the production network. I just completely forgot that the MR30s were sitting there powered-on but without a usable connection to a DHCP server. When I got up from my desk to go get some coffee, I saw them sitting there and what was happening smacked me in the face. Working in IT provides a person with plenty of opportunities to make an arse out of yourself. 🤐 False alarm. Sorry. Twitch
... View more
10-22-2021
10:39 AM
Hello Crew - anyone else seeing weird problems with WiFi today? Our clients won't stay connected, The connection establishes, everything is good, then the connection drops with a message stating that either an IP address could not be obtained or couldn't authenticate connection. We haven't touched the config. Everything was running along just fine until this started. I have rebooted select access points to troubleshoot the issue, but no joy. The APs are acting like they did when the Google geolocation issue was happening a few weeks ago. Is this just us, or part of something larger? Thanks! Twitch
... View more
10-13-2021
05:48 AM
@cmrWe don't have any of those devices on-hand. I'm sure we could get some. "we actually used a routed port on a Cisco L3 switch at the DC" - Since we're currently using an Ethernet port on the router, doesn't this effectively accomplish the same thing, or are you saying that due to router interface throughput/overhead, the switch is actually more efficient at passing the traffic in/out of the VPLS circuits? How were you guys routing the traffic to the remote sites?
... View more
10-12-2021
01:34 PM
@cmr- Speaking of output drops, here are the current stats from our 2901. Basically, it's getting killed. We have a gig internal interface connected to the Meraki switch stack leaving the 2901 out a Fast Ethernet interface set to 100/Full Duplex per the provider's request. At the time we put the 2901s in, we were not aware of the 25 Mbps throughput limitation. The output buffer of Gig 0/0 (the VPLS interface) is filling-up and inbound traffic from Gig 0/1 is getting dropped before there is space available in the buffer. We have ordered 1000 Mbps for our VPLS circuit here at the DC, and will be replacing the 2901s with 4331s, hopefully with the Boost license (my preference), or the Performance license so we have at least 300 Mbps of throughput instead of 25. If the 4331 works out well here, we will probably replace all of the 2901s at the remote sites as well.
... View more
10-08-2021
01:16 PM
2 Kudos
@cmr- Over two of our remaining SD-WAN StS VPNs, Virginia to NJ is running 32 ms, and Virginia to SC is running 18 ms out of the MX. The same company that is providing our VPLS circuits is also providing the DIA out of our Virginia data center. The latency is horrible. I agree. I have asked my boss to check the SLA that our provider gave us to see what kind of numbers they guarantee. Like I said in the original post, the tech support guy basically cut me off when I questioned why the latency is so bad. He said it's "normal" for VPLS circuits, and they were seeing the same numbers internal to their network.
... View more
10-08-2021
04:16 AM
2 Kudos
@cmr- fiber to the demarc, copper hand-off to the 2901 gig port.
... View more
10-07-2021
12:15 PM
2 Kudos
@cmr- we are running basic routing at this point. No crypto or access rules. When the circuits first went live we tested with laptops connected directly to the VPLS hand-off at several sites. Latency numbers were the same as what we see with the 2901s running, 25 - 40 msec. I did not know that tidbit about the limitations on the 2901s.
... View more
10-07-2021
10:00 AM
@cmr- We have distances ranging from roughly 6 miles to 430 miles to 750 miles. Latency is generally in the same range regardless of the distance. We are not running SD-WAN over the VPLS. We had SD-WAN running over our broadband internet connections to each site, but my boss wanted to get away from the site-to-site VPNs, so he decided to switch over to VPLS circuits between each site instead. We are using 2901s in order to route traffic via OSPF between sites. My boss's original plan was to use VLAN tagging over the VPLS, but he did not want to pay for the QinQ service, so we decided to route traffic via OSPF instead. Your latency is far superior, to say the least. Which company provides your circuits?
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 7 | 1116 | |
| 7 | 29600 | |
| 5 | 540 | |
| 3 | 5154 | |
| 3 | 14235 |
