- About leadtheway
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
leadtheway
Getting noticed
Member since Jan 31, 2019
2 weeks ago
Community Record
53
Posts
3
Kudos
0
Solutions
Badges
3 weeks ago
so I need physical access? and does it have to be port 2 or can it be any?
... View more
3 weeks ago
Have several MX appliances, mix of 84 and 100's. Setting up backup internet connections on the 84 seemed straightforward, just edit WAN 2. I'm not seeing similar option on 100? is there a trick to it, i don't see where i can toggle one of the interfaces for WAN. Also, is there anything special about any settings for the failover or is it just plug and play
... View more
3 weeks ago
Setup Client VPN on MX100..connects fine. Specified nameservers for the DNS servers for AD domain. Confirmed that when connected its getting those dns servers. However can't resolve dns to ip. Am I missing something.. I can ping the dns servers from the mx fine.
... View more
4 weeks ago
so Have few vlans that for the most part standalone. i have 2 vlans created that we use for wireless...one for employee and one for guest, employee is allowed to talk to local lan, while guest is prohibited. But whats odd is if i put a pc and plug into an MS switchport on that guest vlan it can talk to any vlan. I assume this has to do with the wireless marshalling is being done based on SSID and not Vlan, so There probably needs something to restrict it on the MX/MS
... View more
4 weeks ago
I think what threw me was you saying drop down.. I see drop downs for the subnet advertisement, but the route was just a check box on the route config page. Thanks!
... View more
4 weeks ago
so after advertising it appears that route is in the other side route table. So thats all that needs to be done then?
... View more
4 weeks ago
not sure I'm following. I do use autovpn in mesh. I am advertising the subnet for the data vlan (which is where the 3rd party inside interface sits as well) i talk to other devices from the other site to that one (and all others) with no issue. But i need to be able to route specific traffic out one site only the this particular location as they share the same vendor. I've enabled advertisement of that route in vpn. Not sure what i need to do on the other site to make sure it can use it
... View more
4 weeks ago
how would i do that? So at a site I want to use i check in vpn, but what needs to be done at the other site? and what happens at the other sites that already have a static route becuase they have the 3rd party equipment onsite?
... View more
4 weeks ago
So have about 8 sites running either mx84 or 100. Theres a 3rd party that runs special software that creates a VPN with their hardware to allow machines to print from that software. To accomplish that they just have an inside interface on our side and i setup a route in the mx to send software for that traffic to that Inside IP and they forward through the vpn. Problem I have at one site is it doesn't have that 3rd party hardware and needs to use one of the other sites. I can't put the route in because next hop would be invalid. Is there a trick with advertising the route created at another site or another way to do it?
... View more
4 weeks ago
Just wanted to update everyone in case someone comes here with similar issue. So actually onsite there this weekend and got to troubleshoot with hands on. It was the weirdest thing..I could run pcap and could see the arp going out of the device but not getting an answer, yet in the Cisco 800 i could see it updating its arp table yet not receiving any arp request. So when the device would even try to ping it wouldn't go anywhere. But plugging in a device that has communicated before and was in the arp table it would work. Craziest thing i've ever seen. So resolution? Rebooted the 800 cisco...lol
... View more
03-12-2019
08:28 AM
yeah i can set the vlan on the stk no problem....the part that is crazy is, there are 3 stacks at this site all plugged into the 350, the stack that has the upstream router plugged into it is the one that isn't working
... View more
03-11-2019
04:53 PM
Yes the 350 is the RSTP root. Firmware is 10.45. Caveat to the laptop working..i think its arp cache is what allow it to work.. If i try to do a release/renew while plugged into stk1 it can't find dhcp etc...but if using its cached address it can.., if I plug it into either of the other two stacks it works fine, release/renew works as intended. Doing packet trace with meraki support they gave me this: Dell workstation connected to sw3/stk1 / port 48 is sending ARP requests for its gateway, i.e. 10.x.x.254, but it is not receiving any ARP replies. We see these ARP requests going out of sw1/stk1 / port 1. Furthermore, it looks like there may be some asymmetric routing going on upstream of sw1/stk1 / port 2, as: - Outbound traffic, i.e. from laptop to Internet, is using an HSRP MAC address as the destination MAC - Inbound traffic, i.e. from Internet to laptop, is using a Fortinet (90:6c:ac:3e:ec:d6) source MAC address
... View more
03-11-2019
04:53 PM
Yes the 350 is the RSTP root. Firmware is 10.45. Caveat to the laptop working..i think its arp cache is what allow it to work.. If i try to do a release/renew while plugged into stk1 it can't find dhcp etc...but if using its cached address it can.., if I plug it into either of the other two stacks it works fine, release/renew works as intended. Doing packet trace with meraki support they gave me this: Dell workstation connected to sw3/stk1 / port 48 is sending ARP requests for its gateway, i.e. 10.209.152.254, but it is not receiving any ARP replies. We see these ARP requests going out of sw1/stk1 / port 1. Furthermore, it looks like there may be some asymmetric routing going on upstream of sw1/stk1 / port 2, as: - Outbound traffic, i.e. from laptop to Internet, is using an HSRP MAC address as the destination MAC - Inbound traffic, i.e. from Internet to laptop, is using a Fortinet (90:6c:ac:3e:ec:d6) source MAC address
... View more
03-11-2019
11:22 AM
Ok so heres a weird deal. First a little background.. Have two parallel networks with identical address spaces. One is a 3rd party vendor managed that is going away to be replaced with all meraki. Theres also a 3rd party company that has equipment in between the two. Several vlans currently using the MX100 for dhcp that only really need internet. The data vlan (which is 101) still resides on the old network. Can't use meraki to route it or dhcp/dns because the servers still reside on old equipment. As a workaround, we have been using the 3rd party by having them create a access port on that vlan, then we plug that into our switch stacks and then assign the vlan to the ports we need and all is well. One site is proving to be difficult. Attached is a visio of the layout. So basically 3 stacks terminate to a ms350. 2 of the stacks work fine, the stack where the access port to the 3rd party is doesn't work..which doesn't make sense.. to add to the mystery, i can take a laptop and plug into the stack and it works fine. but when i move a device over from old network equipment..nothing. I'm stumped
... View more
03-05-2019
11:12 AM
Have a weird situation I've mentioned before.. Basically we have a existing network that will be completely replaced with meraki. The goal is to try to move things in chunks instead of a hard cut. Problem is, the main vlan that has all the directorys services/dns etc are on the same subnet on both the old and meraki subnet. The old service provider provides no access so we can't connect the two. Theres a 3rd party vendor that has an interface on that network. What we've been doing is removing that subnet from the MX, the 3rd party vendor sets an access mode port on the vlan in question, then I create an access port on on of the MS switches to allow that vlan, then we can put machines in that vlan and they can talk across to the equipment still on the other side. Problem is all the other vlans that egress the MX can't talk to that vlan. Is there something I can do that could get everything talking the way it should. I thought about taking that uplink from the 3rd party and run to mx and assign it an IP in that main vlan, change the subnet on the mx to something else, then create a route for that vlan on the mx to point to the 3rd party router. Any thoughts
... View more
02-26-2019
11:56 AM
on Dashboards before I've noticed if you go into network and clients, then drill down to a specific client you should click on show details under applications, ports, etc. But its missing on this one.. is there something that needs to be turned on? with show details
... View more
02-15-2019
03:11 PM
I just noticed it wasn't set to advertise a local subnet.. not sure how i can delete this
... View more
02-15-2019
03:09 PM
I have a mix of MX100 and mX84 configured in mesh vpn. Problem is one site doesn't show in L3 topology at the other sites. It shows in its own network, but despite it showing a good vpn connection to the other sites, it doesn't show up in the topology. Is there something that could be turned of from advertising?
... View more
02-15-2019
12:25 PM
yeah i have a print server i could ping. That worked...so def. a windows firewall/SEP issue.. thanks for the help
... View more
02-15-2019
12:12 PM
I'll double check but I believe firewall is off.. If i hop on the MX and use the ping tool i can ping all the other gateways at other sites for the other subnets that are advertised across the vpn
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 1 | 93 | |
| 1 | 100 | |
| 1 | 194 |
