The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About KarstenI
KarstenI

KarstenI

Kind of a big deal

Member since Mar 22, 2019

Online

Karsten Iwen

Germany

https://cyber-fi.net

Freelance Consultant and instructor. Need help with your Meraki project? Now you know who to contact. ;-)

Groups
  • CLUS 2022 Meraki Lounge

    CLUS 2022 Meraki Lounge

    28
  • Meraki Network Lounge

    Meraki Network Lounge

    49
View All
Kudos from
User Count
WaveRider
WaveRider
1
PhilipDAth
Kind of a big deal PhilipDAth
361
MajorTom
MajorTom
1
Boyan1
Boyan1
1
Jeizzen
Jeizzen
1
View All
Kudos given to
User Count
AmyReyes
Community Manager AmyReyes
20
cmr
Kind of a big deal cmr
72
ww
Kind of a big deal ww
31
CptnCrnch
Kind of a big deal CptnCrnch
49
BlakeRichardson
Kind of a big deal BlakeRichardson
27
View All

Community Record

1345
Posts
1806
Kudos
122
Solutions

Badges

CMSS
ECMS1
ECMS2
Meraki FIT Level One
Meraki FIT Level Two
Meraki360 View All
Latest Contributions by KarstenI
  • Topics KarstenI has Participated In
  • Latest Contributions by KarstenI
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 52
  • Next »

Re: Meraki api call to get networks

by Kind of a big deal KarstenI in Developers & APIs
58m ago
58m ago
What software do you use here to get the data? I am pretty sure the client software messes something up here. How does it look in Postman or called by the python-SDK? ... View more

Re: Flat "Jumper Cable" for MR36H ?

by Kind of a big deal KarstenI in Wireless LAN
Tuesday
2 Kudos
Tuesday
2 Kudos
something like this?   ... View more

Re: Using RADIUS to authenticate both users and computers

by Kind of a big deal KarstenI in Wireless LAN
Monday
Monday
In this case he only knows this for his own machines. But unless *all* devices support EAP-TLS (I haven't seen this on any network) he can't make sure that the user connects with domain-credentials from his personal PC. But I am completely with you that relaxing the requirements is the right way. Really achieving *this* goal is one of the hardest in the .1X implementation. ... View more

Re: Using RADIUS to authenticate both users and computers

by Kind of a big deal KarstenI in Wireless LAN
Monday
Monday
Not sure if NPS supports it. This is for Cisco ISE, perhaps you can adopt it:   https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216510-eap-chaining-with-teap.html ... View more

Re: Using RADIUS to authenticate both users and computers

by Kind of a big deal KarstenI in Wireless LAN
Monday
Monday
The already suggested EAP-TLS is sadly not enough to solve this as the machine- and user authentication is decoupled. There are some workarounds but the only real way is to use TEAP (or the previous version EAP-FAST) as the EAP method because  here we can do EAP-Chaining which couples the user-authentication to the already done machine-authentication. ... View more

Re: Meraki MX67W - radius configuration

by Kind of a big deal KarstenI in Security / SD-WAN
Monday
2 Kudos
Monday
2 Kudos
The behaviour on the MX is also explained in the following document: https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)#MX_and_Z3_Source_IP_for_RADIUS_Authentication ... View more

Re: Legacy Systems Manager licensing - can I add paid licenses without conv...

by Kind of a big deal KarstenI in Mobile Device Management
Friday
1 Kudo
Friday
1 Kudo
No, the AP and the Sentry client need to be in the same org. With that it would work for the clients still on the legacy SM but not for new new "regular" clients. ... View more

Re: Meraki VMX Firewall

by Kind of a big deal KarstenI in Security / SD-WAN
a week ago
2 Kudos
a week ago
2 Kudos
Both the ASA and FTD is available in the cloud but sadly, no full featured MX. ... View more

Re: Meraki VMX Firewall

by Kind of a big deal KarstenI in Security / SD-WAN
a week ago
a week ago
No, the main purpose is to act as a VPN-concentrator and not as a "real" firewall. ... View more

Re: Re-license dashboard, but with different device numbers and models ?

by Kind of a big deal KarstenI in Dashboard & Administration
a week ago
a week ago
If you do a complete relicense, the old 200 days are gone and the new license is what is used. Better buy the new devices and the following licenses: 1 x MX95 - Adv Sec. 5 x MR-ENT 1 x MS225-24P And then add these licenses for new devices. Now the new licenses will merge into the old licenses. Ok, you now have licenses for the old and the new MX, but the old MX could be used as a cold spare or for a different purpose. ... View more

Re: Tracking non-Meraki switches on a network

by Kind of a big deal KarstenI in Switching
a week ago
a week ago
The “prevent” option would be to implement 802.1X in single host mode. It would not act on an unmanaged switch alone, but on the second device on it. Another and more easy step would be to enable BPDU guard on all user facing ports. Again, not for the cheap unmanaged switches. A “detection” method would be to look for ports with more than one MAC address. I didn’t look but would assume that this should also be possible with the API. ... View more

Re: Thoughts on the App

by Kind of a big deal KarstenI in Dashboard & Administration
a week ago
2 Kudos
a week ago
2 Kudos
The best feature is the adding of pictures to document the placement of the APs. ... View more

Re: Recognizing January's Members of the Month

by Kind of a big deal KarstenI in Community Announcements
a week ago
5 Kudos
a week ago
5 Kudos
Oh, back in the fantastic four group …. Congratulation to all who have their names listed here!  😀 ... View more

Re: What is the propuse of this

by Kind of a big deal KarstenI in Security / SD-WAN
a week ago
9 Kudos
a week ago
9 Kudos
Sometimes you want that also the branch offices send the internet traffic first to the Hub and from there into the internet. One reason could be that your MXes only have the Enterprise license without any NGFW security. But on the headquarter you have an additional NGFW to protect the traffic. Here it could be useful to use the headquarter as the central internet break out. ... View more

Re: Meraki VMX Firewall

by Kind of a big deal KarstenI in Security / SD-WAN
a week ago
a week ago
If you want to connect remote users, AnyConnect is the way to go. After establishing a connection to your VPN-gateway (whichever this is) the users can use the AutoVPN connection on the gateway to connect to other sites if your access-control and routing allows this. ... View more

Re: Meraki VMX Firewall

by Kind of a big deal KarstenI in Security / SD-WAN
a week ago
1 Kudo
a week ago
1 Kudo
If both are in the same dashboard organisation, you can use AutoVPN to connect them. ... View more

Re: 8 Meraki MR46 new installs, connected, no transmit power

by Kind of a big deal KarstenI in Wireless LAN
a week ago
1 Kudo
a week ago
1 Kudo
You say the SSID is broadcasted but you also say you get no signal. But that is contradictory.  Have you checked with a WLAN scanner? And in the dashboard, what does the individual AP list?   ... View more

Re: cisco meraki Layer 7 deny message

by Kind of a big deal KarstenI in Wireless LAN
a week ago
a week ago
I am pretty sure there is no deny message. To deliver this message the AP or MX had to intercept the TLS connection which these devices don’t do. Cisco Firerpower could do that but I would better look into Umbrella SIG if this block page is needed. ... View more

Re: Thoughts on mgig switching

by Kind of a big deal KarstenI in Wireless LAN
a week ago
1 Kudo
a week ago
1 Kudo
At a customer location we have quite a few MR57 that we run with 40MHz width and dual 5GHz as there are so little 6GHz clients at the moment. The Access layer are mainly MS225, so no MGig. The uplink rate is far away from 1 Gig and also new floors don’t get equipped with MGig switches. Our main thought is that we (in Germany) won’t use 80MHz channels for quite some time. And even with 80 on 6 GHz and 40 on 5 GHz, we will only hit the 1Gig uplink from time to time. And for that it is not financially useful to invest in MGig switches already. And with the MR57 having dual uplinks (which we don’t have at all AP locations) I am pretty sure we are fine with that for quite some time. ... View more

Re: Can Meraki MX85 support cisco wlc ct2504 or c9800 and cisco aironet 183...

by Kind of a big deal KarstenI in Security / SD-WAN
a week ago
2 Kudos
a week ago
2 Kudos
There is soooo much that needs to be considered here that you really should look for a Cisco partner to support you. But in general: The MX is typically "only" the firewall and doesn't care if the network has APs from vendor A or vendor B. With Meraki APs, the MX can take the role that is known as an anchor controller in the traditional Cisco wireless world. It is not possible to mix traditional Cisco and Meraki for this function. If you buy Catalyst 9100 APs, you need a compatible controller which could be any of the c9800-series. Your older Aironet 1832 can still run on this controller. ... View more

Re: ACL rules traffic between DMZ to LAN

by Kind of a big deal KarstenI in Security / SD-WAN
a week ago
a week ago
The firewall rules are stateful. You only have to allow the initial packet for a traffic flow and the return traffic is allowed automatically. My way to make sure that not too much traffic is allowed is described at the beginning of this discussion. ... View more

Re: ACL rules traffic between DMZ to LAN

by Kind of a big deal KarstenI in Security / SD-WAN
a week ago
a week ago
I was referring to overlapping subnets *inside* your own controlled infrastructure (which is DMZ to internal communication). For Extranet S2S, yes, that is a different story, but with that the MX falls behind anyhow. ... View more

Re: Meraki VMX Firewall

by Kind of a big deal KarstenI in Security / SD-WAN
a week ago
2 Kudos
a week ago
2 Kudos
The VMX is a license-only "device". Of course there has to be a cloud instance to run the VMX on that will have an additional cost, but in regards of the dashboard licenses, only the VMX license of the appropriate size is needed. ... View more

Re: MR 44 showing difference Power usage

by Kind of a big deal KarstenI in Wireless LAN
a week ago
1 Kudo
a week ago
1 Kudo
Usage plays certainly an important role here. Although an AP doesn't do into sleep as a client does, when there is nothing to transmit, the power consumption has to be lower than with an active transmission. Same is for the usage of the radio chains. When the AP only sends beacons to advertise its existence less power has to be consumed compared to a 4 SS transmission where all radio chains are active and the DSP has to calculate a lot. ... View more

Re: Outdoor Enclosures for MR46 & MR56 waps

by Kind of a big deal KarstenI in Wireless LAN
a week ago
1 Kudo
a week ago
1 Kudo
But keep in mind that you shouldn't be in an area where "Winter" is available unless you have a temperature controlled enclosure: Operating temperature: 32 °F to 104 °F (0 °C to 40 °C)    ... View more
  • « Previous
    • 1
    • 2
    • 3
    • …
    • 52
  • Next »
Kudos from
User Count
WaveRider
WaveRider
1
PhilipDAth
Kind of a big deal PhilipDAth
361
MajorTom
MajorTom
1
Boyan1
Boyan1
1
Jeizzen
Jeizzen
1
View All
Kudos given to
User Count
AmyReyes
Community Manager AmyReyes
20
cmr
Kind of a big deal cmr
72
ww
Kind of a big deal ww
31
CptnCrnch
Kind of a big deal CptnCrnch
49
BlakeRichardson
Kind of a big deal BlakeRichardson
27
View All
My Accepted Solutions
Subject Views Posted

Re: Meraki VMX Firewall

Security / SD-WAN
143 a week ago

Re: set specific static public IP to specified PC

Wireless LAN
87 a week ago

Re: MX64--- Unable to login using Serial Number for initial configuration

Security / SD-WAN
161 3 weeks ago

Re: Meraki MX multiple /29 Public Blocks

Security / SD-WAN
172 a month ago

Re: iPSK without Radius not compatible with 6ghz?

Wireless LAN
255 ‎01-05-2023 02:40 PM

Re: Meraki MX support CoA with Cisco ISE?

Security / SD-WAN
660 ‎01-02-2023 03:23 AM

Re: vAnalytics?

Meraki Insight
354 ‎12-09-2022 06:29 AM

Re: MX Firmware 16.x and 17.x compatibility between different MX devices

Security / SD-WAN
391 ‎12-02-2022 04:14 AM

Re: What is this "Enforce" in v17 L3 inbound rules

Security / SD-WAN
264 ‎11-30-2022 07:47 AM

Re: Limiting Internal traffic between two subnets

New to Meraki
218 ‎11-17-2022 07:19 AM
View All
My Top Kudoed Posts
Subject Kudos Views

Re: The Annual Community Points Contest is HERE!

Community Announcements
18 8572

Merakifying the Meraki Cloud Lamp

Meraki Projects Gallery
18 1812

Re: 🎁 🍰 🎈 Happy 5th Birthday, Meraki Community! 🎈 🍰 🎁

Community Announcements
11 2082

Re: The Annual Community Points Contest is HERE!

Community Announcements
11 8255

Re: Sign the Community’s birthday card!

Community Announcements
10 2043
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki