Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About CML_Todd
CML_Todd
Getting noticed
Member since Sep 22, 2017
3 weeks ago
Community Record
47
Posts
26
Kudos
0
Solutions
Badges
02-14-2022
12:42 PM
Is there an issue if 802.1x isn't running on the voice vlan? Is this voice vlan issue strictly 802.1x related?
... View more
11-03-2021
08:06 AM
UPDATE: Meraki updated my case and has fixed this issue. All my Group Policies are showing on my vlans again. And the one I edited before calling tech support didn't have a policy applied. I was able to add the policy to that vlan and it was working.
... View more
11-02-2021
11:18 AM
I meant to say before I posted my original message that the one vlan where I manually applied my group policy before calling tech support, that group policy isn't being applied properly now. I discovered this when my layer 3 firewall rules on the MX were being applied to this vlan. I wanted to give a heads up that manual intervention during could cause an issue until this is resolved.
... View more
11-02-2021
11:06 AM
3 Kudos
I discovered an issue this morning in Dashboard where Group Policies I had applied to my vlans on the MX addressing & vlans page were showing as none. (Like there were no Group Policies applied to any of my vlans.) In a panic I applied one of my group policies to the vlan it's supposed to be associated with. I looked at the rest of my Networks in this Organization and discovered all of them were this way, so I opened a support ticket. Apparently there is a master case that engineering is looking into for this very issue. The tech support person said it's a user interface issue and even though it says the group policies weren't applied on my screen, they could confirm that the policies were being applied on the MX vlans. Apparently this started last night, and there is no ETR. Has anyone else seen this in their networks?
... View more
08-20-2021
01:50 PM
That's what support said too. I had to delete all static assignments and excluded ranges in DHCP setup, save it, then turn off DHCP for that subnet. Then delete all references in traffic shaping. Then delete any firewall rules containing that subnet. I have multiple subnets in this network that I needed to change IP addresses, so this had to be repeated for all subnets with an IP address change. I basically had to delete and re-create my entire firewall ruleset. I realize Meraki is trying to protect me from making a mistake, but this process was frustrating. Thanks for your replies!
... View more
08-19-2021
02:15 PM
I created a new network and cloned it from an existing network. I need to change the IP addresses on the new network from the ones that were created when it cloned the other network. (These vlans are on the MX). However, when I try to change a vlan IP address, I get the error message: There were errors in saving this configuration: The IP address range 10.1.1.0/24 does not apply to any configured local or VPN subnets. 10.1.1.0/24 is in the network that was cloned. I'm trying to change it to 10.2.1.0/24. I can't delete the subnet either, it gives me the same error message. Is there a way I can change the vlan IP information? I've opened a ticket with support, in the meantime, I wanted to see if anyone has come across this issue and what remediation steps were used.
... View more
06-21-2021
02:03 PM
Bruce, I haven't found any official documentation saying Group Policies don't override site to site VPN firewall rules. I wanted to see if anyone else could confirm my findings before I created a separate IT staff VLAN at all of my locations. Thanks for the input, I appreciate it!
... View more
06-21-2021
01:57 PM
Inderdeep, I've read this document, and it doesn't mention anything about whether the group policies apply to site to site vpn connections. I couldn't find any documentation that mentions it. Thanks for the reply.
... View more
06-21-2021
11:56 AM
Do group policies apply to traffic in Meraki site to site vpn? Network A and Network B are connected via a Meraki site 2 site vpn tunnel. I have site to site vpn firewall rules setup to block RDP from computers in Network A from accessing computers in Network B. And there are also site to site vpn rules setup to block RDP from computers in Network B from accessing computers in Network A. However, I need IT staff in Network A to be able to remote desktop into computers in Network B. I've created a group policy in Network A with no restrictions and applied it directly to the IT staff computer in Network A. This computer still can't remote into the computers in Network B. This leads me to believe the group policy with no restrictions doesn't apply to site to site vpn traffic. Does anyone know if this is true?
... View more
03-16-2021
07:30 AM
Thanks for the information everyone. I appreciate the feedback. When you enabled it in your organizations, were there any issues that surfaced? Or did it "just work?"
... View more
03-12-2021
07:55 AM
1 Kudo
I'm thinking of enabling network objects in my organization and I'm wondering if there are any issues I need to look out for? I have 26 networks in my organization with a bunch of firewall rules and site to site vpn firewall rules in production. I've read through the documentation and it looks like a great feature. I'm just a little worried about enabling a feature that's still in Beta. Any feedback is greatly appreciated.
... View more
03-12-2021
07:43 AM
Outside of this one instance, have you seen any other issues with network objects? I'm thinking of enabling network objects in my organization and I'm wondering if there are any issues I need to look out for? I have 26 networks in my organization.
... View more
12-21-2020
08:09 AM
I've created 3 new administrators in my organization, and all 3 are getting this same message. They clicked on the link in the email from Meraki to setup their account. After they changed their password, all 3 received this message. I opened a case with Meraki, but haven't heard from them yet. Wanted to see if anyone else got the same message. BTW, I have no issues signing into this organization, just the 3 new users I created.
... View more
01-24-2020
03:33 PM
I've re-booted the MX, and even did a factory reset, and let it re-download it's config. The MX can't ping the switch IP on the uplink either. The uplink is a vlan interface on the MX. And I have that vlan assigned to an access port on the MX. The MS250 is running 11.30 firmware. The MX is running 14.40 I've also been able to re-create this issue in a lab environment.
... View more
01-24-2020
01:02 PM
In summary: The MS250 virtual interface doesn't respond to pings when it has OSPF enabled. I think that's causing the MX to mark static routes with that interface as a next hop as down. But the MX still sends traffic to that interface with the static route set to always.
... View more
01-24-2020
12:08 PM
I'm having an issue with static routes on an MX showing down in the dashboard. We have an MX at each branch in NAT mode with multiple vlans. (It's acting as the branch router). Each branch also has a Cisco 3560x switch with a link to the MX that I use for routing to a remote datacenter. I've configured an uplink network between the MX & the 3560x, 10.0.0.0/30. The MX IP address is 10.0.0.1, the 3560x has 10.0.0.2. I've configured static routes on the MX for the remote datacenter subnets, 10.20.0.0/22 with a next hop of 10.0.0.2. I've also set the route to be active as long as host 10.20.0.1 responds to ping. I have static routes configured on the 3560x for the branch subnets handled by the MX, and I re-distribute those static routes to the remote datacenter via OSPF. (So the datacenter has a route to the branch subnets). This entire setup is working fine with the 3560x in place. We have the same step at each location (with different IP addresses) and I've had no issues with it for 18 months. We're replacing the 3560x switch at each branch with a Meraki MS250. I ran into an issue with the first location where we replaced the 3560x. The MS250 has the exact same configuration as the 3560x, and the MX configuration hasn't changed. Now my MX routing table is showing it's static route to 10.20.0.0/22 (the datacenter) as down. From a computer on one of the MX vlans I can ping the MX interface 10.0.0.1, but I can't ping the MS250 virtual interface 10.0.0.2. Those 2 interfaces are directly connected (with the same patch cable the 3560x was using). To troubleshoot the issue, I removed the condition on the static route configured on the MX "as long as host 10.20.0.1 responds to ping." I set the route to "always". The static route still shows down on the MX. But I can ping a host in my remote datacenter, (10.20.0.1), from a host on a MX vlan, and I can ping from a datacenter host to a host on the MX. I’ve also confirmed this in packet captures run on the MX port and the switch port connecting to the MX. Traffic is passing through the routing uplink. However, I still can’t ping the virtual interface 10.0.0.2 on the MS250. If I turn off OSPF on the MS250 virtual interface for the routing uplink I’m able to ping that 10.0.0.2 interface, and the static route on the MX shows as up. But when I do that, the MS250 routes to the MX vlans aren’t re-distributed to the remote datacenter. Does anyone know how the MX determines if static route is valid? Does it ping the next hop IP? If it does, and the MS250 doesn’t respond to pings, I can understand why it marks the route as down. Why doesn’t the MS250 respond to pings on virtual interfaces with OSPF enabled? I’ve had a case open with support for 2 weeks now and I’m wondering if anyone else has run into this issue?
... View more
12-17-2019
12:16 PM
Do you know if Group Policy rules will also override site-to-site vpn firewall rules?
... View more
12-16-2019
02:16 PM
Thanks for the explanation! I've run into the same issues and this explains a lot.
... View more
12-09-2019
08:30 AM
Have they corrected the cosmetic issue with the MX HA pair in Dashboard?
... View more
12-02-2019
07:39 AM
JRLewis, Thanks for the input. I haven't had any of my devices with manual descriptions switch to the mDNS strings, that's a new one. Hopefully Meraki support can come up with a fix or gives users the option to select what name should take priority in dashboard.
... View more
10-04-2019
07:34 AM
1 Kudo
That's a good idea. But that setting should probably be made at the Network level, not device level (MX) because I'm also seeing it on my AP Networks too.
... View more
10-04-2019
07:29 AM
2 Kudos
I will too. That's a good idea.
... View more
10-04-2019
06:57 AM
2 Kudos
Guess we need to add it to the Make a Wish section of the client view.
... View more
09-30-2019
07:01 AM
Yes, I'm running 14.39 on all of my networks.
... View more
09-27-2019
08:27 AM
Glad to see I'm not the only one having this problem. Unfortunately, there doesn't seem to be a solution other than manual intervention. I've tried many of the same steps everyone has described to no avail.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 4 | 23869 | |
| 3 | 878 | |
| 3 | 6975 | |
| 2 | 23542 | |
| 2 | 23547 |
