The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About soomeGUy
soomeGUy

soomeGUy

Here to help

Member since Sep 23, 2017

‎10-29-2017
Kudos from
User Count
alexis_cazalaa
alexis_cazalaa
1
PhilipDAth
Kind of a big deal PhilipDAth
1
View All
Kudos given to
User Count
PhilipDAth
Kind of a big deal PhilipDAth
1
View All

Community Record

24
Posts
2
Kudos
0
Solutions

Badges

1st Birthday
First 5 Posts
Lift-Off View All
Latest Contributions by soomeGUy
  • Topics soomeGUy has Participated In
  • Latest Contributions by soomeGUy

Re: Possible to disable packet capture at the hardware level?

by soomeGUy in Full-Stack & Network-Wide
‎10-29-2017 07:50 PM
‎10-29-2017 07:50 PM
@MilesMeraki wrote: This can't be done. This does defeat the purpose of cloud management IMO.  However, I'd recommend making a wish via dashboard, allowing someone to disable the packet capture from the local status page of a device could a good addition IMO. There is a lot more you can do regarding cloud management in addition to packet capture though.  Its quite an awesome feature, I have yet to use it but its nice that its there if I do.  However for more secure installations it would be nice to be able to shut it off at the hardware level. ... View more

Possible to disable packet capture at the hardware level?

by soomeGUy in Full-Stack & Network-Wide
‎10-28-2017 03:28 AM
‎10-28-2017 03:28 AM
Call me paranoid but I dont like the fact that a packet capture can be run if someone got access to my meraki dashboard.  I use 2 factor but that doesnt protect against a possible security flaw someone exploits in the dashboard itself at some point.   Is it possible to disable packet capture in the hardware firmware so that no matter what a packet capture cant be done from the cloud dashboard?  I like everything else about the cloud management, its just this feature that makes me wary.   Thanks     ... View more

Re: Group Policy via Sentry Tag not working

by soomeGUy in Full-Stack & Network-Wide
‎10-28-2017 03:26 AM
‎10-28-2017 03:26 AM
@MRCUR wrote: This is a known issue with Sentry policies. I've had a case open on this since June 2016 with no resolution to date.  Thanks, at least now i know i wasnt doing it wrong. ... View more

Re: URL Filtering has broken SM monitoring

by soomeGUy in Security / SD-WAN
‎10-12-2017 01:04 AM
‎10-12-2017 01:04 AM
I whitelisted *.apple.com and it fixed my issue, thank you! ... View more

Re: URL Filtering has broken SM monitoring

by soomeGUy in Security / SD-WAN
‎10-11-2017 04:23 PM
‎10-11-2017 04:23 PM
@PhilipDAth wrote: Try whitelisting *.apple.com. I totally didnt think that MDM might go through apple, I thought it was direct to meraki, going to whitelist *.apple.com now.  Thanks. ... View more

URL Filtering has broken SM monitoring

by soomeGUy in Security / SD-WAN
‎10-11-2017 04:09 PM
‎10-11-2017 04:09 PM
I have MR42, MX64 and MS220-8   Based on the guides I created a Group policy that blacklists * and whitelists 2 websites and also meraki.com   I have applied this group policy to a VLAN for a specific SSID (for some reason group policy applied via sentry tags wasnt working which I created a post about here: https://community.meraki.com/t5/Network-Wide/Group-Policy-via-Sentry-Tag-not-working/m-p/2972#M76   However, this has broken Systems Manager MDM on the ipads.  When I added meraki.com to the whitelist it caused the Meraki app on the Ipad to show all green check marks but the ipads show offline in Systems Manager and I can not send commands to them anymore.  The guide doesnt say what I need to put in the URL filtering whitelist, it mentions meraki.com but that clearly isnt enough.  These are URL filters so I cant whitelist ip addresses afaik.   This was the guide I followed: https://documentation.meraki.com/MX-Z/Content_Filtering_and_Threat_Protection/Content_Filtering   Anyone can help me with this? ... View more

Group Policy via Sentry Tag not working

by soomeGUy in Full-Stack & Network-Wide
‎10-10-2017 09:23 AM
‎10-10-2017 09:23 AM
I have some wifi clients i need to block internet access to so they can only access a few URLS.  I created a group policy, set the blacklist to * and the whitelist to the urls they need.  I then used a sentry policy and apply this group policy to devices with specific tags.   I then tagged the devices and it shows 3 clients are affected by the group policy, the 3 i tagged.  when the client connects, it shows that the correct group policy is being applied.  (PS. I only have 1 group policy in my entire network, so its not like there are multiples with one taking precedence).  However it doesnt apply.   I have a MX64, MR42 and MS225-8.     I changed my network config and instead of using NAT mode on the MR42, I changed it to layer 3 roaming, tagged the SSID to a VLAN, created a VLAN in the MX64 and applied the same group policy to the VLAN on the MX64.  Now the blocking works perfectly.   Is this normal?  Am I doing something wrong?  It clearly says the policy is being applied to the client in the networkwide->client view but it doesnt block anything.   I guess there is no reason I cant leave it this way, however it should work the other way too with tags according to the documentation.  ... View more

Re: MS120

by soomeGUy in Full-Stack & Network-Wide
‎10-10-2017 09:16 AM
‎10-10-2017 09:16 AM
are we expecting the MS120 to be a lot cheaper?  The MS225 is quite expensive with the 10gbit and all that. ... View more

Re: Lock IOS Device to Website?

by soomeGUy in Mobile Device Management
‎10-10-2017 09:14 AM
‎10-10-2017 09:14 AM
@PhilipDAth wrote: I would deploy Chrome in single app mode.  I see two of the AppSetting options are UrlBlackList and UrlWhiteList.  You could configure it to block everything in the blacklist, and then add only the allowed urls to the whitelist.   https://www.chromium.org/administrators/url-blacklist-filter-format yeah this is what i am going to do, i am using group policy to block all other sites at the network level. ... View more

Lock IOS Device to Website?

by soomeGUy in Mobile Device Management
‎10-09-2017 07:19 PM
1 Kudo
‎10-09-2017 07:19 PM
1 Kudo
I have some Ipads that I need to lock down to a single website.   I tried to create a webclip and then run the ipad in single app mode using webclip but it doesnt work, it gives a black screen and since you cant specify which webclip to run single app mode with, i am not surprised.   I was going to lock to Safari and then filter urls but if I set the web filter restriction to whitelist bookmark mode it works but the problem is the website loads assets from other sites and its not really feasible to add a bookmark for all the sites CDN's especially as htye seem to change sometimes.   Does anyone have a suggestion?  I  was thinking I could perhaps try and create an IOS app that just loads a website but then I need to sign up for all of apples programs to publish apps, etc which seems like over kill to lock the ipad to the website.  I cant do it on the firewall level as meraki security appliance doesnt let you filter urls by VLAN for some odd reason. ... View more

Re: Prevent DNS Change on IOS Device?

by soomeGUy in Mobile Device Management
‎10-08-2017 12:39 AM
‎10-08-2017 12:39 AM
@PhilipDAth wrote: I haven't tried it - but are you saying if you push out the SSID settings to an iPad that users can then go in and changed those pushed settings?  I would have thought if you specified a managed SSID that they should not be able to change those managed settings. Unfortunately not, the user can disable wifi, they can change dns and proxy settings and mess with ip settings.  I just dont get it, how does apple expect these ipads to be used in a classroom enviroment when they user can totally trash the settings and make MDM worthless because the ipad loses internet connectivity.  It looks like i will be forced to lock the ipad to a single app (the web browser) to prevent this.     with DEP ipads they really need to offer more restricftions. ... View more

Prevent DNS Change on IOS Device?

by soomeGUy in Mobile Device Management
‎10-06-2017 02:23 AM
‎10-06-2017 02:23 AM
Hi. I have a few questions regarding locking down an Ipad for classroom use (not using school program, its not an official school).     First, I am using all meraki gear + SM.  MX64, MR42, MS220-8.   I also use cisco umbrella for DNS filtering.     The first problem is that even though my ipads are locked down to the tilt the user can simply go in to the wifi settings and change the DNS servers away from my own that use umbrella and just change to 8.8.8.8 or something similiar to bypass my blocks.  Is there a way to prevent this?  (These are supervised DEP Ipads).  I recall IOS11 had some new locks regarding DNS but i dont know if this was included.  Actually, its all network settings that can be changed, in my classroom they are certainly going to mess these settings up on purpose to cause chaos.   I could probably block dns traffic on my security appliance mx64 but id rather not do this, id really rather lock this in the ipad, I dont want people messing with those settings and breaking the ipad connectivity so easily by putting in a dummy dns address.  if this is not possible its a huge oversight by apple I would think.   Also, if I deploy my ipads using DEP and get meraki profiles loaded on them on first boot, and i uploaded my configurator p12 cert to meraki, should that not let me connect these ipads to my macbook pro which has the p12 cert on it for apple configurator?  I have host pairing disabled and when I connect it, it tells me host pairing is not allowed unless I am using the supervision certificate but I thought that was the point of me uploading it to Meraki in the first place?   I also had an issue with WIFI whitelisting, what happens is it doesnt get all the profiles loaded and the wifi whitelisting applies and then i lost connectivity and then had to factory restore the ipad to get it working again as it was wiifi whitelisting on with no wifi loaded, is this normal?     Thanks   ... View more
Labels:
  • Labels:
  • iOS
  • K12

Re: Combined Network vs SM

by soomeGUy in Dashboard & Administration
‎10-01-2017 05:53 PM
‎10-01-2017 05:53 PM
@PhilipDAth wrote: I typically create a combined network per physical site for all the Cisco Meraki physical hardware. I typically create one Systems Manager network for the entire organisation. Thanks, I assume there would be no issue creating multiple SM networks though correct?  I have multiple separate divisions within the company that i would like to keep completely separate.  ... View more

Re: Combined Network vs SM

by soomeGUy in Dashboard & Administration
‎10-01-2017 12:55 PM
‎10-01-2017 12:55 PM
Thanks, so the best practice is just to create the hardware networks and their corresponding SM networks or do you typically create your hardware networks and dump all SM into a single SM network? ... View more

Combined Network vs SM

by soomeGUy in Dashboard & Administration
‎10-01-2017 07:36 AM
‎10-01-2017 07:36 AM
I have been using Meraki for SM up till now for MDM of various ipads, etc.  I just bought Meraki hardware and am a little confused as it wont let me mix SM and meraki hardware, is that correcT?   I have SM clients that will be used in the network I just made of meraki hardware (switch, appliance, ap) and I would like to put them all together, this is not possible?     ... View more

Re: Guide Request : Adding iOS11 device to Apple DEP via Apple Configurato...

by soomeGUy in Mobile Device Management
‎09-25-2017 05:17 AM
‎09-25-2017 05:17 AM
When it comes to deploying Meraki w/ DEP, should i have an entry in DEP for each network?  Or do I just add the ipads to Meraki via DEP and then move them to the correct network after?   Also, there are some new restrictions in IOS11, like DNS proxy, etc.  Will these be added to Meraki soon? ... View more

Re: Prevent Removal of meraki app on supervised IOS device?

by soomeGUy in Mobile Device Management
‎09-25-2017 05:14 AM
‎09-25-2017 05:14 AM
@PeterJames wrote: @soomeGUy I completely agree with you! Our customers could have a one-click setup process without this in the way. Thank you, Peter James I think the issue is on Apples side though not Meraki I was hoping this would be addressed in IOS11 but I guess not. ... View more

Re: Guide for SM config for EAP-TLS w/ non-meraki AP?

by soomeGUy in Mobile Device Management
‎09-25-2017 05:13 AM
1 Kudo
‎09-25-2017 05:13 AM
1 Kudo
@PhilipDAth wrote: I have not seen anything in Systems Manager that lets you deploy your own certificates.   SCEP (Simple Certificate Enrollment Protocol) is a way for a device/person to easily request a certificate, have it approved in some way, and then deployed to the device.  You would have to deploy your own PKI infrastructure to make this work. In system managers you can install a "credential" setting which appears to allow you to install a certificate but since the documentaiton for this is non-existant I am not sure.   How else are you supposed to use WPA2-Enterprise TLS if you cant send certificates?  ... View more

Guide for SM config for EAP-TLS w/ non-meraki AP?

by soomeGUy in Mobile Device Management
‎09-23-2017 08:30 PM
‎09-23-2017 08:30 PM
Is there any guide or article on how to use eap-tls (and also peap mschapv2) with system manager devices when not using meraki AP?  I want to push out eap-tls certs or peap mschapv2 credentials to all the ipads i have in SM but its not exactyl clear how you do this in the manuals.   Also, can anyone explain SCEP and if its useful outside of meraki hardware?  I am having trouble understanding waht its used for exactly.  could i use it with freeradius and eap-tls for example? ... View more

Re: Prevent Removal of meraki app on supervised IOS device?

by soomeGUy in Mobile Device Management
‎09-23-2017 08:27 PM
‎09-23-2017 08:27 PM
@PhilipDAth wrote: If you ask the device for its location - or for it to check in, does it tell you its location then? in my testing no, you must manually enable location in the ipad settings under privacy.  its so silly, if its a DEP and supervised device the company should be able to force location always on.  its pointless to allow the end user to just turn it off when they want to steal it or take it outside the geofence zone. ... View more

Re: Prevent Removal of meraki app on supervised IOS device?

by soomeGUy in Mobile Device Management
‎09-23-2017 08:26 PM
‎09-23-2017 08:26 PM
@PhilipDAth wrote: I'm surprised uses can remove the Meraki app when supervised.  Are you sure?   I don't think there is much control with regard to location services.  Android seems to work nicer in this space. Yeah it lets you unless you have app removal restricted but then they cant remove any apps.  If this is not correct someone please let me know, as i could have a configuration issue then. ... View more

Re: Guide Request : Adding iOS11 device to Apple DEP via Apple Configurato...

by soomeGUy in Mobile Device Management
‎09-23-2017 04:09 PM
‎09-23-2017 04:09 PM
Also, when will the new IOS11 restrictions be added to SM? ... View more

Prevent Removal of meraki app on supervised IOS device?

by soomeGUy in Mobile Device Management
‎09-23-2017 04:07 PM
‎09-23-2017 04:07 PM
I want users to be able to remove the apps they install themselves but not the meraki MDM app on ios 11 tablets.  They are supervised.  Is this possible?     Also, is it still not possible to force location on so users who take the ipads home with them cant just disable locations services to not trigger geofencing?     ... View more

Re: Meraki Management now easily removable under iOS 11.

by soomeGUy in Mobile Device Management
‎09-23-2017 04:04 PM
‎09-23-2017 04:04 PM
i added the devices to DEP using the new ios11 feature via apple configurator.  i then reset the device and deployed it with the DEP.  However I still see remove management, is this due to the 30 day grace period I think there is when adding a device to DEP via apple configutator?     ... View more
Kudos from
User Count
alexis_cazalaa
alexis_cazalaa
1
PhilipDAth
Kind of a big deal PhilipDAth
1
View All
Kudos given to
User Count
PhilipDAth
Kind of a big deal PhilipDAth
1
View All
My Top Kudoed Posts
Subject Kudos Views

Lock IOS Device to Website?

Mobile Device Management
1 4444

Re: Guide for SM config for EAP-TLS w/ non-meraki AP?

Mobile Device Management
1 2501
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Cookies
  • Terms of Use
© 2023 Meraki