Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Senan_Rogers
Senan_Rogers
Getting noticed
Member since Oct 1, 2017
Oct 27 2021
Community Record
34
Posts
1
Kudos
1
Solution
Badges
Jun 29 2021
12:36 PM
I have a new avatar! OH YEAH!!!!
... View more
Jan 23 2021
1:10 PM
Hello guys, I have my Cisco Umbrella which has been successfully integrated with an MR. I have created in the Cisco Umbrella two Security Profile, One for VLAN CORP and the Second for VLAN Guest. How can I integrate Security Profile #1 to Corp and Security Profile#2 to Guest in the MR (two different SSID in MR )? As below you can see with SSID Guest, I cannot choose Meraki _Guest_Profile#2 but I can choose only Meraki_CORP_PROFILE#1 which is not what I want for Guest SSID. Any Idea how to solve this Please.
... View more
Jun 15 2020
5:22 PM
Hello Guys, Thank you for all your reply. I have found a way on how to simplify the failover Scenario below is a draft design for your reference. Again thank you.
... View more
Jun 14 2020
2:40 PM
Hello Philip, In the diagram, it shows the VOICE VLAN 200 will go to the MX only, and the AZURE VLAN will go to Palo Alto. We will have one MX Primary and One PALO ALTO Primary.
... View more
Jun 13 2020
10:56 AM
The Palo Alto Firewall is a must and they have features that are not available with Meraki MX, So we have to keep them and they are Managed by different organizations ( 3rd party), and the Meraki is managed by another Organization, So we have to keep them in parallel. I totally understand the design is complex and I am in a situation I have to simplify the solution and keep both of them MX/Palo Alto Please see below the Overall Design. So what I am asking is how to simplify the Failover Mechanism between two Different Vendors with the Above Design. Any Idea you can share it with me?
... View more
Jun 12 2020
6:12 AM
Hello Guys, I want to get your opinion on a case I have it below and want to know the best scenario/Practice for the design. Problem description:- What is the Best Mechanism to trigger the failover between Palo alto and Meraki MX. What i meant, when Palo alto 1` is down, how the MX1 will know that Palo alto 1 is down and he needs to communicate with palo alto alto #2. Any Suggestion?
... View more
Aug 3 2019
4:28 PM
Guys, I am doing the following topology between MX84 and Nexus 3K , the Nexus 3K have a Port channel and use Vpc , I know Meraki MX do not support Port channel , so what is the best Practice configuration in MX 84 LAN which is facing the Nexus Port channel and how to do the scenario below. Keep in mind VPC in Nexus is means Active Active . Note the Port type form MX84 toward the Nexus are trunk ports .
... View more
Sep 1 2018
3:22 PM
Hello David, + How much Bandwidth the new devices ( MX67C) as an LTE device will be using for the keep-alive traffic ? is it also less than 9MB total per month? + Can we have Layer 3 / Layer 7 rules applied to the Cellular LTE with no conflict with the Cellular Rules in the Firewall Category? + Will the auto VPN setting will be connected to the LTE and use those Layer 3 /Layer 7 rules with no issues? Thank you
... View more
Aug 10 2018
4:57 AM
Hello Team, I have two sites, HQ and Branch... In HQ we are using MR33 and in the Branches, we are using MX64W. I have setup Same SSID name and Preshared Key password in both locations (HQ, Branch). the Scenario / Question:- If the Corporate Users in HQ will be connected to that SSID then the same user move to the Branch location and try to connect to the SSID in the branch which should have the same name and same Preshared key as the HQ SSID , will that user be able to connect automatically without doing any authentication ? It should be working, but i am a little concern about the way of the authentication as we have AP in HQ and MX64W in Branch could be an issue. can you please advice? Thank you
... View more
Feb 22 2018
11:54 AM
Yes, this is why I have added this post, I know how to do it using the content filter and block the URL as i show it in my previous picture. As you said I cannot do it with Enterprise Licence, we need Advance Security.
... View more
Feb 22 2018
11:42 AM
Hello Phil, both MX is in the Same Organization but in different Network, as one of them act as a HUB and the other as Spoke ( site ).
... View more
Feb 22 2018
9:43 AM
Hello Gents, I have a VPN between two Meraki MX, which they have Enterprise licenses not Advance License So the content filter is not available. I am trying to apply a rule to block a domain name like "meraki.com " in the Site-to-site outbound firewall under Organization-wide settings, but it seems Meraki is not supporting domain name in the Site-to-site outbound firewall but it is supported in the layer 3 Firewall. for example any advice?
... View more
Jan 25 2018
11:51 AM
Hello Team, + I have an HQ ( Hub ) MX 84 which is using WAN1 as a Public IP in WAN1 . + I have 5 sites MX65 ( Spokes) have WAN1 (Public IP) connected to ISP1 ( cable connection 100Mbps) and WAN2 connected to ISP2 as a Backup, those sites are all connected as auto VPN with the Hub. + Those Spokes will be using WAN2 as LTE connection with a private dynamic IP as a Backup/failover when the Primary WAN1 will be down. My Questions:- 1) Meraki can or cannot support double NAT if we use an LTE connection with a private dynamic IP? 2) any issues with the auto vpn when it will failover to wan2 which is using LTE connection with Private dynamic IP ? Any Advice? Thank you
... View more
Nov 15 2017
11:20 AM
We will need to Delpy the following:- 1. Apply some rules in the MX to block some ports / try to allow only Ports that is needed to work. 2. Apply some ACL/ NAT /PAT mode in the MX and try to use DMZ to isolated some servers from the Local Server. 2. Deploy Meraki MXs to any locations, and keep them running at the latest firmware. 3. Enroll with the advance security licensing to make sure all the antivirus, anti-malware, intrusion prevention, and other features are up to date 4. Make sure the AMP, Intrusion Prevention functions are turned on; and create all necessary firewall and traffic shaping rules. Thank you
... View more
Nov 9 2017
9:49 AM
Hello, Gents, I am using a cellular (USB Modem) as a backup connection and I have my Primary connection is a cable connection in WAN1. I have a VPN connection with a Hub Meraki ( I am using the auto VPN ) . If we have the active WAN interfaces went down, the 3G / 4G ( Cellular USB) failover will kick in when WAN connections fail, So my Question will be concerning the VPN, Will the VPN will switch automatically to the Cellular USB if WAN is down? I know they will be a 5-15 second as a down time But my Question will the VPN connection will be transfered automaticaly to the Cellular USB if the WAN goes down or there is a manuel action I need to do it or it will not be switch automaticaly. Thank you
... View more
Oct 31 2017
5:23 AM
Hello Meraki Gents, I am looking to know how much is the max download throughput that we are able to get it in an MX64 /MX65 if we put it in Passthrough mode instead of Nat Mode? I know there are many factors that could affect the reading like IPS/IDS/AMP ..how many client / VPN .....etc. But I am looking for a default value or any reading. I know the Download Stateful firewall throughput in MX64/MX65 is 250 Mbps But what about if the MX64/MX65 is in Passthrough mode instead of NAT MODE. I was looking for this information but it is not available in any Meraki Documentation? I was looking in the URL https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf Also, i found that information But when it is in Stateful / Nat mode Downloads Stateful firewall throughput MX64 250 Mbps MX64W 250 Mbps MX65 250 Mbps MX65W 250 Mbps Any idea, please ? Thank you
... View more
Oct 10 2017
4:48 AM
Hello Philip, Thank you for your reply, I did not get what you mean about "The built-in access points are not as capable as the standalone access points" My other comment will be, for Microsoft Lync / Skype for Business is it Better to apply the rule to the MX or to the MR. In that connection/ Scenario, I have both MR 42 and MX 65. which one will be preferred or recommend one to apply the Rule on it? Firewall section in MX OR firewall section in MR? Thank you
... View more
Oct 10 2017
4:41 AM
Hello Lard, Thank you for your answer, Yes indeed, this is exactly how i solve the issues. I put a Cisco ISR in front of the Meraki MX and do the VRF in that cisco route, connect static route with MX from the ISR . But ISCR is the front connection.
... View more
Oct 9 2017
5:47 PM
Hello Gents , I have to set up QoS and rule to controle traffic for Microsoft Lync / Skype for Business in MX 64W. I would like to give Priority for Microsoft Lync / Skype for Business and I have some difficulties to choose what DSCP Tag i need to choose for this Service and Give it Priority. Some Meraki Document mentions to Set PCP to '6'. & Set DSCP to '6 (WMM Voice)' But this is not shown in my Rule traffic in MX anymore and there is some other values. https://documentation.meraki.com/MR/Deployment_Guides/Wireless_Voice_Deployment_Guide_(CVD) What is the best Value and Practice to set up such thing in MX ? Any Advice, please.
... View more
Oct 8 2017
1:40 PM
Thank you for your reply , I am looking to have VRF configuration in Meraki when I am creating a vrf, it tells us what routes to import/export. Then assign that vrf to an interface. Once the vrf is attached to an interface, the switch/router creates a separate routing table to hold those routes. Can we do this in Merak ?
... View more
Oct 7 2017
2:40 PM
Hello Gents, I have an MX and i am looking to find a way on How we route internet and MPLS on the same port? I think by using port 4 on Mx or adding a default route on Mx. Port 4 is a Lan port. I meant any port in the MX which is not WAN 1 or wan2. Is this possible? any idea, please.
... View more
Oct 3 2017
2:54 PM
Hello, Team, I need an advice about Guest Ambassadors, I give to one of my client Guest Ambassadors accounts but then it seems that type of privilege will only control users which have been created by guest Ambassadors only. What I mean, when I log into the dashboard in Meraki, I not able to control /Revoke/block/whitelisted any Guest user who connects to my Corporate SSID or Guest SSID OR any SSID and was not created my Guest Ambassadors. I am able only to control users which have been created by Guest Ambassadors, Guest Ambassador is a limited Privilege user, which is able to control only users who were created by that guest ambassador. CANNOT revoke users in the SSID which has not been created by Guest Ambassador, like If my guest connects to Guest SSID, then Guest Ambassador cannot block/revoke him because Guest Ambassador cannot control it only FULL ACCESS do that. CANNOT block/deny users in SSID that was not created by Guest Ambassador, (only Full access do this ) do not have access to see / read / watch anything in the Network only one specific page ( only Read only / Monitor only / full access can do see details) Cannot reboot/change any configuration,( ONLY FULL ACCESS CAN DO THAT ) My Question am I missing something or this is a limitation on that account ( i means this is how it work ) Thank you
... View more
Oct 1 2017
1:22 PM
Hello , Thank you for your idea, It's very similar to my idea as well . It will work also, But the Question was why we cannot send traffic from Meraki ------- Meraki ---------Non Meraki ? Do you face the Same Problem ?
... View more
Oct 1 2017
1:15 PM
Hello , Thank you for your reply, I have found two alternative solution , But those two solution will need to add one more device. Very Similar to your solution. Solution # 1 I will Connect an ASA cisco in front of MX100 and will connect both asa cisco ( vpn s2s) , So it will be :- MX 64 -----> mx 100 ----asa ----------> asa Solution #2 I will use another MX100 in front of the ASA Cisco , in this case it will be Mx 64 ----> mx100 ----> mx 100 ----asa cisco But I am looking to see or find why we cannot have a two hope VPN connection like the other products ? To me this is similar to the max hope in RIP protocols ( max 16 hopes ) then no more routing. In our case it seems Meraki cannot send traffic with two VPN connection if one of them is Non-MERAKI.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 4763 | Jun 15 2020 5:22 PM |
© 2024 Cisco Systems, Inc.
