Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About BrechtSchamp
BrechtSchamp
Kind of a big deal
Member since Oct 2, 2017
3 weeks ago
Community Record
2290
Posts
2254
Kudos
207
Solutions
Badges
Jan 22 2019
7:43 AM
Good! Might want to remove the more sensitive pieces in the source code though. Not that big of an issue but remove the network-auth.com links. Just in case.
... View more
Jan 22 2019
7:08 AM
1 Kudo
That shouldn't be an issue.
... View more
Jan 22 2019
7:05 AM
@Yostie Can you post the source code of the splash page that needs the tweaking? Then we can what the id of the checkbox is.
... View more
Jan 22 2019
7:03 AM
3 Kudos
Teamviewer uses hole-punching for it's standard mechanism. Basically everything is outgoing connections. The connection can fall back to port 80 so it will be difficult to block all these connections without blocking other stuff. There are two options: You can configure black and whitelisting in the teamviewer instance running on your senser equipment. See this link: https://community.teamviewer.com/t5/Knowledge-Base/How-can-I-restrict-access-for-TeamViewer-connections-to-my/ta-p/4594 But it's not IP-address based, it's TeamviewerID based. That might be an option. Another solution would be to only use teamviewers "LAN-based" option. To do that you could setup port forwarding like this: And block the "normal" teamviewer by denying connections to DST IP teamviewer.com with the L3 firewall. Note that this will also block access to the teamviewer website. But from a security standpoint I really don't stand behind any of this. You should think about a VPN solution to allow remote access to machinery.
... View more
Jan 22 2019
6:33 AM
It's a note two lines down from the bullet points you copy pasted. I had copy pasted it in my previous post. I guess it needs the IP and the DNS access for the other bullet: Blocked Splash Page will be displayed when user tries to load a web page Using a big enough pool for your DHCP and lowering the lease time should mitigate the DHCP issue. Adding to that taking a look at other high density tricks might also be relevant. Segmenting the traffic per floor to avoid having floods all over the place might help. Another thing you could do is to use a dedicated 3d party DHCP server and having MAC blacklists on that. This way both problems would also be solved. But like you I like KISS, so I'd only consider these if I'm really experiencing issues.
... View more
Jan 22 2019
4:57 AM
In that case there will not be a link down. So that would count as a soft link failure. So 5 minutes.
... View more
Jan 22 2019
4:37 AM
2 Kudos
It is normal behavior, and documented. See here: https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Blocking_and_Whitelisting_Clients Note: The device will still receive an IP address and will be able to resolve DNS names. Perhaps you should think about other ways of blocking them if that is an issue? RADIUS accounting maybe? That way access will be blocked on a L2 level during the connection phase. Edit: Forgot to specify... WPA2-Enterprise with RADIUS is what I mean, not splash page with RADIUS accounting.
... View more
Jan 22 2019
4:29 AM
1 Kudo
The details of the tests can be found here (see the section connectivity tests): https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failover But the short version is: It will take approximately 5 minutes for failover to occur in the event of a soft failure (link is still up, but provides no upstream access). Falling back to the primary link goes as follows: If the MX is using the non-preferred uplink as the primary and the preferred uplink comes back online, the MX will wait about 15 seconds before switching the primary uplink to the preferred one. This is to prevent the primary connection from flapping in the event of intermittent failure or an unreliable link. Edit: Ajit was quickest.
... View more
Jan 21 2019
1:53 PM
You mean it's not in the style sheet I suppose? Indeed it isn't, you need to add it. If you don't find gdpr_checkbox in the html code of the splash page then please let us know. Maybe it's a European thing (seeing as it has GDPR in its name)
... View more
Jan 21 2019
1:50 PM
1 Kudo
In most deployments trunk makes most sense. Imagine you need clients to be bridged to multiple VLANs (f.e. by having multiple SSIDs dropping them on different VLANs or by having RADIUS return a VLAN ID or even by linking VLANs to AP tags) in that case you need a trunk. If you're using a flat network configuring it as an access port will probably work too. More info here: https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging_on_MR_Access_Points
... View more
Jan 21 2019
1:44 PM
Thanks for sharing! Haven't tested it, but it's good to know it's here if I ever need it.
... View more
Jan 21 2019
1:32 PM
Good question. Haven't seen it documented. Perhaps @GeorgeB will chime in.
... View more
Jan 21 2019
8:58 AM
8 Kudos
Enable "Location analytics" for the network.
... View more
Jan 21 2019
8:43 AM
1 Kudo
Yeah, a well-behaving NAT should use the same port for all outgoing connections originating from a source tuple that it already chose a port for. The referenced white-paper goes through everything in great detail and is an interesting read too: http://bford.info/pub/net/p2pnat.pdf Specifically section 3.4 describes the process I also described.
... View more
Jan 21 2019
8:16 AM
1 Kudo
Is this the one you mean?
... View more
Jan 21 2019
6:41 AM
1 Kudo
Hey Mat, You should check the "Figure 3. Connection phase: Peers use UDP hole punching to establish an IPsec tunnel." part in the link you posted in your opening post: https://documentation.meraki.com/MX/Site-to-site_VPN/Automatic_NAT_Traversal_for_IPsec_Tunneling_between_Cisco_Meraki_Peers Basically you're right, when the AP first tries to make the connection it will get blocked by the firewall. But thanks to that try it will have punched the hole in the firewall on the AP side. Meanwhile, the MX also tries to make an outgoing connection to the AP. It too, at this point, will punch a hole, this time in the firewall on the MX side. Both holes have now been punched and the connection can be established. It doesn't always work though. See this concentrator deployment guide for more info: https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide Use manual NAT traversal when: There is an unfriendly NAT upstream Stringent firewall rules are in place to control what traffic is allowed to ingress or egress the datacenter It is important to know which port remote sites will use to communicate with the VPN concentrator There's also this link to troubleshoot packet streams: https://documentation.meraki.com/MX/Site-to-site_VPN/Troubleshooting_Automatic_NAT_Traversal_for_Meraki_Auto_VPN
... View more
Jan 21 2019
4:41 AM
I doubt you'll get a response to that question here. If I were you I'd get in contact with my Meraki rep and see if I can get any roadmap information that way. I suppose you've already sent in a make-a-wish as well?
... View more
Jan 21 2019
12:26 AM
I think he's talking about devices that are enrolled in G Suite's own device management, not SM? There's these two ways to use the G Suite/Apps credentials to connect to the network if you don't want to or can't go the Systems Manager way (which would still be better). The splash page way: https://documentation.meraki.com/MR/Splash_Page/Google_Sign-In The WPA2-Enterprise way: https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_WPA2-Enterprise_with_Google_Auth
... View more
Jan 20 2019
1:31 PM
Yeah indeed, removing it would probably be a bad idea. Unfortunately I haven't got a mac myself, so I'm a bit in the dark here. I'd guess something went wrong with one of the steps. Because as far as I understood from the docs the pyenv global command should make the mac use the version you specify as default from then on. So the output of the python --version command surprises me, it shouldn't be outputting python 2.7.1 anymore. What's the output of: pyenv versions
... View more
Jan 20 2019
6:24 AM
I have a feeling it's using a pre-installed version of python on your Mac. Try issuing the following command: pyenv global 3.6.5
... View more
Jan 20 2019
3:01 AM
What about "python --version"?
... View more
Jan 20 2019
12:59 AM
Pip3 is part of the python install. Was that succesful? What is the output for: python --version Perhaps try restarting the terminal or the laptop as a whole.
... View more
Jan 18 2019
1:51 PM
Sounds pretty severe. Do you have a workaround? If not, are the withdrawal symptoms of not having the dashboard to play around in showing yet?
... View more
Jan 18 2019
12:41 PM
@HodyCrouch wrote: I am not seeing this issue. I do have 2-factor authentication enabled for my account. +1 No issues so far.
... View more
Jan 18 2019
12:39 PM
2 Kudos
If you select the switch in the list of switches and remove it from your central network you'll be able to put it in a new network from the inventory. Go to the inventory, select it, and use the "Add to..." button to add it to a new network.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 2990 | Aug 28 2020 5:51 AM | |
| 2631 | Jun 17 2020 4:24 AM | |
| 11940 | Jun 16 2020 3:34 AM | |
| 4475 | Jun 15 2020 3:00 AM | |
| 2592 | May 28 2020 9:08 AM | |
| 3223 | May 28 2020 8:57 AM | |
| 3938 | Apr 29 2020 6:42 AM | |
| 3785 | Apr 10 2020 6:26 AM | |
| 4098 | Apr 9 2020 8:19 AM | |
| 10507 | Apr 1 2020 6:32 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 32 | 36134 | |
| 29 | 159197 | |
| 27 | 58692 | |
| 12 | 30606 | |
| 12 | 13143 |
© 2025 Cisco Systems, Inc.
