- About Nolan
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Nolan
Getting noticed
Member since Oct 10, 2017
04-02-2020
Community Record
22
Posts
6
Kudos
0
Solutions
Badges
03-25-2020
12:38 PM
I haven't been great about keeping up with all what models are available. I saw a couple other posts that talked about certain MXs not be able to do 802.1x and wasn't sure. Thanks for helping make it clearer for me.
... View more
03-25-2020
09:03 AM
So we're deploying out some MX64's for remote worker use. My boss asked me to set a "sticky mac" on the ports so the users could only use approved devices. I know what he's after but I can't do it quite the way he was thinking. It seems to me like this would have to be done using a RADIUS server. Anyone know for sure if I can use ISE to work as the radius server and do port auth with either 802.1x or mac auth? I've tried looking around at various posts and documentation and I'm getting mixed results. Also if anyone does know for sure it can be done do you happen to know of any good documentation on configuring the ISE side of things? It's been on my to do list to learn more about ISE but I haven't really jumped into it yet so I'm fairly unfamiliar. I found some nice documentation on Cisco's site and it has sections talking about configuring wired 802.1x but only mentions the switches, would the MX's follow pretty much the same setup? Thanks in advance for any help anyone can shed on this topic for me.
... View more
05-13-2019
08:17 AM
Blast from the past. I forgot about this post. I did a packet capture back then and saw that the ARP reply never got back to the host, I ended up rebooting the switch stack and the issue went away so I never completely figured out what the issue was.
... View more
11-15-2018
08:30 AM
1 Kudo
In my experience it's just that some devices handle it better than others. As James was saying if the device sends out an HTTP request to probe for the splash page then all works as it should with no issues. This seems to happen pretty much everytime on Apple iOS devices and Android OS devices. Very rarely do I see issues on the Chromebook we have in our environment. Windows tends to be the worse offender in my experience. I seem to quite often have issues with windows devices and you have to require the user to type in a HTTP site that don't be redirected to HTTPS. I personally don't see a technical solution coming from Meraki since there isn't anything technically wrong, but it does present a problem that we have to figure out how the proper way to handle it is. I started a discussion about this issues I'm seeing on a different tread https://community.meraki.com/t5/Wireless-LAN/Getting-the-splash-page-to-load-on-a-Windows-device/m-p/30474#M4800 Someone posted on there and made me aware of a site I didn't know about previously, http://neverssl.com. So now I'm using that as a site to direct users to if they need to make sure they are prompting the AP to display the splash page.
... View more
11-14-2018
08:23 AM
The issue is the AP will only detect HTTP traffic for the redirect to the splash page. If it's HTTPS traffic it's encrypted and the AP can't look into the traffic and trigger the redirect. At least that's how I understand it from what I've read. So the client has to browse to an HTTP site for the splash page to display. To me it seemed that iOS and Android had a way of handling this, I'm not sure of the details. May they throw out a HTTP request when they connect to the AP? But they normally display the splash page. Mainly our windows clients (we dont' have any Mac OS in our environment) have the issue where the splash page doesn't display until they specifically browse to an HTTP site. We have some Chromebooks out there but they normally don't have much of an issue.
... View more
10-24-2018
08:54 AM
1 Kudo
We do have the portal strength set to block all access until sign-on is complete. Thanks for the great suggestion on http://neverssl.com that would look much better if I need to provide some documentation for a url for a user to visit to prompt the splash page.
... View more
10-23-2018
08:52 AM
2 Kudos
I know there are a few similar posts out here in the community but I didn't want to hijack another post that is looking for a specific solution when I'm looking for more of a discussion. We recently deployed Meraki MR33 across multiple locations. We are running a "Guest" SSID that presents a splash page with some disclaimers and warnings about what you should and shouldn't do on the network that the user has to agree to before they are allowed to access the internet from that device. We are using the click-through splash page settings configured in the Access Control section of the wireless dashboard. We have the issue that I feel like a lot of others are seeing with these settings configured and that is the fact that HTTP traffic has to be sent from the device to prompt the splash page. Doesn't seem to be an issue for iOS, Android, and Chrome devices that are connection to the SSID but windows devices are having issues. The sites most people think to try are redirected to HTTPS and therefore the splash page isn't being presented to them. I see this isn't really a "problem" in the sense that really everything is working as it should. It's just a problem to learn the proper process of how to handle the situation. I'm curious how many other people are dealing with a similar situation and how you are handling it? Do you have some kind of documentation out there to tell the users to pull a specific site that you know won't be redirected to HTTPS? What site(s) do you use? What browser are most of your users running? The Meraki documentation mentioned using bing.com but I dont' believe that works anymore. I have had success telling users to type in http://bbc.com as I've seen that mentioned in other places. It just doesn't stand out as my favorite solution to give to the users and I feel weird about typing up documentation for them that tells them to use that address. Again in this post I'm not really asking a specific "problem" question with a direct answer. I was hoping to see more of a conversation and hear how other people are handling it in their environments are maybe how you would handle it if you were to run into dealing with that type of situation? Thanks!
... View more
10-23-2018
08:34 AM
1 Kudo
Yea we have now added a MX at our data center and have one branch setup just using the meraki autovpn and a low cost coax internet connection. We are in the process of converting our MPLS network over to a layer 2 solution from AT&T. We are going to be testing one branch to use the AT&T connection as the primary link and then a low cost internet connection as a secondary connection to use the meraki autovpn.
... View more
10-23-2018
08:19 AM
I don't know if "flaw" is the right word because that is the purpose of HTTPS and working as intended but it does present quite the hurdle to get around. I'm having the same issue in my environment. Mainly with windows devices, I don't know the details of how iOS, android, and chrome devices handle the request differently but they must send out some type of HTTP request or something similar because they tend to get the splash page every time. The windows devices you have to tell someone to go to an http site which is sometimes a challenge for the user.
... View more
06-27-2018
09:35 AM
Not to highjack this thread but I was wondering if anyone has had any issues with creating a group policy and applying the splash page bypass but it not working properly? I'm trying to think of some troubleshooting steps but I'm not sure where to start.
... View more
05-21-2018
07:49 AM
1 Kudo
I will be there and would love some Meraki swag! XL please. Last year was my first time attending and I went to quite a few Meraki sessions, that was right when we were entering the Meraki world. I am excited to get to go again this year.
... View more
02-23-2018
10:30 AM
ah! thanks completely missed that! I was looking at where you set the upgrade schedule. Current version: MS 9.36
... View more
02-23-2018
10:28 AM
Guess the answer would be the latest...whatever the version number of that is.
... View more
02-23-2018
10:18 AM
No, I saw an article on that. I don't even see that option in my dashboard but it could be because the Meraki stack isn't doing L3 routing.
... View more
02-23-2018
09:33 AM
So I just opened a case with Meraki but thought I would post here as well. Here is what I sent in for the case... We recently started having an issue at our corporate office when users move from one location to another they have network connectivity problems. We have a stack of MS250's for our access switches connected to a stack of Cisco Catalyst 3650 for our core switches that are acting as the default gateway for the access vlan. When a computer is connected to one port on the Meraki stack and then moves to another port on the Meraki stack the computer is no longer able to reach the default gateway (the Catalyst stack). The Meraki switch sees the computer with the proper mac address on the new switch port but when I do a packet capture the PC is repeatedly sending out an ARP request for the default gateway but never receives the response back to it. After a period of time (I haven't been able to figure out the precise time frame) the PC can connect to any switch port on the Meraki stack and work properly. So it seems like something is clearing out of a table somewhere in the Meraki stack that allows the connection to start working properly. I also can move from a port on the Meraki switch to a port on the catalyst in the access vlan and have no issues. The issue only seems to happen when moving between ports on the Meraki stack. I feel bad opening a case when I don't feel 100% confident the issue is in the Meraki switches but my troubleshooting steps seem to point that the break down is in the MS250 stack. Anyone else seen anything like this or have any troubleshooting advice you would take in a scenario like that? One of those things that isn't THAT big of a deal but of course it would happen to the CEO when he is moving his laptop from his office to the board room...
... View more
01-23-2018
08:00 AM
Thanks for the info! At least I know I'm not just missing a section of the logs or something of that nature.
... View more
01-22-2018
10:52 AM
Yes. I should have said that sorry. I went to the network-wide event log and selected "for access points". I see events for 802.11 association/disassociation and WPA authentication/deauthentication but that's just about it. I tired looking in filter options under event type to filter out any firewall/security type events but didn't see anything that stood out as the right option in there.
... View more
01-22-2018
08:35 AM
I apologize in advance if this has been asked on another posted. I searched for a while but didn't see anything. Is there a event log that would create events if a firewall rule setup for an SSID was blocking some traffic? I recently had a scenario where my boss setup some firewall rules when he first created the SSID then was having an issue with some traffic not working. I removed the firewall rules and it resolved the traffic issue but I could not find a log of this traffic being blocked.
... View more
10-12-2017
06:45 AM
Thanks! Yeah I saw that scenario on the Meraki site as well. Downfall is at this point we don't have another MX appliance. Hopefully we can fix that soon. So far the Merkai equipment we're moving towards is working out great so shouldn't be a hard sell!
... View more
10-10-2017
08:09 AM
Hello all! First post here but I've been trying to read as many of the posts as I can. I love the idea of the community! We are just starting to venture into the Meraki world so I believe this will be a great source for information. I was hoping someone might be able to help me figure out if I'm able to achieve a certain scenario with the equipment I have. Normally we have a branch with an MPLS connection and all traffic flows though that route. We have an internet connection at a separate site within the MPLS that they would be routed out from the MPLS network for internet access. We are looking to change that up. We want to utilize a coax internet connection locally at the branch and route internet traffic out through that connection instead of though the MPLS to the shared internet connection at the other site. We have purchased an MX64 and an MS250 for the branch. So the setup would be similar to what is described here I would guess. (https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS). Only rather than just site A and B we have multiple sites within the MPLS. What I'm trying to figure out is if there is a better way to handle routing through the MPLS other than defining all the sites connected to the MPLS with a static route. We have 12 other subnets over the MPLS. Our subnets for the sites are under a 192.168.0.0/16. Would I be able to just create the static route of the subetnet 192.168.0.0/16 and point the next hop to the MPLS router? It should be able to handle the routing from there, then internet traffic should still go out the local internet connection yes? If the local internet connection went down would it route all traffic over the MPLS? So that way the branch would still have access to the internet if their local coax connection went down for some reason? Hopefully that make sense, and thanks in advance for anyone who made it to the end of this post. Cheers!
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 2120 | |
| 1 | 10593 | |
| 1 | 2055 | |
| 1 | 1290 | |
| 1 | 7907 |
