Meraki

CharlieCrackle · ‎Dec 15 2024

Bought the Z4-ENT but it did not work !!! Needed to be a Z4-ADV as the MX was ADV This is not very clear currently.

CharlieCrackle · ‎Dec 14 2024

It would be great if the ones on the cisco web site were updated with the current models.. doing a big network quote/design and all the new stuff is missing.. MX95, MG51, MR44,C9300Y-M C930048-TX MS130 all the gear I need visio for..... Checked the svg files drdray and most are missing here too (I understand this is a love project)

CharlieCrackle · ‎Nov 14 2024

Was just reading this so it gets even more messy did not realize there were two different licenses.. ENT and SEC So I really need a Z1-ENT to Z4-ENT conversion. (even happy to loose some time in the conversion) Solved: Z4 and Z3 licenses can be mixed? - The Meraki Community

CharlieCrackle · ‎Nov 14 2024

Good advice ! I did not even know the Z4 had been released... I just need to do all this before the license expires. On grace license now. I was hoping it was just an oversight as I am too much on the bleeding edge...

CharlieCrackle · ‎Nov 13 2024

Support would ONLY swap for another Z1 so it seem better to get them new hardware... and get them into the 24th century

CharlieCrackle · ‎Nov 13 2024

I wanted to share an experience I had recently while helping a customer with a hardware upgrade. It’s a bit of a frustrating situation that highlights a few potential gaps in Meraki's licensing process, especially when it comes to newer devices. I’m hoping to get some feedback from the community on how others have navigated this, and maybe someone from Meraki can weigh in on the issue. The Scenario: Upgrading from Z1 to Z3 (Then Z4) The customer had two Z1 devices that had failed, (power supplies dying) and instead of simply logging a support case for a replacement, I suggested they upgrade to the newer Z3 models. The customer still had about two years left on their Z1 licenses, so I was confident we could just transfer those to the Z3s. However, the order for the Z3s was canceled, and I was notified that they were no longer available. The replacement order was automatically upgraded to Z4s. At first, I thought, "Great, no problem!"—especially since the Z4 comes with some really nice features. The Upgrade Process I received the Z4 units, swapped out the Z1 devices, and got the customer up and running. The next step was to make sure their remaining Z1 licenses were updated to cover the new Z4 devices. Here’s where things got tricky. The Licensing Roadblock I logged a case to convert the Z1 licenses to Z4 licenses, but the support agent told me that, according to their Knowledge Base (KB), license conversions like this aren’t allowed. The agent seemed unwilling to escalate the issue or explore other solutions, which left me feeling a bit stuck. I found it odd that a simple hardware upgrade didn’t seem to fit within the licensing framework, especially when the Z3 model (the one I initially ordered) was essentially out of stock and replaced by the Z4. For those who may want more context, the KB on Meraki’s licensing page lays out how license conversions typically work, but it doesn’t mention the Z4. Meraki Licensing Overview Is This a Policy Decision or an Oversight? So, now I’m left wondering: Is this a deliberate policy decision from the Business Unit (BU) to not allow license conversions to the Z4, or is it just an oversight in the Knowledge Base that hasn’t been updated yet? Either way, it feels like a simple upgrade is now stuck in a bit of a loop, with the only solution being to return the Z4s, log a new support case for Z1 replacements, and then wait another two years for the upgrade process to play out. Looking for Community Feedback I’m curious if anyone else has encountered a similar issue with the Z4 or if there’s a workaround that I might have missed. Has anyone been able to successfully convert Z1 licenses to Z4, or is this a case where we’ll need to wait for Meraki to update the KB and/or licensing process? I’d love to hear your thoughts or suggestions on how best to handle this situation. And if anyone from Meraki is reading this, any insight into whether this is something that could be addressed in the near future would be really helpful!

CharlieCrackle · ‎Nov 5 2024

I am loving the new Wireless option on the Z4 WiFi 6 Wireless.... when I change anything I get this error what does that mean ????

CharlieCrackle · ‎Aug 11 2024

Just an update on this topic for all you MIST users... Meraki support has come back that it is by design.. "Mist Cloud is a command and control server so snort is doing what its expected of it" Interesting "Meraki Cloud is a command and control server too and not effected 🙂 I have been told I need to open a separate support case with the NBAR team and it will take a year or so to implement !!! Go figure how you even go about raising this case. Once implemented then meraki can use NBAR to add mist to " Business Critical Application " list.

CharlieCrackle · ‎Aug 3 2024

Thanks Meraki for the updated emails to customers: (the ones that ARE effected) You are receiving this email because you are currently using Meraki Cloud Authentication. Due to an approaching certificate expiration, Meraki will be rotating the RADIUS certificate for Meraki Cloud Authentication on February 8, 2023.

CharlieCrackle · ‎Aug 3 2024

You need to determine what is doing the routing, the Switch or the MX and then if possible make the MX on a separate network so you are not hair pining the traffic to the MX when it needs to go to a separate site. It make sense that the MX does the routing but depending on the model a layer 3 switch will have better performance. If we assume that layer 3 switches will do the routing then I suggest this approach but it will mean readdressing site B. You can still use the MX for DHCP just need a helper address on the Layer 3 switch. (note: I made up the addressing for the example) Diagram 1 is the Physical Connections Diagram 2 is the Logical Network Diagram.

CharlieCrackle · ‎Aug 3 2024

Using Starlink can run into issues using Meraki SDWAN if they use 192.168.1.0/24 The Starlink router uses 192.168.1.0/24 for the local LAN subnet. If your office uses 192.168.1.0/24 as well then this will cause issues for SDWAN and VPN Traffic You need to BYPASS the Router.. To bypass the router, go to the App home page > Settings > Advanced Starlink App version must be at least 2.0.19 to work The toggle button on to bypass the Starlink router This allows you to completely disable the Starlink Wifi Router. You would need to utilize a Starlink ethernet adapter in order to plug in your own equipment.

CharlieCrackle · ‎Jul 31 2024

WoW Thats a great tale thanks for the link.... Summary "Recently, we learned that we did not include the underscore prefix with the random value used in some CNAME-based validation cases. This impacted approximately 0.4% of the applicable domain validations we have in effect. Under strict CABF rules, certificates with an issue in their domain validation must be revoked within 24 hours, without exception." I dont know why merkai could not have linked that nothing bad there.

CharlieCrackle · ‎Jul 31 2024

It looks Like Meraki have done it again. Sent out an email that is generic in nature and does not tell you the entire story and to all customers... It is NOT helpful for us folk that look after a lot of meraki networks. I received this email today. You are receiving this email because you are currently using Meraki Cloud Authentication. Due to an approaching certificate expiration, Meraki will be rotating the RADIUS certificate for Meraki Cloud Authentication on February 8, 2023. Could Meraki please include in emails like this the "Network" names that are affected? When you look after many customers, I have no clue which ones are affected without checking them all. It is obvious you know the name of the network as you know we are currently using the feature. Also, the FAQ in the attached link should also tell you how to identify the affected networks (BY name) for people that look after a huge number of networks. Q: How can an affected network be identified? A: Any services relying on Meraki Cloud Authentication via certificates will be affected. This includes Sentry Wi-Fi, Trusted Access Wi-Fi, and any manual authentication relying on Meraki Cloud Authentication via certificates. I was hoping after last time it was a thing of the past.. 1) One of our third-party vendors identified an issue: What is the issue they identified ?? 2) We have identified that your action MAY be required to maintain connectivity for end devices: Why do you not list all my customers that ARE effected so I do not need to go through them all or wait till 2 AUG for the phone call for the ones I missed ???

CharlieCrackle · ‎Jul 30 2024

I have tried to white list Mist (and working so far) but Mist can change the IP at any time. so I know it will bring down the network in future Need to be able to enter as DNS names not IP. Merkai can we please get All Mist communications added to "business critical applications"' Please.

CharlieCrackle · ‎Jul 28 2024

This may be related as it is the same hardware as Cisco.. (having same issue with Cisco hardware in CAPWAP mode) https://bst.cisco.com/bugsearch/bug/CSCwb86411?rfs=qvlogin Symptom:Wifi 6/6E AP boot hangs when the console cable is disconnected from the console server end, while the AP side of the console port is still connected and cable length is ~200ft Workaround:Terminate the far end of the console cable in a DTE (PC COM port, terminal server port, etc.) Made a little test cable.... Given console port pinouts: RJ-45 DTE Pinouts RTS(1), DTR(2), TXD (3), GND(4), GND(5), RXD (6), DSR(7), CTS(8) at the jack side, strapping 1 to 8, 2 to 7, 3 to 6, 4 to 5.

CharlieCrackle · ‎Jul 27 2024

You can do it from the Meraki Local Status page. Disable and Enable. It is a total pain but can be done. Remotely you need to add your remote IP to the firewall to access.

CharlieCrackle · ‎Jul 26 2024

Interesting update.... I have got it working now on 19.1.3 but only when threat Protection Turned off. I have AMP enabled and IDS set to Prevention and Security After some analysis The traffic is being hit with SID 1:58992 MALWARE-CNC -- Snort has detected a Comand and Control (CNC) rule violation, most likely for commands and calls for files or other stages from the control server. Which all make sense. Mist Cloud is a command and control server. It seems Cisco do not whitelist their competition products as part of "business critical applications" I am also seeing SID 128:3 SSH version string is greater than the configured maximum. No idea how you configure this one...

CharlieCrackle · ‎Jul 26 2024

I have been debugging a problem for a week in the evenings with Juniper Mist Switches not connecting to cloud when behind Meraki MX 67. 19.1.3 Note: Mist Access Points are connecting Fine. From the hardware Point of view they look connected (IE CLD Light solid white) and the connection to 3.105.198.133:2200 shows ESTABLISHED Just he Cloud console show them disconnected If the MIST switches are connected to a MG51 with a 5G SIM card. The Mist Switches work Using the Internet connection with a TPLink Home Router BE9300… The Mist Switches work I added a Test MX 64 to a new network (test MX64) and using same internet link Firmware 18.107.10 The Mist Switches work Downgraded the MX67 to 18.211.2 and the Mist Switches work ! So must be something in 19.1.3 Looking at the packet capture the Meraki does something to the packet at the "SSH-2.0 Go" part of the conversation and the MIST server RESETS the TCP session. They have a chat and switch sends MSG-ID: MXOC-DEVICE-NOTIFY MSG-VER: V1 DEVICE-ID: <snip> MXOC-TOKEN: MXOC-TIMESTAMP: 1721596480.2041769 Then MSG-ID: DEVICE-CONN-INFO MSG-VER: V1 DEVICE-ID: <snip> HOST-KEY: ssh-rsa <snip> HMAC: <snip> SSH-2.0-Go And then the TCP RESET from the mist end. the Meraki MX has done something to the packet the server does not like... Case 11978964 (for all the packet captures)

CharlieCrackle · ‎Jul 22 2024

I can confirm I have seen the same behavior. 3 x 9300 stack with aps in different stack members APS would not come on line (the switch would show that the POE supplied and the POE requested was lower) AP have orange light. unplug the long console via the building cabling and all AP would come on line. (you could plug the console back in and it would continue to work) problem with leaving the console plugged in after boot was if a software upgrade occurred the AP would not come back after reloading unless console cable removed and plugged back in. Opened case Meraki unable to reproduce. ONLY solution was to unplug the console cables on all APS.

CharlieCrackle · ‎May 7 2023

the data sheet for the MA-INJ4 says "Gigabit compatible" where in the link you sent does it say the MA-INJ-4 is 2.5G compatible...

CharlieCrackle · ‎May 7 2023

Is the MA-INJ-4 compatible with the MG51 ?? in particular, does it pass through the 2.5G ethernet or limit it to 1Gig ??

CharlieCrackle · ‎Apr 10 2023

If I have a CW-9166i in Cisco Persona, is the ONLY way to change to Meraki to join a controller that has DNAC working so you can do the Change persona and generate the Meraki Serial ? Is there a way that does not require controller and DNAC ?

CharlieCrackle · ‎Apr 4 2023

Is meraki going to support the environmental Sensors ?? Ambient temperature sensor Air quality sensor (Total Volatile Organic Compound [TVOC]) Relative humidity sensor It may look like a Meraki Sensor ? Also, do these Catalyst AP support Bluetooth connections to Meraki sensors ?? Any news when we can turn on the 6Ghz support in AUSTRALIA?

CharlieCrackle · ‎Apr 3 2023

Yes I get it now, it was not clear in my head it is the client end. I was thinking meraki could list clients that were presenting old protocols. I was amazed today how many emails I got from clients today regarding this. Most customers have no clue what their devices support. Kudos to Meraki for having a down day to highlight the issue to customers that have no inventory or IT support any more due to cut backs.

CharlieCrackle · ‎Apr 2 2023

I have had a few customers reach out to me about the Merkai Email Sent to them. =================================================== Hello valued Meraki customer, Meraki will be discontinuing support for versions 1.0 and 1.1 of the Transport Layer Security (TLS) protocol used by wireless devices to communicate with Meraki Authentication. In order to facilitate the provisioning of enhanced security features, we will be requiring all customers to upgrade, at a minimum, to TLS version 1.2. This change will only affect wireless devices using TLS versions 1.0 and 1.1 when connecting to the Meraki Authentication server. Timing: Due to security requirements, we do not have the ability to determine which of your devices, if any, are currently using the prior versions of the TLS protocol. In an effort to help you identify these devices, we will be temporarily disabling support for TLS 1.0 and 1.1 as a test. This action will cause a planned disruption of device connectivity, which will begin at 12:00 am PST on April 19, 2023 and end at 12:00 am PST on April 20, 2023. Any devices that experience an issue with connectivity during the test period may be using the prior versions of the TLS protocol. Final retirement of TLS 1.0 and 1.1 will take place on May 17, 2023. Required action: Please plan for the 24-hour test period accordingly. If any of your devices experience an issue with connectivity during the planned test period outlined above, you may be required to upgrade to TLS 1.2 or a later version. To help you determine where potentially-affected devices may be located, a list of your organizations with Meraki Authentication enabled =================================================== Why can Merkai not flag the clients using the OLD TLS protocols ??? Would make it much easier to know the issues before 19April. A hospital cannot have wifi devices down for a day for testing.

About CharlieCrackle

CharlieCrackle

Charles Clare

Community Record

Badges