Meraki

Community

About CHAadmin

Re: Host in a DMZ VLAN not accessible from Client VPN

by Kind of a big deal in Security & SD-WAN
‎Dec 20 2024 9:11 PM
‎Dec 20 2024 9:11 PM
A couple of simple things to help isolate the problem:  - If you ping from the VPN client and capture on the MX 'DMZ' interface, do you see the ping requests? If you do, do you see ping replies from the jace? You could also do captures along the path to the Jace. - Can you verify the jace has the correct IP gateway configured?  - Are you able to do ping tests from the Jace? ... View more

Re: STP guard setup - best practices

by in Switching
‎Mar 13 2024 12:41 PM
‎Mar 13 2024 12:41 PM
Sorry to reopen this thread, but I want to see if I understand how UDLD and STP guard should be set up on my topology. Here's the high level image from the dashboard. Very simple hub-spoke. Single uplinks from IDFs (either a stack of two or just a single switch) run back to MS425. Do I enforce UDLD and loop guard both ends, or just the uplink port for the IDF?   ... View more

Re: How to configure Client VPN with Meraki Cloud Auth to only be able to a...

by Kind of a big deal in Security & SD-WAN
‎Feb 11 2024 11:28 AM
‎Feb 11 2024 11:28 AM
If this is using the Microsoft VPN client, you can also create a group policy (in the Meraki Dashboard, and create firewall rules in it) and apply it to the client VPN users.   If you use RADIUS to authenticate the client you can also pass back a Meraki group policy to apply to the use with the Filter-Id RADIUS attribute.  The below article is for MR - but it is the same for client VPN on the MX. https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Using_RADIUS_Attributes_to_Apply_Group_Policies  ... View more

Re: Are bandwidth limits set for a WLAN mutually exclusive?

by in Wireless
‎Nov 7 2017 8:57 AM
1 Kudo
‎Nov 7 2017 8:57 AM
1 Kudo
Hi, I think what you are looking for is published in these articles: https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Global_Bandwidth_Limit_Considerations I think the best practice depends on your environment.   If you setup an SSID bandwith limit of 5Mb/s MR access points in this network will refuse to pass more than a total of 5Mb/s for all clients associated to this SSID. Clients could be further limited by configuring a per-client bandwidth limit, but even a whitelisted client on this SSID would be capped at an absolute maximum of 5Mb/s.   If you have +-350 client devices this would be a good idea but if you have 10 devices you might as well give them some more bandwith.      Cheers, Ben ... View more
© 2025 Cisco Systems, Inc.