Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About KarimB
KarimB
Here to help
Member since Jul 2, 2019
05-07-2020
Community Record
13
Posts
0
Kudos
0
Solutions
Badges
04-23-2020
01:18 AM
errr ... you lost me Uberseehandel. With "other security appliance", I assume you mean the Cisco 881 ? If well, I'm not aware of the " DNS Suffix of Sodor.CaithnessAnalytics.com". At this stage though it works with manual IP & DNS settings (ugly but works). I'll reach out to the Meraki Support as it's clearly something on the Meraki MX wan uplink port. In case Meraki support has no idea. ... I'll have to prove my point with a wireshark traffic capture MX <-> 881 ... but that would force to change the setup and put an intermediate switch in another change window ... I'd wait for vacation time to play with this. Fun to do but now no time ...
... View more
04-21-2020
12:06 AM
Could indeed have been the issue, but in my case it's not, the public ports on the 881 are open (no advanced features like 802.1X) On the 881, the config for that port is <hostname>-881#sh run | s Home ip dhcp pool Home import all network 10.0.2.0 255.255.255.0 default-router 10.0.2.1 dns-server 208.67.222.222 208.67.220.220 lease 2 If I connect a laptop to the 881 directly on that public port with the setup Laptop <-eth cable-> (port 3 public) 881 <-eth cable-> ISP Internet C:\WINDOWS\system32>ipconfig Windows IP Configuration Ethernet adapter Ethernet: Connection-specific DNS Suffix . : cisco.com Link-local IPv6 Address . . . . . : fe80::f158:1dfc:ae0d:aaf1%11 IPv4 Address. . . . . . . . . . . : 10.0.2.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.2.1 C:\WINDOWS\system32>nslookup Address: 208.67.222.222
... View more
04-20-2020
11:06 PM
After another 2 hours of messing up with all possibilities, I gave up and configured static IP, it worked immediately. I'll call Meraki support to understand what could have caused dynamic IP addressing to not work on the MX WAN port.
... View more
04-20-2020
05:19 AM
As the MX is the only device that will interact with the 881, there will be no risk of conflict of IP address. So yes, this would work and I kept it in my backpocket as my plan B. Rather unelegant but likely a solution. The engineer in me however wants to understand what the f&%^ is happening behind the hood. I might have to wireshark it with a router in between the MX and 881.
... View more
04-20-2020
05:17 AM
Can you elaborate on which type of policies conflicted ?
... View more
04-20-2020
02:47 AM
Reset & hard reset (pulling power plug) yes. Factory reset no, didn't see how or why that would help so haven't tried yet.
... View more
04-19-2020
01:35 PM
No. Initial message updated with this info
... View more
04-19-2020
01:35 PM
Thanks - I have those 3 ticked. Works with Laptop, not with MX64 to my own surprise
... View more
04-19-2020
01:30 PM
Thanks for your message - I made one change in the main question to correct the originally incorrect input I do not see overlapping IP ranges. Laptop <-eth cable-> Meraki rtr <-eth cable-> ISP Internet Ethernet adapter Ethernet: IPv4 Address. . . . . . . . . . . : 192.168.1.248 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 Laptop <-eth cable-> (port 3 public) 881 <-eth cable-> ISP Internet Ethernet adapter Ethernet: IPv4 Address. . . . . . . . . . . : 10.0.2.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.2.1
... View more
04-19-2020
07:55 AM
Dear all, I'm currently using the following simple setup for my network - which works well as expected; with the MX64 WAN configured to get its IP address dynamically via DHCP from the WAN uplink MX64 <- ethernet -> ISP router [Update] On the WAN, the MX gets its address/dns dynamically from the uplink The MX runs a DHCP server for its clients: subnet 192.168.1.0/24 (MX interface 192.168.1.1) There are no VLANs configured [/Update] I need to insert a Cisco 881 router that performs various QoS and VPN functions that the MX cannot do. [Update] The 881 runs a DHCP server for its clients with subnet 10.0.2.0 255.255.255.0, and provides DNS servers from uplink [/Update] MX64 <-ethernet-> Cisco 881 <-ethernet-> ISP router In this new setup the MX64 isn't connecting to the Meraki Cloud and local clients cannot reach the internet. When I connect locally on the MX64 (web browser to 192.168.1.1), I see the MX isn't getting IP/DNS from uplink: Ethernet: This security appliance is trying to join a network or find a working ethernet connection Internet:This security appliance is not connected to the Internet Internet: This security appliance does not have a working DNS server When trying to connect other devices than the MX64 in the new setup, everything works well as planned (tried 2 PCs) <-ethernet-> 881 <-ethernet-> ISP router In this last setup (just replacing the MX64 by a laptop), everything works well. The team who configured the 881 is telling me thousands of other users have this config and it works well. As the Meraki MX64 is not connected to the cloud, I can only see locally (on the local 192.168.1.1 interface in a browser) that the MX64 didn't receive an IP address from the WAN uplink. My questions are 1) Under what circumstances would an MX64 not receive or accept IP addresses dynamically from the uplink ? 2) How could I further troubleshoot ? Thanks! Karim.
... View more
09-15-2019
11:59 PM
Thanks All. I have for now moved the mission critical servers into separate VLANs, and used SD-WAN traffic shaping to assign a high priority ratio; and limited during working hours the BW for normal users with group policies. I'll give it a go, and consider a 2nd uplink if the current setup isn't good enough in the future. Thanks, Karim.
... View more
09-15-2019
02:07 AM
Hi Philip, Thanks for your response. The challenge here is that the mission critical servers are terminating VPNs from the internet. So from the MX standpoint to which they are connected, those clients just have 99% UDP traffic (encrypted traffic) - and MX has no visibility into the traffic actually inside. What I'd ideally be looking for is a QoS setting like - Give VLAN 2 or address range 192.168.2.x/24 or set of clients a,b,c "guaranteed 10mbps" - or "Give other VLANs, address ranges or set of clients a maximum aggregated 40 mbps during work hours" Looked around and the only option I see is to tag VLAN 2 (mission critical servers) with DSCP tags and high priority. Is there any way to provide clients of a VLAN guaranteed BW ? Thanks!
... View more
09-14-2019
12:00 PM
Dear all, I have a setup where 2 types of clients are connected to my MX - Business critical devices - endpoint of an encrypted VPN (directly connected to MX) - Non business critical devices & normal users - unencrypted (connected via MS & MR devices) Business critical devices are physically separated from the rest of the devices. How can I provide strict priority for internet access to the business critical devices & prevent non business critical devices from impacting the business critical devices internet access? I so far only found the option to create a group policy with non business critical clients and limit per client bandwidth. May help, but does not ensure some BW is prioritized to business critical devices Thanks in advance! Karim.
... View more
