The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About HodyCrouch
HodyCrouch

HodyCrouch

Building a reputation

Member since Nov 2, 2017

‎10-09-2019
Kudos from
User Count
jonesr1
jonesr1
1
jdavis721
jdavis721
1
aryan-jain
aryan-jain
1
JK58
JK58
1
BrechtSchamp
BrechtSchamp
15
View All
Kudos given to
User Count
kYutobi
kYutobi
1
BrechtSchamp
BrechtSchamp
2
Brady
Meraki Alumni (Retired) Brady
1
PhilipDAth
Kind of a big deal PhilipDAth
1
CarolineS
Community Manager CarolineS
1
View All

Community Record

111
Posts
146
Kudos
23
Solutions

Badges

Year 1 -
1st Birthday
Year 5 - Solver Award
100 Posts
50 Posts
25 Posts View All
Latest Contributions by HodyCrouch
  • Topics HodyCrouch has Participated In
  • Latest Contributions by HodyCrouch
  • « Previous
    • 1
    • 2
    • 3
    • 4
  • Next »

Re: Remove manually added clients in Dashboard.

by HodyCrouch in Wireless LAN
‎10-09-2019 06:47 PM
‎10-09-2019 06:47 PM
I don't see the Forget button on my dashboard either.  This might be a region-specific feature or related to GDPR compliance.   In any case, I believe that setting the group policy to Normal is the closest you can come to removing the client setting unless you have the extra privacy settings enabled in your region.  This is just a guess and an area that Meraki support should be able to provide more detail. ... View more

Re: Remove manually added clients in Dashboard.

by HodyCrouch in Wireless LAN
‎09-16-2019 07:14 PM
1 Kudo
‎09-16-2019 07:14 PM
1 Kudo
I think you want to remove the policy you assigned to the client (with the wrong MAC address).  Your screenshot provides a hint with the "only clients with a policy" in the text.   For more details, take a look at the following older post.  I know it's talking about blocked clients, but you can use the same steps to remove whitelisted clients.   https://community.meraki.com/t5/Wireless-LAN/How-to-check-the-blocked-clients-list/m-p/7765 ... View more

Re: When I push my most recent app version, it erases the data in the app t...

by HodyCrouch in Mobile Device Management
‎09-07-2019 11:29 AM
‎09-07-2019 11:29 AM
I don’t have anything Meraki-specific to share. If possible, you should test the app upgrade path independent of any MDM solution (rebuilt from a previous version if necessary) and confirm that data is preserved correctly.  If you make changes related to how you store data, it can appear that everything got deleted, when your new version is just trying to access the information somewhere else.   with that said, I can’t think of any MDM setting that would update an app in place and remove stored user data. ... View more

Re: how to remove wireless whitelisted clients

by HodyCrouch in Wireless LAN
‎08-09-2019 07:56 AM
‎08-09-2019 07:56 AM
Take a look at this previous topic.   https://community.meraki.com/t5/Wireless-LAN/How-to-check-the-blocked-clients-list/m-p/7765 ... View more

Re: What source IP addresses (or domains) will attempt to connect to my RAD...

by HodyCrouch in Wireless LAN
‎08-09-2019 05:22 AM
‎08-09-2019 05:22 AM
I don't think anyone has mentioned the impact of the "RADIUS Proxy" setting on the Access Control Configuration page.   If you do not use RADIUS Proxy, I believe the RADIUS messages will originate from the management interface of each access point.   If you do use RADIUS Proxy, the messages will originate from Meraki cloud as indicated on the firewall info page.   In one of my networks where I use RADIUS proxy, the firewall info page shows a line for port 1812 where the source IP contains three networks (two /24 and one /20).  The destination IP shows the addresses of my two RADIUS servers.  When I did the initial setup, I added the three Meraki-provided CIDR ranges as allowed clients in my RADIUS configuration. ... View more

Re: Network lab/sandbox for Z3

by HodyCrouch in Developers & APIs
‎06-14-2019 06:58 AM
2 Kudos
‎06-14-2019 06:58 AM
2 Kudos
I'm not sure what you're trying to test, but you might be able to meet your need using a Meraki Dashboard Live Demo.  If you don't already have a demo account, try this link: https://meraki.cisco.com/form/demo   With a live demo, you can create new networks in Meraki Dashboard and add whatever hardware you want.  It's not a real network, but a fair amount of fake data will appear in dashboard and you will be able to make whatever configuration changes you need.   Of course, you can also work with your Meraki sales rep to get a reasonable amount of demo hardware. ... View more

Re: Please Help! How to get Location Heatmap Data

by HodyCrouch in Developers & APIs
‎06-04-2019 04:58 AM
1 Kudo
‎06-04-2019 04:58 AM
1 Kudo
The heat map data is not available through any public API.   You can use the Location API to receive all location information and use that data to built your own heatmap.  Showing locations on a map is relatively simple.  Producing your own heat map would take more effort. ... View more

Re: WiFi over Radius Servber with diferfent SSID's

by HodyCrouch in Wireless LAN
‎05-29-2019 05:14 AM
3 Kudos
‎05-29-2019 05:14 AM
3 Kudos
The better approach is to have your RADIUS server correctly authenticate users based on the SSID.  The SSID is sent to the RADIUS server as the Called-Station-ID.   If you can't get your RADIUS server to support this use case, here's an alternate approach.  I will admit that this approach is a bit clunky, but you're only trying to make this work for one person.   1. Set the BOSS ssid to use a Splash page and use Meraki authentication.  I would also set the captive portal strength to block all access.   2. Create a group policy and set it to bypass the splash page.   3. Assign the new group policy to each device belonging to the boss.  I suggest using the per-SSID group policy assignment so that you only assign this policy on the special SSID.   Other devices will be able to connect to the BOSS ssid, but they will only get the splash page and they won't have a Meraki user to login.   That should be enough to make this work.  I guess some people need to be more equal than others. ... View more

Re: Location analytics

by HodyCrouch in Developers & APIs
‎05-24-2019 06:33 AM
‎05-24-2019 06:33 AM
You're correct that Meraki needs at least three access points to triangulate client location.   You will get more reliable location data within the area defined by your set of access points (technically, within the two-dimensional convex hull defined by your access points).  Outside of that area, Meraki tries to determine a location, but the results aren't as good as you'll see inside the area.   If you want really good location data, you should think about every possible position on your property.  At each point, consider four directional quadrants.  You want an access point in 3 out of those 4 quadrants within a range of about 3m to 25m (not the exact numbers, just from memory).  You won't get a perfect layout, but this is a way to approximate the quality of your plan from a location accuracy perspective. ... View more

Re: EXCAP custom splash with facebook / twitter sign-on

by HodyCrouch in Security / SD-WAN
‎05-13-2019 02:11 PM
2 Kudos
‎05-13-2019 02:11 PM
2 Kudos
Be prepared for some pain when you try to keep Facebook login working in a captive portal environment.  The web resources accessed by the login pages do change from time to time and you're going to need to keep your walled garden ranges up to date.  You will find some resources online to help, but there's no substitute for testing and monitoring.   It sounds like you've selected a client-based login flow using Javascript (I'm partially guessing here).  If so, reconsider that decision if possible.  You're really setting yourself up for a world of future pain.  I have found the server-to-server flows to be more stable.  You also get a better place to monitor for user issues.   You should also be careful about your Facebook application permissions, as they control what data is shared with you.   On a related subject, make sure you do some testing with other Facebook accounts.  You may find that permissions seem pretty loose when using your own account, if you also created the Facebook application and related tokens yourself.  When using other accounts, you often need to go through Facebook's review process to be able to access the data you need.   Facebook WiFi provides for a pretty narrow use case.  I'm not surprised you've decided to create your own solution.   Not sure if that's the information you were looking for.  Feel free to ask if you have further questions.  I've been spending more time with unique captive portal promotions based on customer behavior rather than on specific social login scenarios.  My info may be a little rusty. ... View more

Re: License Shortened after adding a license

by HodyCrouch in Dashboard & Administration
‎05-06-2019 04:19 PM
‎05-06-2019 04:19 PM
This article should clarify what happened when you added the new license and it was spread across all of your devices. https://documentation.meraki.com/zGeneral_Administration/Licensing/Cisco_Meraki_Licensing_Guidelines_and_Limitations/The_Science_Behind_Licensing_Co-Termination ... View more

Re: Internet should block until passed to click-through splash page

by HodyCrouch in Wireless LAN
‎04-30-2019 03:52 AM
1 Kudo
‎04-30-2019 03:52 AM
1 Kudo
Take a look at Wireless > Access Control (and make sure your guest SSID is selected at the top).   Locate the "Captive Portal Strength" setting.  If you "Allow non-HTTP traffic prior to sign-on", users will be able to access the internet for most purposes without going through your captive portal page. ... View more

Re: API reading of templates and Radio Settings

by HodyCrouch in Developers & APIs
‎04-25-2019 06:58 AM
4 Kudos
‎04-25-2019 06:58 AM
4 Kudos
This shouldn't be too difficult using the Dashboard API.   Start with a call to get the inventory.  This will include the serial and networkId for all devices.   You will then have to loop through all of the devices and call    /networks/{networkId}/devices/{serial}/wireless/radioSettings   Each call will return the device serial and rfProfileId.   You will be working against the API rate limit, so make sure your script is throttled and that you include some retry logic.   You should be able to get through a few thousand access points in less than 5 minutes. ... View more

Re: Move an AP between networks / Organizations

by HodyCrouch in Wireless LAN
‎04-22-2019 12:32 PM
2 Kudos
‎04-22-2019 12:32 PM
2 Kudos
@BretD is correct that you will need help from support to move the licenses.  Don't let that stop you from getting the network up and going.  There's a grace period to get the license issue solved.   When you unclaim devices, there's a period of time before you can claim the device in a different organization.  Meraki's documentation suggests around 5-10 minutes.   There's really no difference between your 2nd and 3rd scenarios.  The steps you follow to move the device around are the same. ... View more

Re: Meraki click-trough EXCAP - complete form workaround

by HodyCrouch in Wireless LAN
‎04-11-2019 06:47 AM
1 Kudo
‎04-11-2019 06:47 AM
1 Kudo
I think Sign-on Splash is going to be your best solution.  You can configure Sign-on Splash to use your radius server for authentication.   This approach provides the same level of flexibility as click-through splash and you can do whatever voucher validation you want.  You then send the user to the login url with pre-filled username/password.  These values can be one-time use, if you need.   Meraki then sends an access-request to your radius server, so you can confirm that the login is valid. ... View more

Re: WiFi disconnecting devices

by HodyCrouch in Wireless LAN
‎04-10-2019 06:29 AM
1 Kudo
‎04-10-2019 06:29 AM
1 Kudo
The log entries actually show that the splash page frequency is configured to one hour (3600 seconds).  Look at each line that shows a Splash Authentication.   As suggested by @kYutobi , you should modify the Splash Page Frequency setting. ... View more

Re: DHCP Issue on 2 SSID wireless network with 2 different gateways. MR33 &...

by HodyCrouch in Wireless LAN
‎04-08-2019 06:41 AM
3 Kudos
‎04-08-2019 06:41 AM
3 Kudos
Have you considered VLAN tagging?   You can set your guest SSID to tag with a different VLAN and use the "different gateway" to provide DHCP.  That approach would provide you with the level of control you're looking for over the traffic routing. ... View more

Re: login user by API

by HodyCrouch in Wireless LAN
‎03-20-2019 06:27 AM
‎03-20-2019 06:27 AM
You probably already know... Meraki supports both "Click-thru Splash" and "Login Splash" for captive portal.  The click-thru doesn't include mauth and doesn't use RADIUS to verify the credentials.  Login splash provides a destination URL to authorize the client.   With your mobile app and proper walled garden, you don't need to show the captive portal page at all.   Instead, have your back-end server call the appropriate Meraki Dashboard API.   PUT/networks/[id]/clients/[mac]/splashAuthorizationStatus   or   PUT/networks/[networkId]/clients/[mac]/policy   To use the second option, you would create a group policy that allows the client device to skip the captive portal page.  With the first option, the authorization automatically expires.  Group policies remain until you remove or change them. ... View more

Re: login user by API

by HodyCrouch in Wireless LAN
‎03-19-2019 10:16 AM
2 Kudos
‎03-19-2019 10:16 AM
2 Kudos
You can use the "Walled Garden" to allow traffic between your mobile application and a back-end system that you control prior to any type of login.  Your application would authenticate the user using your back-end system, which would then use Meraki's API to either set the splash authorization for the client or apply a group policy.  Note that obtaining the client mac address may be challenging with this approach.   You could also provide a special SSID for your application-based connections, use WPA2-Enterprise with RADIUS, and code your application to programmatically connect to the SSID.  You would need a custom RADIUS server to authenticate your mobile app users correctly.   Generating a user-specific WiFi profile might be another viable option, although I haven't thought through all of the details. ... View more

Re: Doubt of graphs of the section Organization/Summary report

by HodyCrouch in Wireless LAN
‎03-14-2019 12:42 PM
2 Kudos
‎03-14-2019 12:42 PM
2 Kudos
I checked one of my own organizations and I see the same behavior (more jagged lines in the report for Feb 18 - Feb 24).  I didn't make any WiFi configuration changes in your two time periods.   My guess is that Meraki stores usage data at a high resolution for a limited period of time and keeps lower resolution usage data available for a longer period.  It feels like they are using 30 days at the approximate cutoff.   In a few quick tests, I found that the summary report showed higher resolution usage data whenever the start date of the report was within the last 30 days.  Any older than that and the entire usage data plot showed lower resolution data.   Again, just a guess so check it out for yourself and see if you agree. ... View more

Re: Meraki Equipment and Dashboard Connectivity

by HodyCrouch in Dashboard & Administration
‎03-07-2019 07:35 AM
2 Kudos
‎03-07-2019 07:35 AM
2 Kudos
You should start by logging in to Meraki Dashboard and looking at Help > Firewall Info.  That page will show you the required firewall rules to allow Meraki equipment to communicate with the dashboard.   With brand new (or factory reset gear), it's generally a good idea to connect them somewhere with DHCP and Internet access to allow the initial configuration to be downloaded.  After that, you can do whatever you want. ... View more

Re: How to get Started?

by HodyCrouch in Developers & APIs
‎03-04-2019 07:08 AM
2 Kudos
‎03-04-2019 07:08 AM
2 Kudos
The devnet sandbox is a good place to start.  When you open the sandbox, you should see a username and password that you can use to login to Meraki Dashboard at meraki.cisco.com.  You will also see an API key that you can use with the dashboard APIs.   Once you login to Meraki Dashboard (using the credentials from the Sandbox page), go to Help > API docs.   https://create.meraki.io/ is also a great resource for getting started. ... View more

Re: Changing User Splash Page Frequency with API

by HodyCrouch in Developers & APIs
‎02-28-2019 05:07 AM
‎02-28-2019 05:07 AM
The Dashboard API does not currently allow you to set different policies by SSID for a client (according to the documentation).   For a possible workaround, take a look at this thread.  I haven't tried this approach myself.  You would have to figure out what value corresponds to your group policy.   https://community.meraki.com/t5/Wireless-LAN/API-Block-a-device-from-an-SSID/m-p/37958#M5965 ... View more

Re: NAT vs Bridged mode, How does it work?

by HodyCrouch in Dashboard & Administration
‎02-18-2019 06:37 AM
‎02-18-2019 06:37 AM
Meraki does use standard ports and protocols for cloud management.  Some customers have additional communication needs for things like splash pages, RADIUS, Meraki APIs and so-on.  If you only need to support cloud management, you can probably use a single set of rules.   You might consider contacting Meraki support directly for assistance.  They may be able to provide more details. ... View more

Re: NAT vs Bridged mode, How does it work?

by HodyCrouch in Dashboard & Administration
‎02-18-2019 06:09 AM
2 Kudos
‎02-18-2019 06:09 AM
2 Kudos
The exact ranges vary by customer and the specific features being used.   From Meraki Dashboard, go to the Help drop-down (top-right) and select "Firewall Info".  You will see a list of source, destination, port, port, protocol, direction, and description.  This information should allow you to correctly configure your firewall rules. ... View more
  • « Previous
    • 1
    • 2
    • 3
    • 4
  • Next »
Kudos from
User Count
jonesr1
jonesr1
1
jdavis721
jdavis721
1
aryan-jain
aryan-jain
1
JK58
JK58
1
BrechtSchamp
BrechtSchamp
15
View All
Kudos given to
User Count
kYutobi
kYutobi
1
BrechtSchamp
BrechtSchamp
2
Brady
Meraki Alumni (Retired) Brady
1
PhilipDAth
Kind of a big deal PhilipDAth
1
CarolineS
Community Manager CarolineS
1
View All
My Accepted Solutions
Subject Views Posted

Re: Internet should block until passed to click-through splash page

Wireless LAN
2440 ‎04-30-2019 03:52 AM

Re: API reading of templates and Radio Settings

Developers & APIs
2192 ‎04-25-2019 06:58 AM

Re: Doubt of graphs of the section Organization/Summary report

Wireless LAN
3085 ‎03-14-2019 12:42 PM

Re: Meraki Equipment and Dashboard Connectivity

Dashboard & Administration
2358 ‎03-07-2019 07:35 AM

Re: Client Events API call - oldest events first or am I not parsing correc...

Developers & APIs
4321 ‎01-30-2019 11:07 AM

Re: Get Networks returning 404

Developers & APIs
4289 ‎01-16-2019 07:51 AM

Re: Licenses

Wireless LAN
2501 ‎01-14-2019 12:36 PM

Re: Android managed app settings payload

Mobile Device Management
2397 ‎12-14-2018 12:55 PM

Re: Seeing All Blocked Devices

Dashboard & Administration
5281 ‎11-19-2018 09:53 AM

Re: Connected user/device

Developers & APIs
2216 ‎09-06-2018 05:30 AM
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Share your nostalgic networking stories. Win swag!

Community Announcements
16 12428

Re: How to check the blocked clients list

Wireless LAN
5 18952

Re: API reading of templates and Radio Settings

Developers & APIs
4 2192

Re: Licenses

Wireless LAN
4 2501

Re: Mac Address Hashing Algorithm

Wireless LAN
4 3146
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Cookies
  • Terms of Use
© 2023 Meraki