The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About DBlum
DBlum

DBlum

Getting noticed

Member since Aug 7, 2019

3 weeks ago
Kudos from
User Count
WTorres
WTorres
1
Gary_Rowe
Gary_Rowe
1
Twitch
Twitch
2
PhilipDAth
Kind of a big deal PhilipDAth
1
View All
Kudos given to
User Count
PhilipDAth
Kind of a big deal PhilipDAth
1
View All

Community Record

26
Posts
5
Kudos
0
Solutions

Badges

First 5 Posts
Lift-Off View All
Latest Contributions by DBlum
  • Topics DBlum has Participated In
  • Latest Contributions by DBlum

Re: Wi-Fi Clients being Disassociated due to "excess frame loss"

by DBlum in Wireless LAN
‎02-06-2023 03:45 PM
‎02-06-2023 03:45 PM
Has there been any update?  We are still seeing issues and just put a new bldg up and of course half the clients are not working properly.  Another weird issue we are experiencing with layer3 is that these devices are also getting apipa addresses and dhcp (going through switch) is not assigning proper ip's some oft the time. ... View more

Re: Wi-Fi Clients being Disassociated due to "excess frame loss"

by DBlum in Wireless LAN
‎01-23-2023 05:06 PM
‎01-23-2023 05:06 PM
We are going to try and problematic clients to 802.11n in settings of their devices for now. ... View more

Re: Wi-Fi Clients being Disassociated due to "excess frame loss"

by DBlum in Wireless LAN
‎01-18-2023 06:04 PM
2 Kudos
‎01-18-2023 06:04 PM
2 Kudos
I checked some other sites running 28.6 and seeing excess frame loss for some clients that are disassociating.  I did a little more digging and it seems to mostly affect 802.11ax and 802.11ac clients and havent seen it affecting 802.11n clients ... View more

Re: Wi-Fi Clients being Disassociated due to "excess frame loss"

by DBlum in Wireless LAN
‎01-18-2023 01:45 PM
‎01-18-2023 01:45 PM
We are also seeing issues with this on MR44, MR46 in various deployments and running 29.4.1 ... View more

Re: Google.com incorrectly Geolocated

by DBlum in Security / SD-WAN
‎09-26-2021 10:37 AM
‎09-26-2021 10:37 AM
I 100% percent agree with us, how can a company such a Cisco be reliant on an outside third-party to provide security updates to their infrastructure and how it allows outside traffic to pass through their hardware to companies that pay for a “Cisco” service. What were to happen if this third-party was attacked and they changed the routing tables such as a ransomware or C2 site to somewhere inside the United States that was not being blocked. ... View more

Re: Google.com incorrectly Geolocated

by DBlum in Security / SD-WAN
‎09-24-2021 12:02 PM
1 Kudo
‎09-24-2021 12:02 PM
1 Kudo
Can you let us know who your geolocation vendor is and see if they have a lookup tool? ... View more

Re: No "google" services all of a sudden ? - What the *beeb* is going on ?

by DBlum in Security / SD-WAN
‎09-24-2021 11:09 AM
‎09-24-2021 11:09 AM
I think based on the size log it would create there is no way for meraki to have something in the portal. ... View more

Re: Google.com incorrectly Geolocated

by DBlum in Security / SD-WAN
‎09-24-2021 11:08 AM
1 Kudo
‎09-24-2021 11:08 AM
1 Kudo
I am just curious how it only affects a small subset of customers as well?  Every single one of my clients (100's of sites, tens of thousands of users) were affected if Hong Kong was being blocked.  I would assume every single end user that had Hong Kong blocked would be affected by this and hopefully this issue will now expedite anything could help notify us.  It would almost be impossible for a geolocation log to be created for the vast size it would be for every single site.   Thank you ... View more

Cisco AnyConnect Certificate Warnings MX95

by DBlum in Security / SD-WAN
‎08-06-2021 12:22 PM
‎08-06-2021 12:22 PM
Appliance updated to 16.9 and now end users are getting certificate is not secure issues and only way to work is selecting allow untrusted servers which is not really viable.  Tried rolling back to previous version and still getting the error. GA for MX95 is 16x and per all documentation on AnyConnect it will no longer be beta when 16x is GA so I don't really have any options that I know of.  Any thoughts on what can be done to dix? ... View more
Labels:
  • Labels:
  • Client VPN

Wireless roaming for client to AP's - not connecting to closest one

by DBlum in Wireless LAN
‎10-14-2020 11:32 AM
‎10-14-2020 11:32 AM
Having a weird issue where clients connecting to the SSID will randomly be switched to an access point on the other side of the building with drops the service.  SSID is on the same VLAN and is configured to bridge mode and has band steering on and both access points have less than 10 clients connecting to them.  Any thoughts on what could be causing this? Thank you ... View more

Properly move NAT config from existing router

by DBlum in Security / SD-WAN
‎08-05-2020 07:05 PM
‎08-05-2020 07:05 PM
We are transitioning a microtik router to an MX84 and was wondering the proper config for the following: Two WAN Ports   Route all traffic from one vlan (guestwifi - 192.168.4.x) to uplink 2 Route all regular traffic (192.168.1.x) to uplink 1  ... View more

Re: Site to Site VPN from Meraki that replaced ASA

by DBlum in Security / SD-WAN
‎06-09-2020 04:36 PM
1 Kudo
‎06-09-2020 04:36 PM
1 Kudo
We have the whole subnet as part of the VPN...the other side ended up opening up their policy (juniper we found out) and it is communicating now.  Thank you again for your help ... View more

Re: Site to Site VPN from Meraki that replaced ASA

by DBlum in Security / SD-WAN
‎06-09-2020 01:05 PM
‎06-09-2020 01:05 PM
Would you recommend just taking the NAT out of the equation (ie the provider said we can change the internal server ip to address on current subnet) to allow connectivity? Thank you ... View more

Site to Site VPN from Meraki that replaced ASA

by DBlum in Security / SD-WAN
‎06-09-2020 08:04 AM
‎06-09-2020 08:04 AM
We are having an issue where we had to replace an ASA5505 and before there was a site to site vpn and now with the current MX64 the connection is not working.  Here was the config from the ASA for the VPN:   name 1.2.3.4 Diag description Diag VPN   access-list outside_1_cryptomap extended permit ip host 10.0.20.45 Diag 255.255.255.248 access-list inside_nat_static extended permit ip host LocalServer Diag 255.255.255.248 static (inside,outside) 10.0.20.45 access-list inside_nat_static   crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set peer 4.5.6.7 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map 1 set security-association lifetime seconds 14400 crypto map outside_map 1 set security-association lifetime kilobytes 10000 crypto map outside_map interface outside crypto isakmp enable inside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400   tunnel-group 4.5.6.7 type ipsec-l2l tunnel-group 4.5.6.7 ipsec-attributes pre-shared-key xxxxx peer-id-validate nocheck isakmp keepalive disable     Current Meraki Connection is set to Public IP 4.5.6.7 Private Subnet 10.0.20.45/29 IP SEC Policy PH1 - 3DES / SHA1 / DH2  / Timeout 14400 PH2 - 3DES / SHA1 / PFS off / Timeout 14400   Event log shows   Non-Meraki / Client VPN negotiation msg: failed to pre-process ph2 packet (side: 1, status: 1). Non-Meraki / Client VPN negotiation msg: failed to get sainfo. Non-Meraki / Client VPN negotiation msg: initiate new phase 2 negotiation: Local_PublicIP[500]<=>4.5.6.7[500] Non-Meraki / Client VPN negotiation msg: IPsec-SA expired: ESP/Tunnel 4.5.6.7[500]->Local_PublicIP[500] spi=178891342(0xaa9acb0) Non-Meraki / Client VPN negotiation msg: failed to pre-process ph2 packet (side: 1, status: 1). Non-Meraki / Client VPN negotiation msg: failed to get sainfo. Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established Local_PublicIP[500]-4.5.6.7[500] spi:5407379688442cfd:315d9f4a0c478522 Non-Meraki / Client VPN negotiation msg: initiate new phase 2 negotiation: Local_PublicIP[500]<=>4.5.6.7[500] VPN registry connectivity change vpn_type: site-to-site, connectivity: true Non-Meraki / Client VPN negotiation msg: failed to pre-process ph2 packet (side: 1, status: 1). Non-Meraki / Client VPN negotiation msg: failed to get sainfo. Non-Meraki / Client VPN negotiation msg: IPsec-SA expired: ESP/Tunnel 4.5.6.7[500]->Local_PublicIP[500] spi=108337968(0x6751b30) Non-Meraki / Client VPN negotiation msg: pfkey DELETE failed: No such process Non-Meraki / Client VPN negotiation msg: ISAKMP-SA deleted Local_PublicIP[500]-4.5.6.7[500] spi:74f722074d7dc223:2e10212799bd830f Non-Meraki / Client VPN negotiation msg: purged ISAKMP-SA spi=74f722074d7dc223:2e10212799bd830f. Non-Meraki / Client VPN negotiation msg: purged IPsec-SA spi=0. Non-Meraki / Client VPN negotiation msg: Unknown IPsec-SA spi=0, hmmmm? Non-Meraki / Client VPN negotiation msg: purging ISAKMP-SA spi=74f722074d7dc223:2e10212799bd830f.     Any thoughts?  Thank you ... View more

Re: Meraki MX Speed Issues with Cox Communications

by DBlum in Security / SD-WAN
‎05-22-2020 04:31 AM
‎05-22-2020 04:31 AM
Auto vpn  ... View more

Re: Meraki MX Speed Issues with Cox Communications

by DBlum in Security / SD-WAN
‎05-22-2020 03:14 AM
‎05-22-2020 03:14 AM
So I think I found the issue but I cant explain it...I disabled the site to site vpn because there was a ton of UDP hits on it and as soon as I did that the speed is back to normal.  The UDP hits is due to a testing apparatus at one office sending the data to the the main office.  Is there any reason this high hit of UDP packets would cause this issue?  Here is a sample of the packets (ip addresses have been modified):   1682 7.535586 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1683 7.535598 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1684 7.535624 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1685 7.536136 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1686 7.536139 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1687 7.536161 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1898 7.567805 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88 1899 7.567849 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88 1900 7.567898 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88 1901 7.568474 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88 1902 7.568530 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88 ... View more

Re: Meraki MX Speed Issues with Cox Communications

by DBlum in Security / SD-WAN
‎05-22-2020 02:41 AM
‎05-22-2020 02:41 AM
Yes, again it is the weirdest thing because the appliance at my home office is getting 200mb on dashboard and plugging in either third party router or laptop directly into cable modem at office gets the proper 100 down. ... View more

Re: Meraki MX Speed Issues with Cox Communications

by DBlum in Security / SD-WAN
‎05-21-2020 07:29 PM
‎05-21-2020 07:29 PM
Wireshark will not allow me to obfuscate public ip's    ... View more

Re: Meraki MX Speed Issues with Cox Communications

by DBlum in Security / SD-WAN
‎05-21-2020 06:56 PM
‎05-21-2020 06:56 PM
Weird thing is I bring the device to my home office and use same cox broadbank and 200+ on throughput test ... View more

Re: Meraki MX Speed Issues with Cox Communications

by DBlum in Security / SD-WAN
‎05-21-2020 06:53 PM
‎05-21-2020 06:53 PM
Nothing abnormal on packet capture, is there anything I should be looking for besides what you put?  I tried disabling AMP and IPS and get the same speed drop.  I can attach pcap if you think that will help? Thank you ... View more

Meraki MX Speed Issues with Cox Communications

by DBlum in Security / SD-WAN
‎05-21-2020 04:05 PM
‎05-21-2020 04:05 PM
We originally saw speed issues utilizing the MX67W where the throughput on a 100MB connection was at best 5MB/s.  This is what we have tried so far:   1. We are on our fourth meraki mx67w that support keeps sending us and still have the issues 2. I have put a new cable modem in and still have the issues 3. I have disabled the wireless and still have the same issues 4. Replaced all network cables and tried with no devices connected and portal still shows 5mb/s 5. Plugging meraki mx into home network I get full connection speed   If we plug in another router (netgear) we get the full 100mb connection.  Meraki support has no clue and wondering if anyone else is experiencing similar issues or has any other suggestions. ... View more

Layer 7 Country Filtering blocking office.com

by DBlum in Security / SD-WAN
‎01-04-2020 05:00 AM
‎01-04-2020 05:00 AM
We have a layer 7 filter to deny traffic to/from all countries except: Canada, France, Germany, Ireland, Netherlands, Sweden, Switzerland, UK, USA   For some reason this is blocking the ability to goto office.com, we are able to go to other microsoft sites but was wondering if anyone knew what countries we should allow for traffic to flow?  I have tried to whitelist the url as well as turning off AMP with no luck. ... View more

Re: Meraki MS225 issues with Synology Surveillance

by DBlum in Switching
‎08-07-2019 06:32 PM
‎08-07-2019 06:32 PM
19 total cameras, cpu and ram show under 8%.  Affects pretty much every camera.  The synology rep had me update the surveillance station software to a new one that just came out with no luck. ... View more

Re: Meraki MS225 issues with Synology Surveillance

by DBlum in Switching
‎08-07-2019 06:28 PM
‎08-07-2019 06:28 PM
We have the RS3617XS+ (maxed out ram and 1TB ssd cache) and have the fps at 10-12.  We are running some Axis 180's and Hikvision 8MP Varifocals ... View more

Re: Meraki MS225 issues with Synology Surveillance

by DBlum in Switching
‎08-07-2019 05:17 PM
‎08-07-2019 05:17 PM
We have all the ports setup as access ports based on a single VLAN for the network.  A few of the cameras reside over a Ubiquiti CPE (which gets around 800mbps so speed is not an issue there) and that port is connected to the meraki as an access port as well.  All the ports and devices have the same speed and duplex except for the nvr which is running at 10Gig on the uplink port.  Thank you ... View more
Kudos from
User Count
WTorres
WTorres
1
Gary_Rowe
Gary_Rowe
1
Twitch
Twitch
2
PhilipDAth
Kind of a big deal PhilipDAth
1
View All
Kudos given to
User Count
PhilipDAth
Kind of a big deal PhilipDAth
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Wi-Fi Clients being Disassociated due to "excess frame loss"

Wireless LAN
2 13144

Re: Google.com incorrectly Geolocated

Security / SD-WAN
1 22164

Re: Google.com incorrectly Geolocated

Security / SD-WAN
1 23098

Re: Site to Site VPN from Meraki that replaced ASA

Security / SD-WAN
1 2063
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki