Community Record
16
Posts
0
Kudos
0
Solutions
Badges
Mar 5 2018
1:40 PM
Thank you for the fast response I know I have not done any traffic shaping on the unit at all. I am glad to see you are getting great speeds so it is possible. I will check into the traffic shaping settings to see what can be tweaked. But nothing was setup out of the box. Many thanks
... View more
Mar 5 2018
1:15 PM
Hello All. This summer we installed a MX100 firewall. At the time we only had the enterprise license and not the Advanced license. We had an old Barracuda 310 webfilter in place. Well we recently upgraded to a spectrum 200Mps/20Mps pipe and if we plug directly into the Spectrum modem the speeds are right where they are supposed to be. However on the network they are still a little bit over 100Mps down and they should be 200Mps down. So we assumed that the barracuda might be to blame because it is only rated at 100Mps throughput. So we upgraded to the Advanced license on the MX (we were going to do this anyway) and removed the cuda. And, the network throughput is still only a bit over 100Mps down. Now I know that the MX100 is doing a lot but is it possible that this higher end firewall can not support speeds over 100Mps? Thanks Dave
... View more
Feb 20 2018
5:59 PM
Thanks so much for your input. I truly appreciate it!
... View more
Feb 20 2018
9:53 AM
Thank you for the response. I did see the section to add traffic shaping rules. However, it seems like those only apply to the WAN uplink ports. It is unclear if that is the case or not. If the rules were not confined to the WAN ports this seems like it would work. It seems like getting the network to "trust" the tags is the way to go. Will the Meraki side of things trust the tags by default? Thanks again Dave
... View more
Feb 20 2018
9:07 AM
Hello All. We have a stub network setup with routing rules using LAN ports on the Meraki. One side is MX100 and the other is MX84. The traffic is routing well using this method. This stub network is dedicated to the connection between the locations. It is a wireless internet transport connection via MPLS. So one each side their MPLS gear plugs into a specific LAN port and we have a static route defined. It works very well. Note that this has nothing to do with the Internet connections on both sides (WAN1). The problem we have been having is Voip traffic passing through this point to point link. The Voip provider has asked us to assign QoS tags between each site to prioritize traffic. However, I am not finding where it is possible on the Meraki to do any traffic shaping on the LAN ports. Am I missing something? Perhaps QoS tags need to be assigned on the managed network switches (not Meraki switches)? Thanks for any input. Dave
... View more
Nov 29 2017
9:07 PM
Hello PhillipDAth.. The connection via a stub network on one of the Lan interfaces works great. Just static routes and good to go. However there is now another concern. We are checking into this but we are concerned that the data traversing wireless internet provider MPLS network is not encrypted since it is handed off via a simple layer 2 device. And we can not do an encrypted VPN tunnel via the MX since it requires a WAN connection. We thought about using the WAN 2 connection on each side but I do not think that will work with nat, etc. Do you have any thoughts on how to get the MX to encrypt data over that pipe short of dropping in another router in the mix? Thanks again
... View more
Nov 28 2017
1:57 PM
Ouch...OK..Thanks for the info. I checked the WPAD info and it might be an option for now. Thanks
... View more
Nov 28 2017
1:42 PM
Thanks much. I would love to use the Meraki content filtering. My predecessor did not purchase the license for that. But it is on the table to budget for 2018. As for changing the remote sites default gateway to the MX at the corporate site (where the cuda is located) won't that bypass the static routes defined on the remote sites MX? Sorry if that seems like a stupid question. Thanks again
... View more
Nov 28 2017
12:40 PM
Hello...Thanks much for your assistance. This MPLS stub network worked great. And we will be getting the VPN part up soon. But traffic routes perfectly using the link you sent. However, we discovered an issue. The corporate site (hub in the hub and spoke VPN) has a barracuda web appliance. We would like to route all internet traffic (either via the MPLS or the backup VPN) out that cuda interface. Is there anything we can setup on the Meraki system to force Internet traffic out that interface? I looked at static routes but that does not seem to help. I know in other non meraki VPN's we have setup there is an option to route Internet traffic out a gateway at a remote location. I just can't find it here. Thanks again for any info.
... View more
Nov 26 2017
10:58 AM
Sorry please ignore my last message. I did not fill in the DNS servers when setting up the private address. Thanks again for your help.
... View more
Nov 26 2017
10:52 AM
Yes. Thanks. This is correct in that it is in nat mode. From what I read port 2 would be the second WAN port.. Correct? When I go to configure that port (via logging in locally to the appliance) and try to use a "private" /30 network configuration (192.168.0.0/30) it says the ip configuration is invalid. Is this because the role is defined as Internet and I am trying to use privately routed addresses? If I set it to LAN it does not give me the ability to configure any ip addresses. Thanks again
... View more
Nov 26 2017
9:42 AM
Hello. PhilipDAth.. Thanks very much for the info. Very much appreciated. Excuse my ignorance here but I assume the stub network would be created on port 2 on the appliance? If the port is configured as LAN I can not configure any separate subnets on it. If I change the Role to Internet and set it to static it will not allow me to key in a privately routed address. It says it is invalid ip4. So I guess I am concerned as to how to set this up as a secondary WAN connection with failover. It appears I am missing something basic. Thanks again
... View more
Nov 24 2017
8:08 PM
Hello. We have a MX100 on one end and a MX 84 at another location. At the present time these 2 sites are NOT configured for a site to site VPN. However, we DO want to create a site to site connection but NOT over the primary WAN connection (not yet). Here is the situation. The (2) sites have a unique configuration where they have a site to site WIRELESS bridge solution from a local wireless internet service provider. Basically, they can connect the devices on both ends to their switches and traffic will pass between the (2) sites. It is really like have a super long cable connecting the (2) sites. The devices that terminates this wireless setup are simple Layer 2 devices. However, we want to plug this layer 2 device into port (2) on each MX appliance and configure a VPN (maybe? see below). We want to route traffic over that pipe as if it is a VPN using the traditional method where you have publicly routed static IP addresses assigned. However, since these devices are layer 2 there are no IP addresses assigned. The wireless internet provider says we simply need to assign a private /30 block to the layer 3 device (Meraki) and we can accomplish this goal. However, I have not tried this yet. Will the Meraki appliance allow me to setup a "Direct" static connection in the "Internet" zone using "Private" IP addresses like 10.0.0.x/24? This is basically similar to what you might setup for an intranet router configuration. Can the Meraki be configured in this type of configuration with the Zone being "Internet"? I could scrap the entire VPN idea all together and just configure port (2) with a private /30 address and setup routing rules to handle the traffic. However, if I eventually do decide to setup the existing connections on WAN1 as a point to point VPN can I accomplish WAN failover in the event that one pipe goes down? So basically if this wireless bridge thing goes down can the Meraki failover to a point to point VPN configured on the WAN1 port? Thanks for any info
... View more
