About rbnielsen

rbnielsen

Since you are replacing an ASA with an MX, I'll just have to say this. A Meraki MX100 is not a Cisco ASA firewall. So don't be surprised if there is some functionality in an ASA that isn't present on an MX. I've had my fair share of rogue Sales persons, thinking an MX can simply replace an ASA, without having looked into the running configuration. You can not assign an IP address to an physical interface of an MX (or any other Meraki product). So in order to obtain what you are depicting, you'll have to create a VLAN on the MX, and assign it an IP, and a SVI interface on your core switch. Just as others already have mentioned. Basically, what you are doing is, a Layer 3 topology as described in https://documentation.meraki.com/Architectures_and_Best_Practices/MX_and_MS_Basic_Recommended_Layer_3_Topology Assuming you are handling DHCP somewhere else, then creating the VLAN on the MX, remember to disable the DHCP server, that is created by default.

rbnielsen

No, it is not possible to configure a PSK shorter than 8 characters.

rbnielsen

To my knowledge, a Meraki MX can not perform spam filtering for email addresses.

rbnielsen

No worries. 🙂 But like I said, if there is no degraded performance, and no-one complains, then there probably isn't that much of a problem. I'd just monitor for now. 🙂

rbnielsen

I suppose. This is my MX64 at home, behind an ADSL modem. The more traffic there is, the more packet loss I'd expect. I doubt most people work during evening and night, and thus not as much traffic as there would be during normal working hours.

rbnielsen

"Yes, I'd like to keep it simple, I guess I'll need an MR then [...]" An MR and probably either a Power Injector or a DC power supply, assuming the ISP router does not provide PoE. The MR33 is a standard indoors AP, with a List Price of USD $649 Then there is an MR30H, which provides 4 switch ports one can use to connect additional client devices. It's marketed toward Hopitality, and has a List Price of USD $599. Finally there is the lowest tier AP, MR20, which has a List Price of USD $299. You might be able to get them cheaper. Like I mentioned, it's a List Price.

rbnielsen

That curve shows ping statistics from the WAN port to (most probably) Google DNS 8.8.8.8. So I would probably assume something between the MX and upstream is dropping icmp packets. Aside from checking L1 at the MX (verify cabling is properly connected, no damage to cables, no dirt on SFP/fiber connectors), I'd open a ticket with your service provider, to verify it isn't something on their end. However, unless you or your users are experiencing any degraded service, I'd probably just leave it alone and monitor.

rbnielsen

In retrospect, that kind of makes sense, actually. I probably wouldn't want an unprovisioned device responding openly to pings. Great find, @SobyKuruvilla !

rbnielsen

Purely out of curiosity, why would you like to disable AX?

rbnielsen

I have seen before, that for some unknown reason, the SFP inserted to an MX, just crashed. Pulling it out, and reinserting the SFP made it come up again. Not sure if that's the case. Perhaps try that?

rbnielsen

I have a CCNA (R&S, Wireless according to the old model), and DevNet Associate. I was working on a CCNP Wireless, but never got to finish it before February. Passed two out of four of the exams, though.

rbnielsen

Ah, sorry, I didn't see your note. If it's the first time registering, it is probably doing first time update. Try and give it some time. It's it probably downloading firmware,upgrading, rebooting a couple of times. What colors in the status LED is the MX showing on the front?

rbnielsen

Your MX450, might not be allowed to reply to ICMP pings. Under Security & SD-WAN -> Firewall what does it say in the filed Security Appliance services?

rbnielsen

What changes do you want to be frozen? If firmware updates are scheduled by Meraki, you are free to cancel them, or reschedule to some other day, which suits you better. No firmware is forced upon.

rbnielsen

You can not SSH to a Meraki Switch. Perhaps take a look at this article; https://documentation.meraki.com/MS/Access_Control/Configuring_802.1X_Access_Policies_on_MS_Switches_using_Windows_2008_NPS Perhaps you can use some of the information in here.

rbnielsen

The builtin wifi in an MX isn't an AP, yes. It lacks many of the functionalities that you have in an MR. But if the MX is placed in some wiring close in the centre of a concrete building, with absolutely no cellular coverage, it's nice to have some Wifi connectivity. I've been in enough situations where I needed to call someone while installing an MX, with no cellular coverage, and still needed connectivity to the MX. Mainly because of troubleshooting the CPE with the ISP.

rbnielsen

If you want to replace the ISPs router, you'll need to ensure that whatever you replace it with is supported. And that the ISP supports you putting your own device. That is not always the case! If you want to replace the router, an MX68W would perhaps be a good replacement. Builtin wireless capabilities, and two PoE+ ports, allow you to add 2 MR APs directly to the MX. Roaming between APs and MX wouldn't be good though, but it'll work (assuming the correct configuration..!). There are alternatives to Cisco Meraki, such as Ubiquity. It also has a cloud management solution, for its network devices, and afair, cheaper. However, I can't speak for how it is, since I have never really had the opportunity to work with it.

rbnielsen

VRT-2207620184848 This is not a Meraki Serial number.

rbnielsen

What @PhilipDAth says is correct. You only need an MR access point, perhaps placed above or near the cashier. If you plan on wanting to do something that can scale, and you're not that IT knowledgeable I'd suggest you get in contact with a local network integration company, that specialises in installing and configuring network devices. This will make sure you have some one to call, incase there are any problems, and not being "on your own" when something goes south. 🙂 That being said, it doesn't neccesarily need to be some large network installation. Just an MR ap would probably suffice. More, if you need a larger coverage, and perhaps a small MS120-8P switch.

rbnielsen

Have you verified the IP addressing from the ISP? That it is correct on their end?

rbnielsen

There are no wireless capabilities on an MS250-24P switch. You configure 802.1x, by navigating to Switch -> Access Policies, and configure the radius server. Afterwards, navigate to Switch -> Switch Ports, select the ports you wish to configure, and click Edit. Then on the drop-down on Access Policies, you select the Access Policy you created earlier. More about Access Policies and 802.1x can be seen here; https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X) Edit; hah - I'm too slow. xD

rbnielsen

I was just curious to see if could be something with the negotiated bitrate and modulation schemes jumping up and down. Setting to minimum bitrate of 12, disables legacy modulation schemes which could induce some interference. However, this could also result in reduced coverage, since it will require a higher SNR. On the other hand, allowing the lower bitrates will also make your Wifi coverage larger and more robust, enabling you to keep a connection with a lower SNR. Pros and cons. 🙂 Have you tried setting up an iPerf server, and measure throughput that way?

rbnielsen

Copy the working radio profile, and move alle the APs to the new profile. Then tweak the new profile. Assuming you haven't already, move the Minimum Bitrate slider to 12, to disallow all legacy bitrates, and see if that changes anything. Make sure to set Band selection to Per AP in the Profile -> General section. If you get more issues, you can just move the APs back to the original Radio Profile.

rbnielsen

Have you applied a custom radio profile? How is it conifgured?

rbnielsen

Instead of using the megaproxy, just use api.meraki.com. I know it's there, but I have not seen anyone officially using it.

rbnielsen

Community Record

Badges