- About GlenW70
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Community Record
8
Posts
17
Kudos
0
Solutions
Badges
06-24-2020
04:30 PM
We are working towards this solution today for a couple of reasons. 1) When a laptop gets patched and rebooted today it does not reconnect to the network (assuming it was only wifi connected) until a user interactively logs on. With COVID keeping folks out of many offices for weeks or months on end this has been problematic 2) When an IT person attempts to logon to a laptop via wireless (currently using RADIUS with NPS to AD) that logon fails because there is no network connection until after successful login (exception being cached credentials). This is a pain for IT and forces them to connect wired before then can even start their work. 3) If you have any sort of logon script or any other processing that should happen at logon this doesn't work properly either (cart before the horse) To mitigate some of the concerns mentioned above our AD team uses LAPS to automate local admin account password changes every month and each one is stored in a secure server that requires multi factor auth to logon to. We also encrypt the drives of all mobile device making boot disks and other ways to reset the local accounts very difficult. Lastly, we are using 2 AD groups one that we can add devices we want to deny (policy 1) and the other those we want to permit (unsure but could ultimately be domain computers with exceptions weeded out in policy 1) in policy 2. Hope this helps. Also, good luck with setting this up. I have found MANY different articles and approaches on this. Many focus on the user auth side. The machine auth is more complicated and there isn't a single recipe for success I've found so far anyway.
... View more
03-26-2020
10:09 AM
13 Kudos
I have been using the MR30H in a somewhat unique configuration for a while and thought I'd share the application to see if others have similar needs. Most of you probably know the MR access points have a feature called Teleworker VPN that allows you to create a dynamic VPN tunnel to an MX and "bridge" that network remotely. This is a cool feature and works great for wireless devices. Unfortunately, not everything we use is wireless (I do believe it may be possible to use a MR in mesh mode and reuse a single ethernet port on it for this purpose but I've not tried that). If you need a solution for wired with more than 1 port (like I did/do) you might want to read the rest of this post. My first application for this solution (wired / bridged Teleworker VPN) was a mobile food truck that we needed a cash register connected to a physical restaurant POS server but the register had to be on the same subnet as the POS server. Even though the MR30H is an AP it also have 4 integrated switch ports. You can assigned each of those to a VLAN and link that VLAN to an SSID (even if you aren't using WiFi at all - which in my case I'm not). You can then use the MR configuration to create a Teleworker VPN tunnel to an MX at the site in question and tunnel that VLAN to the physical site. In my design I'm doing this with 3 different VLANs (register, guest wifi and security camera). This works from DHCP/BootP/, to ARP and right up the OSI model. This was a requirement for our vendors application as well as a bonus to have a single MX firewall ruleset to manage and content filters to monitor. Plus an MR30H is less expensive than an MX64 and it, unfortunately, cannot do L2 VPN. Lastly, we paired this with a Cradlepoint device with dual, auto switching carriers to provide connectivity from all over Maui. Hi. area. With COVID stay at home restrictions we had to move some or our retail lab out to employees homes. Once again we had another scenario where for test applications and firewall rules (source IPs, L2 adjacency requirements, etc) this solution was our best option. The only caveat to this design is you MUST have an MX in the VLAN you want to extend the L2 connectivity to. I wish Meraki would add this L2 functionality to MX devices too (future?)
... View more
03-26-2020
09:17 AM
2 Kudos
Support was able to fix this for us. It is an engineering change made behind the scenes If you have a similar issue you could ask support to reference our case 04537743
... View more
12-13-2019
08:32 AM
Hi Kegan, Yes we currently have 2 sites experiencing the issue. Our case number is 04537743. Site #3 is all MR42s and MR70s Site #14 is all MR42s and MR70s In both sites we have 3 or 4 fully functional devices but 1 device (iPad pro in both locations) that will not respond to whitelisting. In each of the sites we've gone so far as to replace the device and testing in site 3 shows no change. Both are broken now (since nobody at support has been able to solve our issue) so replicating the issue is very easy for us right now. I am happy to assist with beta or patch if you think it could help. Please let me know how I can contribute.
... View more
12-12-2019
11:44 AM
We are experiencing this same issue at 2 sites Does anyone have an update on this? I have 2 tickets open with Meraki support but nobody is claiming to know about a back end issue.
... View more
11-25-2019
04:37 PM
I ran into a similar problem In my case we had and ASA fronting the MX100 and it wasn't configured to allow the outbound ICMP echos to 8.8.8.8. Once I added this rule the status went green and the connectivity line changed from gold to green.
... View more
01-08-2019
03:28 PM
1 Kudo
We have ~160 sites that are full stack Meraki implementations. Unfortunately, we weren't able to roll out using templates early on because of some limitation on specifying IP schema and other issues. Because of this, we have to clone and existing site and modify. This give us little centralized control for mass deploying changes (especially firewall rules) This year I hope to migrate to templates for MX appliances.
... View more
12-05-2017
09:49 AM
1 Kudo
Hi I'm Glen Warn and I'm a sr. network architect for Tommy Bahama (retailer) based in Seattle. We operate ~160 stores and outlets in the US, Canada, & Puerto Rico. We leverage Meraki MX, MS and MR devices at all of our retail locations and couple them with Cradlepoint devices for cellular backup. Looking forward to working with community knowledge base.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 13 | 749 | |
| 2 | 857 | |
| 1 | 9321 | |
| 1 | 11473 |
