The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About GlenW70
GlenW70

GlenW70

Here to help

Member since Dec 5, 2017

‎06-22-2022
Kudos from
User Count
Maarten-Jan
Maarten-Jan
1
SonNguyen
SonNguyen
1
cmr
Kind of a big deal cmr
1
BeckerIT
BeckerIT
1
Roska
Roska
1
View All
Kudos given to
User Count
Welles
Welles
1
View All

Community Record

12
Posts
20
Kudos
0
Solutions

Badges

1st Birthday
First 5 Posts
First 10 Kudos
Lift-Off
Points Contest - Apr 2020 View All
Latest Contributions by GlenW70
  • Topics GlenW70 has Participated In
  • Latest Contributions by GlenW70

Re: List of all Meraki Device hostnames and IP addresses

by GlenW70 in Dashboard & Administration
‎03-24-2021 02:02 PM
‎03-24-2021 02:02 PM
Is this the proper method to export the dynamic DNS name assigned to the device too? I need this for all of our MX devices. ... View more

Re: SD WAN Policies

by GlenW70 in Security / SD-WAN
‎12-15-2020 02:42 PM
‎12-15-2020 02:42 PM
OK have solution  You must have active/active tunnels enable for this to work (thinking about it makes sense otherwise you'd only have single tunnel to use) We also had a back end change made to our dashboard long ago that disabled active/active regardless of what GUI showed. Support was able to adjust the override in our dashboard (now that GUI works properly) After doing that AND enabling active/active VPN and doing a full refresh on page we see VPN flow preferences! ... View more

Re: SD WAN Policies

by GlenW70 in Security / SD-WAN
‎12-14-2020 03:04 PM
‎12-14-2020 03:04 PM
I too am seeing this condition. Latest stable firmware  MX  14.53 We have ~150 MX60/64s None are showing the SD-WAN policies Only IP Flow Preferences. Our standard configuration is to prefer WAN1 and only use WAN2 in a failover mode. I have tested enabling load-balancing and active-active VPN to see if any change but none. I do have a pair of MX84 in Asia and they DO have the proper options but are only network I can find that does. Opened case with Meraki and they are coming up empty initially and continue to research. ... View more

Re: AutoVPN and applications

by GlenW70 in Security / SD-WAN
‎12-14-2020 02:47 PM
‎12-14-2020 02:47 PM
Yes I believe you are correct.  If you flows are purely internet based you can define the "match filter" and route traffic over your preferred uplink. Flow Preferences By default (without load balancing), internet-bound traffic will flow out of the MX's primary uplink. The MX can also be configured to send traffic out of a specific interface based on the traffic type (policy-based routing), or based on the link quality of each uplink (performance-based routing). Flow preferences can be configured to define which uplink a given flow should use. Flow preferences will also supersede load balancing decisions.    https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferences   ... View more

Re: Wireless authentication based on Domain Joined machines only

by GlenW70 in Wireless LAN
‎06-24-2020 04:30 PM
‎06-24-2020 04:30 PM
We are working towards this solution today for a couple of reasons. 1) When a laptop gets patched and rebooted today it does not reconnect to the network (assuming it was only wifi connected) until a user interactively logs on.  With COVID keeping folks out of many offices for weeks or months on end this has been problematic 2) When an IT person attempts to logon to a laptop via wireless (currently using RADIUS with NPS to AD) that logon fails because there is no network connection until after successful login (exception being cached credentials).  This is a pain for IT and forces them to connect wired before then can even start their work. 3) If you have any sort of logon script or any other processing that should happen at logon this doesn't work properly either (cart before the horse)   To mitigate some of the concerns mentioned above our AD team uses LAPS to automate local admin account password changes every month and each one is stored in a secure server that requires multi factor auth to logon to. We also encrypt the drives of all mobile device making boot disks and other ways to reset the local accounts very difficult.   Lastly, we are using 2 AD groups one that we can add devices we want to deny (policy 1) and the other those we want to permit (unsure but could ultimately be domain computers with exceptions weeded out in policy 1) in policy 2.   Hope this helps.  Also, good luck with setting this up.  I have found MANY different articles and approaches on this.  Many focus on the user auth side.  The machine auth is more complicated and there isn't a single recipe for success I've found so far anyway. ... View more

Layer 2 (bridge) remote needs for WFH or other applications

by GlenW70 in Meraki Projects Gallery
‎03-26-2020 10:09 AM
16 Kudos
‎03-26-2020 10:09 AM
16 Kudos
I have been using the MR30H in a somewhat unique configuration for a while and thought I'd share the application to see if others have similar needs.  Most of you probably know the MR access points have a feature called Teleworker VPN that allows you to create a dynamic VPN tunnel to an MX and "bridge" that network remotely.  This is a cool feature and works great for wireless devices.  Unfortunately, not everything we use is wireless (I do believe it may be possible to use a MR in mesh mode and reuse a single ethernet port on it for this purpose but I've not tried that).  If you need a solution for wired with more than 1 port (like I did/do) you might want to read the rest of this post.   My first application for this solution (wired / bridged Teleworker VPN) was a mobile food truck that we needed a cash register connected to a physical restaurant POS server but the register had to be on the same subnet as the POS server.  Even though the MR30H is an AP it also have 4 integrated switch ports.  You can assigned each of those to a VLAN and link that VLAN to an SSID (even if you aren't using WiFi at all - which in my case I'm not).  You can then use the MR configuration to create a Teleworker VPN tunnel to an MX at the site in question and tunnel that VLAN to the physical site.  In my design I'm doing this with 3 different VLANs (register, guest wifi and security camera).  This works from DHCP/BootP/, to ARP and right up the OSI model.  This was a requirement for our vendors application as well as a bonus to have a single MX firewall ruleset to manage and content filters to monitor.  Plus an MR30H is less expensive than an MX64 and it, unfortunately, cannot do L2 VPN.  Lastly, we paired this with a Cradlepoint device with dual, auto switching carriers to provide connectivity from all over Maui. Hi. area.   With COVID stay at home restrictions we had to move some or our retail lab out to employees homes.  Once again we had another scenario where for test applications and firewall rules (source IPs, L2 adjacency requirements, etc) this solution was our best option. The only caveat to this design is you MUST have an MX in the VLAN you want to extend the L2 connectivity to.     I wish Meraki would add this L2 functionality to MX devices too (future?) ... View more
Labels:
  • Security & SD-WAN (MX)
  • Wireless LAN (MR)

Re: WIFI MAC Whitelisting breaks

by GlenW70 in Wireless LAN
‎03-26-2020 09:17 AM
2 Kudos
‎03-26-2020 09:17 AM
2 Kudos
Support was able to fix this for us. It is an engineering change made behind the scenes If you have a similar issue you could ask support to reference our case 04537743 ... View more

Re: WIFI MAC Whitelisting breaks

by GlenW70 in Wireless LAN
‎12-13-2019 08:32 AM
‎12-13-2019 08:32 AM
Hi Kegan,   Yes we currently have 2 sites experiencing the issue. Our case number is  04537743. Site #3 is all MR42s and MR70s Site #14 is all MR42s and MR70s In both sites we have 3 or 4 fully functional devices but 1 device (iPad pro in both locations) that will not respond to whitelisting. In each of the sites we've gone so far as to replace the device and testing in site 3 shows no change. Both are broken now (since nobody at support has been able to solve our issue) so replicating the issue is very easy for us right now.   I am happy to assist with beta or patch if you think it could help.   Please let me know how I can contribute. ... View more

Re: WIFI MAC Whitelisting breaks

by GlenW70 in Wireless LAN
‎12-12-2019 11:44 AM
‎12-12-2019 11:44 AM
We are experiencing this same issue at 2 sites Does anyone have an update on this? I have 2 tickets open with Meraki support but nobody is claiming to know about a back end issue. ... View more

Re: Bad Internet Connectionon vMX100

by GlenW70 in Security / SD-WAN
‎11-25-2019 04:37 PM
‎11-25-2019 04:37 PM
I ran into a similar problem In my case we had and ASA fronting the MX100 and it wasn't configured to allow the outbound ICMP echos to 8.8.8.8. Once I added this rule the status went green and the connectivity line changed from gold to green. ... View more

Re: Happy New Year! What are your Network Resolutions?

by GlenW70 in Community Announcements
‎01-08-2019 03:28 PM
1 Kudo
‎01-08-2019 03:28 PM
1 Kudo
We have ~160 sites that are full stack Meraki implementations. Unfortunately, we weren't able to roll out using templates early on because of some limitation on specifying IP schema and other issues.  Because of this, we have to clone and existing site and modify.  This give us little centralized control for mass deploying changes (especially firewall rules) This year I hope to migrate to templates for MX appliances. ... View more

Re: Please introduce yourself

by GlenW70 in Community Tips & Tricks
‎12-05-2017 09:49 AM
1 Kudo
‎12-05-2017 09:49 AM
1 Kudo
Hi I'm Glen Warn and I'm a sr. network architect for Tommy Bahama (retailer) based in Seattle.  We operate ~160 stores and outlets in the US, Canada, & Puerto Rico.  We leverage Meraki MX, MS and MR devices at all of our retail locations and couple them with Cradlepoint devices for cellular backup.  Looking forward to working with community knowledge base. ... View more
Kudos from
User Count
Maarten-Jan
Maarten-Jan
1
SonNguyen
SonNguyen
1
cmr
Kind of a big deal cmr
1
BeckerIT
BeckerIT
1
Roska
Roska
1
View All
Kudos given to
User Count
Welles
Welles
1
View All
My Top Kudoed Posts
Subject Kudos Views

Layer 2 (bridge) remote needs for WFH or other applications

Meraki Projects Gallery
16 1930

Re: WIFI MAC Whitelisting breaks

Wireless LAN
2 4859

Re: Happy New Year! What are your Network Resolutions?

Community Announcements
1 18497

Re: Please introduce yourself

Community Tips & Tricks
1 42673
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki