Meraki

Community

About GlenW70

Re: List of all Meraki Device hostnames and IP addresses

by in Dashboard & Administration
‎Mar 24 2021 2:02 PM
‎Mar 24 2021 2:02 PM
Is this the proper method to export the dynamic DNS name assigned to the device too? I need this for all of our MX devices. ... View more

Re: SD WAN Policies

by in Security & SD-WAN
‎Dec 15 2020 2:42 PM
‎Dec 15 2020 2:42 PM
OK have solution  You must have active/active tunnels enable for this to work (thinking about it makes sense otherwise you'd only have single tunnel to use) We also had a back end change made to our dashboard long ago that disabled active/active regardless of what GUI showed. Support was able to adjust the override in our dashboard (now that GUI works properly) After doing that AND enabling active/active VPN and doing a full refresh on page we see VPN flow preferences! ... View more

Re: SD WAN Policies

by in Security & SD-WAN
‎Dec 14 2020 3:04 PM
‎Dec 14 2020 3:04 PM
I too am seeing this condition. Latest stable firmware  MX 14.53 We have ~150 MX60/64s None are showing the SD-WAN policies Only IP Flow Preferences. Our standard configuration is to prefer WAN1 and only use WAN2 in a failover mode. I have tested enabling load-balancing and active-active VPN to see if any change but none. I do have a pair of MX84 in Asia and they DO have the proper options but are only network I can find that does. Opened case with Meraki and they are coming up empty initially and continue to research. ... View more

Re: AutoVPN and applications

by in Security & SD-WAN
‎Dec 14 2020 2:47 PM
‎Dec 14 2020 2:47 PM
Yes I believe you are correct.  If you flows are purely internet based you can define the "match filter" and route traffic over your preferred uplink. Flow Preferences By default (without load balancing), internet-bound traffic will flow out of the MX's primary uplink. The MX can also be configured to send traffic out of a specific interface based on the traffic type (policy-based routing), or based on the link quality of each uplink (performance-based routing). Flow preferences can be configured to define which uplink a given flow should use. Flow preferences will also supersede load balancing decisions.    https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferences   ... View more

Re: Wireless authentication based on Domain Joined machines only

by in Wireless
‎Jun 24 2020 4:30 PM
‎Jun 24 2020 4:30 PM
We are working towards this solution today for a couple of reasons. 1) When a laptop gets patched and rebooted today it does not reconnect to the network (assuming it was only wifi connected) until a user interactively logs on.  With COVID keeping folks out of many offices for weeks or months on end this has been problematic 2) When an IT person attempts to logon to a laptop via wireless (currently using RADIUS with NPS to AD) that logon fails because there is no network connection until after successful login (exception being cached credentials).  This is a pain for IT and forces them to connect wired before then can even start their work. 3) If you have any sort of logon script or any other processing that should happen at logon this doesn't work properly either (cart before the horse)   To mitigate some of the concerns mentioned above our AD team uses LAPS to automate local admin account password changes every month and each one is stored in a secure server that requires multi factor auth to logon to. We also encrypt the drives of all mobile device making boot disks and other ways to reset the local accounts very difficult.   Lastly, we are using 2 AD groups one that we can add devices we want to deny (policy 1) and the other those we want to permit (unsure but could ultimately be domain computers with exceptions weeded out in policy 1) in policy 2.   Hope this helps.  Also, good luck with setting this up.  I have found MANY different articles and approaches on this.  Many focus on the user auth side.  The machine auth is more complicated and there isn't a single recipe for success I've found so far anyway. ... View more

Layer 2 (bridge) remote needs for WFH or other applications

by in Meraki Projects Gallery
‎Mar 26 2020 10:09 AM
17 Kudos
‎Mar 26 2020 10:09 AM
17 Kudos
I have been using the MR30H in a somewhat unique configuration for a while and thought I'd share the application to see if others have similar needs.  Most of you probably know the MR access points have a feature called Teleworker VPN that allows you to create a dynamic VPN tunnel to an MX and "bridge" that network remotely.  This is a cool feature and works great for wireless devices.  Unfortunately, not everything we use is wireless (I do believe it may be possible to use a MR in mesh mode and reuse a single ethernet port on it for this purpose but I've not tried that).  If you need a solution for wired with more than 1 port (like I did/do) you might want to read the rest of this post.   My first application for this solution (wired / bridged Teleworker VPN) was a mobile food truck that we needed a cash register connected to a physical restaurant POS server but the register had to be on the same subnet as the POS server.  Even though the MR30H is an AP it also have 4 integrated switch ports.  You can assigned each of those to a VLAN and link that VLAN to an SSID (even if you aren't using WiFi at all - which in my case I'm not).  You can then use the MR configuration to create a Teleworker VPN tunnel to an MX at the site in question and tunnel that VLAN to the physical site.  In my design I'm doing this with 3 different VLANs (register, guest wifi and security camera).  This works from DHCP/BootP/, to ARP and right up the OSI model.  This was a requirement for our vendors application as well as a bonus to have a single MX firewall ruleset to manage and content filters to monitor.  Plus an MR30H is less expensive than an MX64 and it, unfortunately, cannot do L2 VPN.  Lastly, we paired this with a Cradlepoint device with dual, auto switching carriers to provide connectivity from all over Maui. Hi. area.   With COVID stay at home restrictions we had to move some or our retail lab out to employees homes.  Once again we had another scenario where for test applications and firewall rules (source IPs, L2 adjacency requirements, etc) this solution was our best option. The only caveat to this design is you MUST have an MX in the VLAN you want to extend the L2 connectivity to.     I wish Meraki would add this L2 functionality to MX devices too (future?) ... View more

Re: Happy New Year! What are your Network Resolutions?

by in Community Announcements
‎Jan 8 2019 3:28 PM
1 Kudo
‎Jan 8 2019 3:28 PM
1 Kudo
We have ~160 sites that are full stack Meraki implementations. Unfortunately, we weren't able to roll out using templates early on because of some limitation on specifying IP schema and other issues.  Because of this, we have to clone and existing site and modify.  This give us little centralized control for mass deploying changes (especially firewall rules) This year I hope to migrate to templates for MX appliances. ... View more

Re: Please introduce yourself

by in Community Tips & Tricks
‎Dec 5 2017 9:49 AM
1 Kudo
‎Dec 5 2017 9:49 AM
1 Kudo
Hi I'm Glen Warn and I'm a sr. network architect for Tommy Bahama (retailer) based in Seattle.  We operate ~160 stores and outlets in the US, Canada, & Puerto Rico.  We leverage Meraki MX, MS and MR devices at all of our retail locations and couple them with Cradlepoint devices for cellular backup.  Looking forward to working with community knowledge base. ... View more
© 2025 Cisco Systems, Inc.