Meraki

PhilipDAth · ‎Mar 13 2018

I presume you are only using the DSL for backup, not load balancing. Unless you are doing QoS on your outbound traffic (like for VoIP) you might as well just set the sliders to their maximum values.

PhilipDAth · ‎Mar 13 2018

Why would you use a third party monitoring system when you have excellent monitoring built into the dashboard? That's like taking "Meraki Simple", and then complicating it.

PhilipDAth · ‎Mar 13 2018

@Adam did you know that NPS allows you to specify a prefix instead of an IP address? For example, instead of adding an AP with the IP address 192.168.1.12, you can add every AP with a single line like 192.168.0.0/16? This is what I usually do for clients, then you can leave all the APs on DHCP.

PhilipDAth · ‎Mar 13 2018

The AP will never run at 4x4 because there are no 4x4 clients to request this. Most clients are 2x2 with the odd 3x3. The best you'll get is it using four radios when talking to a 2x2 client using diversity.

PhilipDAth · ‎Mar 13 2018

You will also note in the link you provided that the numbers have a little * with the comment "This is the power required at the PSE, which is a switch or injector.". Injectors (at least none that I have seen) don't support dynamic power negotiation. So these are the worst case numbers, not the minimum power consumption.

PhilipDAth · ‎Mar 13 2018

The AP and the switch you are using support dynamic power negotiation. As such, the actual power consumed will depend on the AP requirements - which will vary by load, client type and client connection parameters. I bet you looked at this when the AP was sitting idle. I bet once a bunch of machines are using the AP for actual data throughput on both the 2.4Ghz and 5Ghz radios that this number will jump a lot.

PhilipDAth · ‎Mar 12 2018

There is something additional at play here. The switch says it supports 802.3at (aka 30W). These are my thoughts: * Cisco enterprise AP's ship with the radios disabled. Perhaps they have not been enabled? * You have exceeded the power budget of the MS220. If you only plug in the AP (and no other PoE devices) does it work?

PhilipDAth · ‎Mar 12 2018

My guess is - especially if this is a "fresh" AP - that it will be doing a firmware upgrade. I suspect if you plug them all in the day before and leave them they will be ok at install time. Next question - why use static IP addresses for AP's - that seems very old school?

PhilipDAth · ‎Mar 11 2018

@CarolineS sent out some awesome swag this month, including this Aurabox. Thanks @CarolineS I can't wait for it to finish charging so I can have a play with it.

PhilipDAth · ‎Mar 10 2018

First, the MX BGP support is only for AutoVPN routes, so it can't be used for this scenario: https://documentation.meraki.com/MX-Z/Networks_and_Routing/BGP So assuming you have your own public prefix and public ASN, you are probably going to want to use the 4331 and have it do the BGP for you. The other alternative is to not use BGP. To simply have each ISP statically route your public prefix down the respective circuit, and to distribute this static prefix into BGP at each of their ends. Then you can use the MX load balancing option to control which circuit is being used. https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferences Using the 4331 will give you the most control - by far. I would probably go with the 4331 option if it was me.

PhilipDAth · ‎Mar 9 2018

In fact, a tick box for "Antivirus Compliant" would also be good!

PhilipDAth · ‎Mar 9 2018

Currently when running Systems Manager on a PC you can add a column to the dashboard to display weather the machine is compromised or not. This is retrieved from the Windows Security Centre. This can be updated by the built in Windows Defender, or about a million different antivirus vendors (maybe even Cisco AMP for Endpoints ....). Currently you can create a policy to make sure antivirus is running and that antimalware is installed - but not weather a machine is compromised. Adding this "tick box" (for information already being collected) would allow a Meraki network to automatically respond to compromised machines using group policy (such as "chop the machine off", or perhaps limit it to only talk to an antivirus server for updates, or maybe only talk to a server that contains a "cleaning" system). This one extra "tick box" would simplify the handling of compromised computers automatically using really powerful security technology that already exists, which would free companies to focus on their mission instead of compromised computers (there might be some plagiarism there).

PhilipDAth · ‎Mar 9 2018

You should be able to log into the Meraki partner portal: http://www.merakipartners.com/ Then go to the "training" tab, click on "CMNA", and near the top is usually a link to download your certificate.

PhilipDAth · ‎Mar 9 2018

I think (and could be wrong) that this is a Linux 19 digit time stamp - which allows you to specify times down to a nanosecond.

PhilipDAth · ‎Mar 8 2018

There is actually a new "no-nat" mode of operation coming out (I don't think it is released yet). If you ask support they might enable this option for you. This allows you to turn the MX into a router.

PhilipDAth · ‎Mar 7 2018

No matter what in AWS it will have to run through NAT. AutoVPN manages the setup of its VPNs through NAT automatically. They call it "Meraki Simple".

PhilipDAth · ‎Mar 7 2018

Yes the MS250 will be able to connect. To guarantee you have no support issues you would need to use fibre (10GbeSR) But I suspect either the HP or the Meraki TwinAx 3m cable will be 99% likely to work. If you are using 10GBaseT you could also consider using the MS350-24X, which includes 8 x MGig ports. MGig ports also do 10GBaseT. https://meraki.cisco.com/products/switches/ms350-24x Also note you really want to be using SFP+ to connect servers, rather than 10GBaseT. 10GBaseT has about 100 times more latency than SFP+, and this will impact anything that does lots of transactions, like databases and storage.

PhilipDAth · ‎Mar 7 2018

How do you know the current networks are not combined already? You might be able to just add the switches.

PhilipDAth · ‎Mar 6 2018

I believe this is resolved in the 10.16 code - but I have not tested this myself.

PhilipDAth · ‎Mar 6 2018

Only the MR53 and above have two interfaces, and they are only used to increase the bandwidth to the AP using channelling/bonding. https://documentation.meraki.com/MR/Installation_Guides/MR52%2F%2F53_Installation_Guide#Ethernet_Ports They can not be used to separate traffic between SSIDs.

PhilipDAth · ‎Mar 5 2018

Sorry to hear that @BlakeRichardson, but we will al look forward to seeing you come back later.

PhilipDAth · ‎Mar 5 2018

The smallest MX64 can do 200/200 so your box is definitely capable. How are you measuring the speed?

PhilipDAth · ‎Mar 5 2018

Thanks for that great information!!!

PhilipDAth · ‎Mar 5 2018

@Adam, while I was at Masters I also asked all the product teams to make their devices create an event log entry for when they are rebooted (and by whom). Then at least you can tel the difference between a manually initiated reboot, and an unexpected outage.

PhilipDAth · ‎Mar 5 2018

@Adam is right. 1:many NAT is 99% likely to break a SIP trunk through to a PABX. You definitely want to use 1:1 NAT. Or better yet, use SIP registration instead of a SIP trunk and then it pretty much becomes a non-issue.

About PhilipDAth

PhilipDAth

Philip D'Ath

Community Record

Badges