About PhilipDAth

PhilipDAth

The simplest solution would be to use an MX at each of your main offices, and layer 2 switches. Use the MX to do all the routing. When the MX can see the mac address of the clients it maximises the features you can use such as per device group policy. It will also reduce complexity as you only have a single device doing layer 3. The other offices can remain as they are. Failing that, yes you can use layer 3 switches and MX. This is an example of what you want to do, except the "legacy router" would be your MPLS router. https://documentation.meraki.com/MS/Layer_3_Switching/Layer_3_Switch_Example

PhilipDAth

At the two main offices; do they have other internal VLANs that are being routed between and if so, do you need high bandwidth routing between them?

PhilipDAth

It is pretty much impossible to do more 5 calls/second using a single threaded python script. Python is too much of a CPU sl*t to manage it. I assuming all of your networks have unique IP subnets? Why don't you create a static hash of subnet to network name so you can go directly to the correct network rather than having to scan every network.

PhilipDAth

I'm going to take a wild stab and guess it is using something like Energy Efficient Ethernet and is downshifting its speed when idle to save power, causing a link transition.

PhilipDAth

One of the big reasons why you should use antennas from the same vendor as your WiFi kit is so that you don't break the law - as @BrechtSchamp says.

PhilipDAth

Meraki does not have an SSL VPN. It does have L2TP over IPSec. https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview

PhilipDAth

What's the point of using Acclaim? I had a brief look ages ago and didn't see the benefits.

PhilipDAth

Does the camera have the correct subnet mask and default gateway?

PhilipDAth

Could anything be firewalling or blocking access to the Meraki cloud?

PhilipDAth

@Nick, I'm not sure if you have priced up that option - but (at least in my country) over three years, it is cheaper to buy a warm (or cold if you prefer) spare and keep it on site. I have never sold it as a result.

PhilipDAth

Also is this newly installed fibre, or has the fibre been installed been in for a while and used with other switches?

PhilipDAth

What grade of fibre is using used between the buildings? E,g. OS1, OS2, OM3, etc. What colour jacket is on the fibre?

PhilipDAth

No there is not.

PhilipDAth

Note that the service is not available in every area. Their is a service availability matrix your favourite Cisco reseller can check to see what options are available to you.

PhilipDAth

802.1x is an authentication framework, and EAP-TLS is a specific method. If you are using EAP-TLS then you are using 802.1x. You can continue to use EAP-TLS with an NPS server with Meraki if you like. PEAP is another specific authentication method of 802.1x. The roaming will be identical weather you use EAP-TLS or PEAP. 802.11r improves roaming by helping the client find other APs that it can roam to. 802.11r got a bad rep because of many security issues. The security issues are less severe when using it with 802.1x. I woiuld tend to use 802.11r in "Enabled" mode if you have modern devices connecting. If you have a device than can not support 802.11r then they will not be able to connect to the network. "Adaptive" mode only uses it with clients than can support it - but often not all clients that can support it. So you end up with lots of 802.11r capable clients not using 802.11r.

PhilipDAth

> Correct me if I am wrong but there is no local page to connect to cameras is there? Correct. If you have direct IP connectivity to the camera, and had started viewing it before the loss of Intrernet then I expect it should keep working. The communication is all between you and the camera in this case. You would not be able to start viewing a new camera though. That has to be setup via the cloud.

PhilipDAth

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

PhilipDAth

Note that the MX67C may need a firmware upgrade before being able to use the cellular function for the first time. So make sure you plug it into a wired connection first.

PhilipDAth

I would open a support ticket for that one.

PhilipDAth

> Suppose I have 4 identical MS225 switches around my building, if I want these switches to do my L3 routing among our various VLANs Unless there is a huge number of users around your building, I would centralise the routing on a pair of core switches and control everything from there.

PhilipDAth

I don't think so. There are no options for turning a screen off and on.

PhilipDAth

This can be caused by an MTU squeeze. Try an MTU of 1400 on your machine (reboot after changing it). You can use these instructions for Windows 7/8: https://support.zen.co.uk/kb/Knowledgebase/Changing-the-MTU-size-in-Windows-Vista-7-or-8 You may have an issue with asymmetric timing. You can try enabling timestamping with this command: netsh int tcp set global timestamps=enabled You could possibly be running an MX firmware with an issue. I would upgrade to 14.39 if you are not running it already.

PhilipDAth

You can use the Cisco Partner Locator to find someone near your area. https://www.cisco.com/go/iq-partnerlocator Parners that have the "Express Networking" specialisation have a Meraki focus. https://www.cisco.com/c/en/us/partners/partner-with-cisco/channel-partner-program/specializations/express-networking.html The chances are one of these partners will be able to help, or refer you onto to someone you can help with a Captive Portal solution.

PhilipDAth

Why don't you try going to the 14.x firmware. It is very solid.

PhilipDAth

It is likely to cause a port bounce, so I would do it when it is quiet.

PhilipDAth

Community Record

Badges