- About PhilipDAth
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
PhilipDAth
Kind of a big deal
Member since Aug 26, 2017
Online
Community Record
4983
Posts
2478
Kudos
347
Solutions
Badges
yesterday
According to the specs those antennas (in the 2.4Ghz band) throw out a lot of signal "left and right" (blue line) but not much directly down. So most of your RF energy is probably being lost providing coverage in the roof in itself. Note the special install instructions for these antenna that say they must be mounted with the cables towards the ground ("Install the antenna vertically and mount it with the cables pointing towards the ground"). https://www.cisco.com/c/en/us/td/docs/wireless/antenna/installation/guide/ant2544v4m-r.html This is not the correct antenna for you - but contrast this with a sector antenna, and you can see how you can direct most of your RF signal down to the ground. This example is a 2.4Ghz antenna with 11dBi of gain. https://meraki.cisco.com/products/wireless/antennas-power#sector-antenna-11 Is there any way you could put them on poles attached to the roof to lower them? Having antennas 30ft to 60ft above wear the coverage is required burns a lot of the RF signal strength up straight away. Would it be possible to mount some of the antennas to a wall rather than the roof to lower their height? Note with those antennas you would need to keep their current orientation so you would need some kind of bracket to mount them at a right angle to a wall. If the antennas could be kept at the same height you would think the proposed layout would be an improvement. If the height is increased though (such as an 'A' frame roof) then things could be worse. I think I would be tempted to splash out and get a predictive site survey done. If you do, make sure whoever is doing it loads in the heights of everything. The heights will make a big difference to the results in this case.
... View more
yesterday
I would be tempted to look at the Splash Access "Business Co-working" solution. https://www.splashaccess.com/splashaccess-co-working-office/ This allows you to have one SSID but put each group of users into their own seperate VLANs. It allows them to roam all over the complex as a result. You can achieve the same thing using group policy - but you'll need to assign the group policy to each client device before they can use it.
... View more
Friday
There isn't really a user group policy. It is only ever applied to a device. A user logs into device "x" and the group policy gets applied to that device. So the admin would take priority because it would replace any other group policy that was previsouly applied to that device.
... View more
Friday
Lets assume we are only talking about IPv4. You can block ARP spoofing. Snooping is a different matter. ARP queries are sent as a broadcast. They go out every port in the VLAN that the host belongs to. This is fundamental to ARP and there is no way to stop this. So if you sit their with a packet sniffer you'll evenually capture enough ARP traffic to build up a list of (MAC,IP Address) combinations. If you *really* want to stop ARP snooping put every port into its own seperate VLAN and use /30 stubs.
... View more
Friday
That is exactly right. I would describe Azure MFA as only "just" capable of such configurations. The debugging is poor to non-existant. There are few configurable options. But it does work.
... View more
Thursday
I don't like mixing different WiFi technologies within a single site, especially if a client can see both the old and new technolgy at the same time. I've had issues in the past with clients trying to connect to newer technology APs when the conditions are bad rather than using the older AP next to them. So that precluded me from using the MR55's at HQ. The MR55's should ideally be plugged into MGig switches. So that precluded me from re-locating the MS355 switches. The MR67W has an 802.11ac AP, while the MR18 is 802.11n. So I preferred the newer technology. So all of my sites had a minimum of 802.11ac. I considered re-locating the web server, but I didn't know what it is for. Sometimes if you are doing heavy data processing you want the data local to the site. For example, I have a customer in the print industry. Customers can upload files many hundreds of meagbytes. They then transfer these to the local rasterisers and then to the local printers.
... View more
Thursday
The MX72 needs 802.3at power, so make sure the HP switch is 802.3at. When you log into the Meraki Dashboard you can go "Help/Firewall Rules" in the top right hand corner. That will give you the rules to configure on your Sophos firewall.
... View more
Thursday
Which regard to GPS - no. This is completely up to the device. You can ask a device to refresh its location though from the Meraki dashboard.
... View more
Thursday
You will need to make contact with your local Merkai sales rep. Their is an internal "Country of Origin" tool that have access to which will answer this question.
... View more
Thursday
3 Kudos
That was quite an involved challenge requiring a lot of knowledge about various Meraki products and their capabilities and network topology as well. Thanks for the acknowledgement.
... View more
Thursday
I don't agree @rbnielsen. A domain validated certificated is just that - domain validated only. You can do this manually, or you can do it programatically (which Lets Encrypt does) - but it is that level of validation that establishes the security or safety of the system, and not weather a user proceses the request themselves via a website or a program does. Probably the biggest plus with Lets Encrypt is that it only issues certificates for 3 months. This is a huge step forward for security when a breach or theft occurrs, as it sets the maximum time scope. It's like a password change policy. The old human issues certificates can be issued for up to 2 years - 8 times longer.
... View more
Thursday
1 Kudo
The other big issue is the iPad Touch doesn't have a GPS chip - so it can't report its real location. It uses a simulated system of which SSID it is connected to and which public IP it is connecting to the cloud from to "guess" its location, but this is not something you could rely on down to a single building.
... View more
Thursday
1 Kudo
With Cisco Enterprise kit the management plane is used to intiate connections into the device and control it. It can often bve unecrypted using telnet and SNMP v1 or v2c. Also anyone having dirtect access can attempt a DOS attack and prevent you getting into your own kit. So there is some good reason to protect this. Meraki kit uses an encrypted outbound stream to the Meraki cloud. So I don't personally bother with a seperate management network. You can also disable the Meraki local status page to further protection. The only special exception you could consider is when using SSIDs with WPA2-Enterprise mode. However a feature was recently added to allow RADIUS traffic to be sent over a seperate VLAN. Personally I tend to use the one VLAN. Changing the native VLAN is mostly related to preventing VLAN hopping attacks. If this is of a concern you should use a different native VLAN on trunk ports between switches. For safety, this should be a VLAN not in use in the network. You want every valid VLAN to be tagged between switches. You don't really need to use it in other places. Personally, I wouldn't worry about it.
... View more
Thursday
Was this matched by high throughput on the circuit as well? I'm going to guess some machine was thrashing the circuit. That's the most common cause. If you catch it shortly afterwards you can try looking at the 2 hour client view to see if one client stood out.
... View more
Thursday
There is no way to do triangulation with only 2 APs. You would only get a very rough fix.
... View more
Thursday
1 Kudo
You don't so much as import or sync owners - but the devices can authenticte against Azure AD, and then you see those owners in the Systems Manager portal. We set it up using the first link you supplied. We have only used it with modern Android devices.
... View more
Thursday
105m is a long way for an MR18. Does the MR66 have some kind of focused antenna to help? What does the event log say? Anything interesting in Wireless Health?
... View more
Thursday
1 Kudo
Meraki should trust LetsEncrypt. Their CA is dual signed by someone else who I can't remember as well, so it really should be trusted. Maybe try using SSL tester to make sure it isn't something dumb like a weak hash for weak cipher is being used. https://www.ssllabs.com/ssltest/
... View more
Wednesday
You wont be able to work this out yourself. You'll need to open a support case, tell them what you are doing, and ask for: Total number of bytes on the WAN interface Total number of packets on the WAN interface. Then divide total bytes by total packets to get the average packet size.
... View more
Wednesday
You need to update your firewall rules to those listed for the APs to work in all cases.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 81 | Thursday | |
| 51 | Thursday | |
| 104 | Thursday | |
| 48 | Wednesday | |
| 33 | Tuesday | |
| 85 | Monday | |
| 57 | a week ago | |
| 202 | a week ago | |
| 75 | a week ago | |
| 75 | 2 weeks ago |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 32 | 4287 | |
| 23 | 4963 | |
| 22 | 9800 | |
| 19 | 21861 | |
| 14 | 4519 |
