The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About MarkiP
MarkiP

MarkiP

Getting noticed

Member since Jan 9, 2020

‎05-01-2021
Kudos from
User Count
BrandonS
BrandonS
1
cmr
Kind of a big deal cmr
1
PhilipDAth
Kind of a big deal PhilipDAth
3
TalentQuest
TalentQuest
1
Allistairg1964
Allistairg1964
1
View All
Kudos given to
User Count
PhilipDAth
Kind of a big deal PhilipDAth
3
jdsilva
jdsilva
1
NolanHerring
NolanHerring
2
ww
Kind of a big deal ww
1
View All

Community Record

23
Posts
9
Kudos
2
Solutions

Badges

First 5 Posts
First Solution
Lift-Off View All
Latest Contributions by MarkiP
  • Topics MarkiP has Participated In
  • Latest Contributions by MarkiP

Re: Happy New Year! What are your Networking Resolutions?

by MarkiP in Community Announcements
‎01-08-2021 05:11 AM
‎01-08-2021 05:11 AM
Keep learning and pass the CCNP Encor exam. Replace our old switches with Meraki kit. And hopefully get outside and see some of the world on the bike 🤞 ... View more

Re: MX modifying TCP syn/reset bit?

by MarkiP in Security / SD-WAN
‎01-05-2021 12:42 PM
3 Kudos
‎01-05-2021 12:42 PM
3 Kudos
Scrap that, seems it was L7 firewall rules (geographic) that was blocking this. ... View more

MX modifying TCP syn/reset bit?

by MarkiP in Security / SD-WAN
‎01-05-2021 12:14 PM
‎01-05-2021 12:14 PM
Morning/evening all,   Had a bit of a peculiar scenario today that I would appreciate any input on.   Essentially one particular website has been failing to load today (worked fine yesterday). Page tries to load and eventually the browser times it out. Running a pcap on both the client (affects all users at the current site) and the LAN MX interface shows the same story, the TCP SYN request being sent, and a TCP Reset flagged packet received in response, this happens indefinitely. Am also unable to ping that IP which I can elsewhere, and when attempting to SSH get a connection timed out, rather than connection refused as I do elsewhere.   Running a capture on the WAN interface however shows a different story, there are only outgoing packets with the SYN bit unset, and the Reset bit set, so in essence we are just sending TCP Reset packets and receive no response.   Little bit baffled here, the website is accessible on the same IP from our other offices/home just fine so seems be to be a local issue only, have tried amending the traffic shaping to use a different uplink but no change. It seems that the MX is modifying the TCP SYN's to TCP RST's, but then where the replies are coming from I am not sure, as these do not appear on the WAN interface captures. Ran a capture on the site-to-site interfaces too but nothing.   My only possible theory at the moment is that a while back I may have tried to setup a static route to that internet IP via the MX LAN IP when testing something. And whilst it doesn't show under the route table, it may be hanging around in the background somewhere playing havoc. Tried a reboot also but that made no difference.   I will raise that with support in the morning, but would appreciate anyone's advice if they have ever come across anything similar before.    Many thanks in advance,   Mark   ... View more

Re: Blocking Adult Content in Children's Homes

by MarkiP in Switching
‎12-16-2020 02:58 AM
‎12-16-2020 02:58 AM
Just checked and this can also be done the same way if you have a Meraki router/firewall. ... View more

Re: Blocking Adult Content in Children's Homes

by MarkiP in Switching
‎12-16-2020 02:56 AM
‎12-16-2020 02:56 AM
Hi,   If you go to Wireless > Firewall and Traffic Shaping, under the section "Block applications and content categories" you can add a layer 7 firewall rule and specify hostnames to block etc. You can also specify by IP ranges if needed. ... View more

Re: Active Time Calulation

by MarkiP in Dashboard & Administration
‎05-22-2020 08:07 AM
‎05-22-2020 08:07 AM
I would take the active time with a pinch of salt, have seen other people reporting this is not 100% accurate. An installed app on a mobile or even desktop will still continue to send traffic periodically despite the firewall blocking it. ... View more

Re: Active Time Calulation

by MarkiP in Dashboard & Administration
‎05-22-2020 07:46 AM
‎05-22-2020 07:46 AM
Judging by the data usage it clearly isn't actually streaming video as you say, perhaps it could be traffic flows that are passing through the switch (DNS and TCP SYN's etc) which the Meraki switch recognises as Netflix, but are then blocked as they hit your firewall.   The flows are still present with clients trying to reach Netflix, but are simply passing through the switch then getting terminated.   Just my 2 cents on how I see it, someone may be able to confirm for definite. ... View more

Re: Meraki Auto-VPN Split Tunnelling

by MarkiP in Security / SD-WAN
‎05-20-2020 07:19 AM
‎05-20-2020 07:19 AM
Thanks for your reply.   Would this be configured with a static route under Addressing & VLANs? And for a static route to a public IP range, does it matter which subnet Gateway IP it uses?    Also, do you happen to know if traffic that matches those routes and is sent over the VPN from spoke to hub will still conform to the hub site traffic shaping rules, it must use Uplink 2 in our scenario. ... View more

Meraki Auto-VPN Split Tunnelling

by MarkiP in Security / SD-WAN
‎05-20-2020 05:45 AM
‎05-20-2020 05:45 AM
Hi all,   We have a branch site that is currently set up as a spoke with a default route to our hub main site, as that spoke site needs to send certain traffic to external/public IP addresses which are only accessible via a physical WAN connection at our hub site. Ideally however, we would like to have a split tunnel, whereby traffic to the hub subnets advertised over the Auto-VPN, as well as specific external IP address ranges are sent over the VPN, and all other traffic is sent out to the internet via the spoke site's own WAN link. The aim being to reduce load on the hub site and increase speed at the spoke site when accessing IP ranges that do not require the hub site's WAN connection, whereas currently it is either all or no traffic that can be sent over the VPN.   We had resigned ourselves to this fact, however I stumbled across the following (https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/MR_Teleworker_VPN), and it seems that this functionality is available on the MR devices, whereby you can specify the IP ranges & ports to send over the tunnel, with other traffic exiting from the local WAN link. However, it doesn't seem this is possible on the MX/Z series devices?   Could someone please confirm if this is the case or if there is any way to achieve what I state above? It does seem somewhat odd that this can be implemented on an access point, but not on a full security appliance.   Many thanks,   Mark ... View more

Re: Client VPN & tethering to iPhone

by MarkiP in Security / SD-WAN
‎03-25-2020 03:53 AM
‎03-25-2020 03:53 AM
Does the event log (Network-wide > Event Log, filter by All Non-Meraki / Client VPN) throw any light on this? ... View more

Re: SD WAN Policies

by MarkiP in Security / SD-WAN
‎03-25-2020 01:17 AM
‎03-25-2020 01:17 AM
What in particular are you trying to do?   Flow preferences are available if you click "Add a preference".   Your traffic shaping rules should be further down the page. ... View more

Re: Slow through put

by MarkiP in Full-Stack & Network-Wide
‎02-05-2020 04:06 AM
1 Kudo
‎02-05-2020 04:06 AM
1 Kudo
Hi Allistair,   Was this speed test done on a wireless client? If so, could be any number of issues such as distance from AP, interference etc.   Re DHCP-if I understand you correctly, you would want to run DHCP from the MX, you can then manage DHCP (reservations, exclusions fixed assignments etc) from the dashboard.   The MX may be NATing traffic also, so you would want to run DHCP from the MX for internal devices. ... View more

vMX as a spoke?

by MarkiP in Cloud Security / SD-WAN
‎02-05-2020 02:37 AM
‎02-05-2020 02:37 AM
Hi all,   Would be interested to know if it is possible to setup a vMX on AWS/Azure as an AutoVPN spoke site?   Use case would be to allow all traffic from the virtual machines in AWS/Azure to route to one of our hub sites and then traffic shaping rules are then applied at the hub to route this traffic over selected WAN uplinks.   Quick search suggests this probably isn't possible but would be grateful if someone could confirm this.   Many thanks,   Mark ... View more

Re: ICMP not working across switch

by MarkiP in Switching
‎02-04-2020 06:09 AM
‎02-04-2020 06:09 AM
Hi Rsahni,   Can the devices print or transfer files between themselves or is there no connectivity whatsoever?   I would check they have the correct default gateway also. ... View more

Re: ICMP not working across switch

by MarkiP in Switching
‎02-04-2020 05:54 AM
‎02-04-2020 05:54 AM
Having dealt with a similar issue this morning, my first thinking would be are the relevant ports on the correct VLAN(s)? ... View more

Re: May I ask about traffic.

by MarkiP in Security / SD-WAN
‎01-17-2020 02:03 AM
2 Kudos
‎01-17-2020 02:03 AM
2 Kudos
Unless I'm mistaken, the traffic on the Clients page includes internal network traffic (Windows file sharing etc) which may explain why this data exceeds your up-link speed. ... View more

Re: Trying to minimize Xfinity traffic or throttle it so low users dont wan...

by MarkiP in Security / SD-WAN
‎01-15-2020 07:19 AM
2 Kudos
‎01-15-2020 07:19 AM
2 Kudos
If you go to SD-WAN & Traffic Shaping, then under Traffic Shaping Rules, click add a new shaping rule.   From here you can add a definition, under "Video & Music" XfinityTV is already defined. You can then apply a bandwidth limit for this traffic (this will apply to all clients).   I suspect this will be the simplest and easiest way of achieving this. ... View more

Re: Proper method for DHCP reservations

by MarkiP in Security / SD-WAN
‎01-15-2020 03:53 AM
1 Kudo
‎01-15-2020 03:53 AM
1 Kudo
As Brandon mentioned, I'm pretty sure it's the same thing. I assigned a fixed IP to a device from the Client list the other day and it does show in the list of fixed assignments under Security and SD-WAN > DHCP. ... View more

Re: SIP packets not exiting router

by MarkiP in Security / SD-WAN
‎01-14-2020 12:08 AM
‎01-14-2020 12:08 AM
Hi Philip,   I did take a look at the event logs and there was nothing relevant unfortunately. It appears to be sending the SIP packets over UDP.   Thanks for the suggestions-I'll look into them and get onto the support team as well.   Much appreciated. ... View more

Re: SIP packets not exiting router

by MarkiP in Security / SD-WAN
‎01-13-2020 10:05 AM
‎01-13-2020 10:05 AM
Thanks for the response, the MX84 is currently on 14.40, up to date stable release.   I shall look into raising a support case. ... View more

SIP packets not exiting router

by MarkiP in Security / SD-WAN
‎01-13-2020 07:32 AM
‎01-13-2020 07:32 AM
Hi,   We are having an issue with some VoIP phones in one of our offices, they periodically fail to register, we can still ping them internally but cannot make calls etc. Forcing them onto a new IP reservation then rebooting fixes this. We have run DHCP from the router, server & set them IP's statically but seemingly makes no difference.   On running a few packet captures from the MX84 on the LAN interface, I can see traffic between one of the non-functional phones and the external IP of the VoIP provider, including some outgoing only SIP packets-no responses coming back in. However, on the WAN side capture I cannot see these outgoing SIP packets (nor any incoming) for that internal IP address.   On assigning a new IP and rebooting the phone and repeating the captures, SIP packets for that phone are showing on both the WAN and LAN interfaces as expected and the phone works.   The phone provider suspects a NAT issue, we have no 1:1 or 1:Many NAT mappings set up. It seems as if the outgoing SIP packets are reaching the router and not being forwarded out over the internet, however the phone can successfully make TCP connections. Also this issue is only periodic, and affects all phones which have to be manually assigned a new IP to get them working again.   Leaving me a bit baffled as to what is causing this and why the SIP packets are not exiting the router (or at least why I cannot see them). Any help would be much appreciated on this.   Many thanks,   Mark ... View more

Re: Happy New Year! What are your Networking Resolutions?

by MarkiP in Community Announcements
‎01-09-2020 03:27 AM
‎01-09-2020 03:27 AM
My New Year's Network Resolutions are to pass the Network+ exam, get started on the CCNA, as well as getting involved in the helpful community here 🙂 ... View more
Kudos from
User Count
BrandonS
BrandonS
1
cmr
Kind of a big deal cmr
1
PhilipDAth
Kind of a big deal PhilipDAth
3
TalentQuest
TalentQuest
1
Allistairg1964
Allistairg1964
1
View All
Kudos given to
User Count
PhilipDAth
Kind of a big deal PhilipDAth
3
jdsilva
jdsilva
1
NolanHerring
NolanHerring
2
ww
Kind of a big deal ww
1
View All
My Accepted Solutions
Subject Views Posted

Re: MX modifying TCP syn/reset bit?

Security / SD-WAN
1712 ‎01-05-2021 12:42 PM

Re: Trying to minimize Xfinity traffic or throttle it so low users dont wan...

Security / SD-WAN
2575 ‎01-15-2020 07:19 AM
View All
My Top Kudoed Posts
Subject Kudos Views

Re: MX modifying TCP syn/reset bit?

Security / SD-WAN
3 1712

Re: May I ask about traffic.

Security / SD-WAN
2 1497

Re: Trying to minimize Xfinity traffic or throttle it so low users dont wan...

Security / SD-WAN
2 2575

Re: Slow through put

Full-Stack & Network-Wide
1 2515

Re: Proper method for DHCP reservations

Security / SD-WAN
1 13533
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Cookies
  • Terms of Use
© 2023 Meraki