The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About swifty
swifty

swifty

Getting noticed

Member since May 14, 2020

‎06-14-2022
Kudos from
User Count
cmr
Kind of a big deal cmr
1
Johnfnadez
Johnfnadez
1
jdsilva
jdsilva
1
View All
Kudos given to
User Count
JohnM
JohnM
1
jdizzle
jdizzle
1
PhilipDAth
Kind of a big deal PhilipDAth
1
GreenMan
Meraki Employee GreenMan
1
MeredithW
Community Manager MeredithW
1
View All

Community Record

35
Posts
3
Kudos
0
Solutions

Badges

CMNA
First 5 Posts
Lift-Off View All
Latest Contributions by swifty
  • Topics swifty has Participated In
  • Latest Contributions by swifty

Re: Configuration Sync

by swifty in Dashboard & Administration
‎08-20-2021 01:14 AM
‎08-20-2021 01:14 AM
Found it  👍 https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Cloning_Networks_and_Organizations_in_Dashboard Cloning Network Settings with Configuration Sync Sometimes it is convenient or necessary to copy configurations from one network to another. If an Organization has multiple networks, it is possible to copy an existing MX or MR network configuration to another network. For MXs in particular, the traffic shaping and content/security filtering settings can be copied. Note: Configuration Sync cannot be performed with a   combined network   or a network   bound to a template ... View more

Re: Configuration Sync

by swifty in Dashboard & Administration
‎08-19-2021 01:47 AM
‎08-19-2021 01:47 AM
Hi @Phil Where did you see the referenced quote " Note: Configuration Sync cannot be performed with a combined network. " ? I've searched but can't find it, in fact the documentation site doesn't really have any reference to config sync, only working with Templates, and cloning existing networks. ... View more

Re: vMX Inbound Rules and Template

by swifty in Security / SD-WAN
‎05-13-2021 02:37 AM
‎05-13-2021 02:37 AM
Hi Philip Thanks for the reply. After discussion w our Meraki SE, it was explained the one-armed vMX has the public IP as the 'outside' and the internal Azure NIC as the 'inside' interfaces - and rules can be applied much like any other firewall i.e. looking at the perspective of inbound & outbound. As we are replacing an incumbent Juniper firewall, which has ingress & egress policies we are replicating those. The customer is security conscious of their Azure environment and wants to control ingress to it, and control access out form it (presumably being used as an attack plane into the rest of their SD-WAN environment.) My comment was really around the template missing the inbound section, whereas when you don't bind the network to  a template you can specify inbound and outbound rules.  Ian  😀 ... View more

Re: vMX and local status page - it's not there ?

by swifty in Security / SD-WAN
‎05-12-2021 07:38 AM
‎05-12-2021 07:38 AM
Hi yes we have deployed in Azure.   2 things; i. Unable to browse to the public IP ii. There isn't the option to specify an external src IP in the 'Security Appliance services' section in firewall   Oddly enough if you bind the network to a template you can specify the IPs that can access the ' Web (local status & configuration)' page.   Have you tried this yourself ? ... View more

vMX Inbound Rules and Template

by swifty in Security / SD-WAN
‎05-12-2021 04:47 AM
‎05-12-2021 04:47 AM
I've got a few vMXs I want to apply the same - inbound & outbound - f-w rules to.   💡 I'll use templates. The usual vMX Firewall configuration page, has Inbound and Outbound rules sections.   The template once bound to a vMX network, only has outbound rules. Can anyone explain this ?   I'm also thinking of using mfw.py for the API from https://www.ifm.net.nz/cookbooks/mfw.html   Obviously the rules I send via .csv will be directional i.e. src. or dest. will live 'inside [Azure]' or 'outside [SD-WAN]'. If I add rules that are inbound will they; a) Get added to the inbound section b) Get ignored ?   Ian ... View more

vMX and local status page - it's not there ?

by swifty in Security / SD-WAN
‎05-12-2021 02:05 AM
‎05-12-2021 02:05 AM
Hello Deploying vMX. Thinking about external access inbound, I thought of allowing a static IP in for access to the local status page, in much the same way as a physical MX. But there is no Network > General settings page where you would set credentials.   Can anyone confirm that you can't browse in like a hardware MX ? ... View more

Re: Automated way to enable AMP across many networks???

by swifty in Security / SD-WAN
‎05-04-2021 04:26 AM
‎05-04-2021 04:26 AM
I have the same q. Any lurkers ? My reqt is pretty similar - have built 100+ sites (network envy of >400  😉 ) individually, but want to edit URL filtering directly, either in one go or probably by using a small number of templates applied in groups, to handle a staged implementation. Yes, we can use the API, but a GUI method is even more widely available. ... View more

Re: MX upgrades only on the hour

by swifty in Security / SD-WAN
‎03-16-2021 07:07 AM
‎03-16-2021 07:07 AM
Brave man - bleeding edge !  ;-] I guess you know too, I did a 'upgrade now' and it says scheduled for 6 or 7m time, if you go and reschedule and do another 'upgrade now' it claims to start it immediately saving the wait. ... View more

Re: MX Cluster (Warm Spare) Upgrade

by swifty in Security / SD-WAN
‎03-15-2021 12:52 PM
1 Kudo
‎03-15-2021 12:52 PM
1 Kudo
@cmr Thanks again.  👍 All went fine, customer reports no users reported any disruption to service. Not that I think they would have noticed anyway. ... View more

Re: MX Cluster (Warm Spare) Upgrade

by swifty in Security / SD-WAN
‎03-15-2021 10:44 AM
‎03-15-2021 10:44 AM
Hi All I have just come off the phone to Meraki TAC. The failover is not stateful. So TCP resets all round, but device available achieved by failover and fallback. Ian ... View more

Re: MX Cluster (Warm Spare) Upgrade

by swifty in Security / SD-WAN
‎03-15-2021 07:55 AM
‎03-15-2021 07:55 AM
Is an MX HA pair stateful ?? Same thing here, users asking for impact statement. According to the doc referenced elsewhere https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practices_for_Meraki_Firmware#Appliance_Network_with_Two_MXs_in_an_HA_Configuration "   the dashboard will automatically take steps to minimize downtime when upgrades are performed to ensure a zero-downtime MX upgrade "   Will a tcp state table be copied across or will tcp connections be reset ? My understanding ref @cmr 's comment, SIP phones - once call setup has taken place - will be keeping the call going between endpoints and unless the call flow, or one of the endpoints, is via the device being upgraded there is no impact. If the SIP server is via the device in q, I can see a hit, but I would have thought it would be very quick if 'zero downtime' is the reality. ... View more

Re: MX upgrades only on the hour

by swifty in Security / SD-WAN
‎03-15-2021 07:21 AM
‎03-15-2021 07:21 AM
Hi MerakiDave It would be great to get clarity on this. Am upgrading a pair of MX450s tonight and the customer is not going to want to hear there's a 50min delay, like @cmr . Also clarity on the timings. I know the scheduler drop-down only allows it on the hour, but other posts here suggest these get pushed back at 20m intervals, or is that coincidence and it's random, as it's a cloud based service and has to service lots of folk, and depends on load at any given time ? ... View more

Re: Firmware upgrade process on warm-spare MX

by swifty in Security / SD-WAN
‎01-28-2021 09:52 AM
‎01-28-2021 09:52 AM
hi Is this documented anywhere ? I had assumed that would be the process but cannot find it in Meraki documentation. ... View more

Re: MX250 disconnects WAN after VLAN enable

by swifty in Security / SD-WAN
‎11-03-2020 09:35 AM
‎11-03-2020 09:35 AM
We share your pain ! In our instance we decided to get the carrier to strip VLAN tagging on the cct, rather than go with beta code. But if you like living dangerously there is a fix starting in 15.37 https://community.meraki.com/t5/Security-SD-WAN/New-15-37-firmware-fixes-MX250-450-WAN-VLAN-issue/m-p/99714   ** N.B. ** Security appliance firmware versions MX 15.37 changelog IMPORTANT NOTICE This is a beta version for the next major MX release. Due to this, we recommend taking additional caution before upgrading production appliances. Where applicable, MX 14 releases will provide a more stable upgrade alternative.   😱   😁 💣 ... View more

Re: Port aggregation not working?

by swifty in Switching
‎10-23-2020 02:44 AM
‎10-23-2020 02:44 AM
Hi That links broken, does anyone have an up to date one ? Ian ... View more

Re: SCCM PXE boot - IP forward-protocol UDP 4011

by swifty in Security / SD-WAN
‎09-17-2020 04:45 AM
‎09-17-2020 04:45 AM
I've had it confirmed by TAC that you have to enable a DHCP server on the vlan, not just able to get it to act as a DHCP/BOOTP relay. So we can; a) Act as an ip helper / dhcp-relay and NOT a BOOTP forwarder, or b) Act as a DHCP server (i.e. not a dhcp relay), and act as a BOOTP forwarder   Seems a bit contradictory; a) Forward DHCP multicasts as unicasts, and DO NOT Forward BOOTP multicasts as unicasts; or b) Forward BOOTP multicasts as unicasts, and DO NOT Forward DHCP multicasts as unicasts ... View more

Re: MX64 & MX65 Firmware Upgrades Hanging / Missing Configurations

by swifty in Security / SD-WAN
‎09-07-2020 01:57 AM
‎09-07-2020 01:57 AM
Update, we are told (Meraki TAC) this relates to a VLAN tag on the WAN configuration. Apparently an old issue seen strips the VLAN tag from the port config. We are seeing this. When you first connect a unit to the WAN and it connects to the dashboard, then tries to download firmware, if you look at the Uplink config in the dashboard, the dashboard has stripped the VLAN tag from the link. We have been told to add this to the dashboard before the next reload/download happens and it should go fine. What appears to be happening is the VLAN tag gets stripped, the MX can no longer see the dashboard and it recovers itself by rolling back. ... View more

Re: Firmware Info via REST API

by swifty in Developers & APIs
‎08-27-2020 10:00 AM
‎08-27-2020 10:00 AM
not the REST API but the Dashboard API https://nxxx.meraki.com/api/v0/organizations/organizationid/devices/ ... View more

Re: MX64 & MX65 Firmware Upgrades Hanging / Missing Configurations

by swifty in Security / SD-WAN
‎08-27-2020 03:10 AM
‎08-27-2020 03:10 AM
Joel - can I DM you for the Meraki case # please ? We have what appears to be a similar issue, and when I asked Meraki tech support if it was related to this post they couldn't say as I didn't give the ticket no. for him to compare with. The behaviour we see is the dashboard tells us the units are on 14.42 but Meraki tech say this has failed and they are actually on 12.24, and the dashboard actually is reporting the 'desired' not the running version. The units go offline for 8-10mins roughly every 2.5hrs. My understanding is that they never achieve their initial image download from the dashboard so try continuously rather than using the default schedule (weekly?) ... View more

Re: SCCM PXE boot - IP forward-protocol UDP 4011

by swifty in Security / SD-WAN
‎07-16-2020 01:47 AM
‎07-16-2020 01:47 AM
Hi PhilipDAth   I'm not sure I follow the suggestion above. The boot options only appear when the Meraki vlan is set to 'Run a DHCP' server. So you can't specify 'Relay DHCP to another server', and bootp options i.e. ip helper and bootp forwarding appear to be mutually exclusive in the dashboard DHCP, Vlan definition page. ... View more

Documentation - Article ID 1735 'Upstream Firewall Rules for Cloud Connecti...

by swifty in Security / SD-WAN
‎07-15-2020 01:27 AM
‎07-15-2020 01:27 AM
The article relates to ports you need to open up for Merkai device to Dashboard comms.   The article has a table, and a .csv version.   The info differs - which one to believe ? e.g. no .csv entry for tcp/udp 3478,5020-1,7011 .csv no udp ephemeral ports .csv, no tcp 443,30001 'camera streaming proxy' Obviously i can attempt and see what works, but I'd prefer to have an 'official' guide. ... View more

MX bulk network creation

by swifty in Dashboard & Administration
‎06-24-2020 08:00 AM
1 Kudo
‎06-24-2020 08:00 AM
1 Kudo
Has anyone got experience of using Bulk Network Creation to create MX networks. The guide https://documentation.meraki.com/zGeneral_Administration/Templates_and_Config_Sync/Using_the_Bulk_Network_Creation_Tool is very thin, and another post suggests consulting the 'Bulking Up' article which has even less detail @NolanHerring  https://community.meraki.com/t5/Dashboard-Administration/Bulk-network-creation-issues/m-p/60707 I appreciate it's probably not practical to expect to be able to build the uplink and gateway IPs because you have to manually configure the MX to talk to the dashboard in the 1st instance, but I'd like to create all the L3 subnets for each location as the MX will be the L3 gateway at each site. The format will be largely repeatable at each location, and it will save a lot of clicking if I can do a bulk import.   ... View more

Re: Bulk network creation issues

by swifty in Dashboard & Administration
‎06-24-2020 07:46 AM
‎06-24-2020 07:46 AM
@bford1  That's a real pain for you. Did you get much joy in the end. I too am on the same path. I realise that you cannot import combined networks, so I want to start with the MX's, then maybe bind a pre-defined template, depending if that works or not. Did you have your serial numbers pre-defined per location ? ... View more

Re: How to monitor a configured SD-wan policy

by swifty in Security / SD-WAN
‎06-24-2020 01:25 AM
1 Kudo
‎06-24-2020 01:25 AM
1 Kudo
Split tunnel. There is a NAT set up for the return traffic, but I don't see that would necessarily dictate the outbound traffic. i.e. there is a hide-mode NAT (port-forwarding) set up for this internal host when egressing the WAN2 uplink of the MX.   So going out that would hide the internal src IP behind the MX WAN 2, but would that make the traffic go that way itself, I don' think so.   Anyway thanks for your input and I have learnt something. I have got rid of the SD-WAN, VPN traffic, Uplink Selection Policy, and used a Uplink selection, Flow preference, Internet traffic rule instead.   Thanks for your interest. But no stats unfortunately, other than to look at the WAN usage in the Appliance status page :[ ... View more

Re: How to monitor a configured SD-wan policy

by swifty in Security / SD-WAN
‎06-23-2020 11:04 AM
‎06-23-2020 11:04 AM
Hi Yes i was - now you have explained the sections I am surprised it was behaving like it was. My VPN traffic , Uplink selection policy had WAN2 as the preferred uplink option (with mandatory failover) AND the traffic filters Windows Ofice365, and a custom expression tcp from an inside host to any host, external port number. So a very crude kind of policy routing, i.e. "if it comes from here" AND "the destination port is X", THEN use uplink WAN2. ... View more
Kudos from
User Count
cmr
Kind of a big deal cmr
1
Johnfnadez
Johnfnadez
1
jdsilva
jdsilva
1
View All
Kudos given to
User Count
JohnM
JohnM
1
jdizzle
jdizzle
1
PhilipDAth
Kind of a big deal PhilipDAth
1
GreenMan
Meraki Employee GreenMan
1
MeredithW
Community Manager MeredithW
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: MX Cluster (Warm Spare) Upgrade

Security / SD-WAN
1 1380

MX bulk network creation

Dashboard & Administration
1 872

Re: How to monitor a configured SD-wan policy

Security / SD-WAN
1 2565
View All
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2022 Meraki