Meraki

Community

About Craig_Tompkins

Re: Intermittent NAT type unfriendly

by in Security & SD-WAN
‎Aug 8 2022 11:55 AM
‎Aug 8 2022 11:55 AM
As a followup - We did the port forwarding of port 55555 on the cable modem and then assigned that on the Manual NAT Traslation on the Meraki and it's working.  Of note, Comcast would not let us sign up for a static IP, so we do understand that should the public IP of the cable modem change, this location will go down and we'll have to update the Manual settings. ... View more

Re: 802.1x and NPC

by Kind of a big deal in Switching
‎Sep 28 2021 1:03 PM
‎Sep 28 2021 1:03 PM
I have used this old HP guide for configuring 802.1x on HP printers for EAP-TLS authentication against Meraki MS switches and Microsoft NPS server. http://h10032.www1.hp.com/ctg/Manual/c00731218    Basically, you create a custom certificate temple in the Microsoft CA server with all the requirements, create a user in AD to load the certificate against, have the device generate a CSR, have the CA server sign that request as the user, and then install the certificate onto the device.   ps. I tend to setup the CA with a root certificate that is good for 20 years.  CA certificate roll over can be very painfull. pps. I tend to change the certificate template so it can issue certificates for 10 or 20 years.  Then the certificate is valid for the entire lifetime of the IoT device and you don't have to bother with processing the renewals. ... View more

Re: Fail Open in Dot1x authentication with Cisco ISE

by in Switching
‎Jun 18 2021 4:26 AM
‎Jun 18 2021 4:26 AM
I hate to say this, but I put this in as a "wish" about 4 years ago.  I still want this option and that's what it should be - an option.  In the 802.1x policy there should be a drop down or radio buttons or something that lets the network admin pick what they want to happen if the ISE server is offline. ... View more

Re: Site to Site VPN behind Charter Spectrum

by in Security & SD-WAN
‎May 3 2021 8:28 PM
‎May 3 2021 8:28 PM
I just went through this for my wife’s thin client/Z3 setup her company gave her.   I upgraded my spectrum equipment (from a surfboard of my own) to the latest spectrum offered to support higher bandwidth.   The Z3 initialized and would allow a WiFi connection (which the Avaya phone cannot do) but would not initialize the VPN over the WAN port.   I lowered the default DHCP setting from aggressive to normal, and enable PPPoE Passthrough (only passthrough disabled by default) and everything connected immediately.   since it’s working and I’m doing someone else’s job I haven’t gone back and isolated whether the pass through or the DHCP change did the trick. I am an app guy not a networking guy. I only posted here in case it could help someone.  ... View more

Re: Load balancing circuits of different speeds

by in Security & SD-WAN
‎Nov 6 2020 5:14 AM
‎Nov 6 2020 5:14 AM
Thanks, I've already done that but we plan on taking this location live tomorrow (move from MPLS) so trying to make sure I set it up as best I can rather than trouble shoot later. ... View more
© 2024 Cisco Systems, Inc.