Community Record
76
Posts
9
Kudos
1
Solution
Badges
Feb 5 2019
8:56 AM
It was a matter of an incorrect default route and the requirement for LACP. As for my original question, Meraki doesn't appear to use reflexive policies, as the one that I created for testing has never had a hit, and it is our Exchange Server. Everything is now working, but some things are more transparent than others.
... View more
Jan 27 2019
12:22 PM
1 Kudo
Was an issue with ISP. I'm assuming caching. Upon router power-cycle, everything began responding.
... View more
Jan 27 2019
10:40 AM
Internet appears to be working fine. NATing appears to be an issue, though. It is odd, though. My Exchange email appears to be flowing correctly, but Nothing else relying on NAT is connecting. Researching that now.
... View more
Jan 27 2019
9:53 AM
1 Kudo
Heh. Just got your message. You got me looking at the right place. Going to do more testing now.
... View more
Jan 27 2019
9:52 AM
Found an issue... Had 0.0.0.0 point to 192.168.1.1. Changed it to 192.168.1.2.
... View more
Jan 27 2019
9:36 AM
MS250 is 192.168.1.1, MX250 is 192.168.1.2
... View more
Jan 27 2019
9:29 AM
A bit more... The MX250 uplink port (trunk) is our Meraki Management VLAN (1) as native, while the server, phone, and workstation VLANs (10, 59-60, 202) are allowed. The MS250 uplink port (trunk) is configured the same.
... View more
Jan 27 2019
9:23 AM
WAN routers - MX250 - MS250 - Client MS250 is in L3 mode
... View more
Jan 27 2019
9:10 AM
There is no DNS resolution and a tracert to 8.8.8.8 hits the switch and then fails after that. Why would the switch be blocking anything? Going to check my Interface settings, but there doesn't seem much that should come into play. Thanks, Jeremy
... View more
Jan 27 2019
8:43 AM
Greetings, I'm in round 2 of an attempt to replace old equipment with Meraki. The main issue I'm seeing now is that LAN devices are not accessing the Internet. We have Windows Servers serving as DHCP and DNS. Nothing has changed with those servers and they are accessible. Devices with static info do not connect, either. If I enable DHCP on the MX250, then that network gets Internet. I don't see anything in the event logs. Is something cached somewhere? Any ideas of where to look first? I appreciate any assistance. Thank you, Jeremy
... View more
Jan 22 2019
12:51 PM
It is possible that my testing was compromised. I'll be doing more testing this Saturday. In our environment, MaaS360 uses ActiveSync to access our Exchange environment. For this question, we have 3 impacted solutions. We have a physical secure remote access (SRA) appliance and a virtual Exchange Server environment. The Exchange environment is used for MaaS360 and OWA (Outlook Web Access). As SRA and Exchange are public facing, we use NAT to access the private IP of the devices. In my current environment, I have reflexive policies in place. This is necessary, as the static public IP of the destination is actually already on the WAN environment of the same firewall managing the Wi-Fi (which causes traffic to stop without a return policy). I generally have the Wi-Fi network completely isolated from the LAN environment. I have at times made exceptions DNS and RDP. Anyhow, I tried using the L3 Outbound rules to create a reflexive policy of the associated NAT policy. No effect. However, I was having other issues with my test environment that may have been coming into play. I'll confirm on Saturday. Oh, along that line, I need an internal device to leave with a specific public IP address. In SonicWALL, this is also addressed by NAT. Is it safe to assume that L3 outbound rules can accommodate that, too? Thanks, Jeremy
... View more
Jan 20 2019
12:19 PM
Greetings, I'm migrating our core SonicWALL hardware over to Meraki hardware and I've ran into a few issues. One of them is reflexive policies or similar. Basically, I have my MX250 with a bunch of MR33 units on the same network. Wi-Fi to the Internet is working great. However, my phones on Wi-Fi cannot access my email server (via MaaS360). With SonicWALL, I just simply created NAT and firewall rules with reflexive policies and the phones synced whether they were on the network or not. I've tried similar settings within the Meraki firewall settings, but no luck. Any ideas? Thank you, Jeremy
... View more
Dec 28 2018
4:32 PM
Greetings, Just got a couple MX250 units to replace my old hardware and see that the Internet 1/2 ports are SFP. I didn't realize that (as we have been using MX65 and Z1 units) and now need to order a few modules. That said, is there the option to use the GbE ports for WAN? I thought that'd be an quick search, but I'm not finding anything. Any info would be appreciated. Thanks, Jeremy
... View more
Apr 23 2018
12:15 PM
3 Kudos
I opened a ticket with Meraki. The issue was that I had DHCP reservations. I deleted all of those for all VLANS and I was able to then change the Subnetting to Unique. that seems weird, as I would have expected the DHCP settings to be cleared, following a confirmation prompt, upon saving the changes (like it does when you change the VLAN info on a network). Anyhow, this is progress, allowing me to move forward with testing. Jeremy
... View more
Apr 23 2018
10:50 AM
Tried that. Failed with same message. Sounds like I may need to get a ticket open with Meraki?
... View more
Apr 23 2018
10:24 AM
Confirmed that there are no spaces. If I have to change me IP scheme, I can live with that. However, not being able to apply anything definitely has me stalled, at the moment. Anything else that you can think of to look at?
... View more
Apr 23 2018
7:43 AM
Tried the 10.104.0.0/13 and 10.112.0.0/13 entries and they still fail, providing the following: There were errors in saving this configuration: The first IP's host bits are not valid.,The first IP's host bits are not valid. I've always manually assigned networks and masks, so I've never ran into anything like this. It seems very odd to me that I can't simply assign a range of 2048 subnets. I'm now doing a crash course into CIDR to see if I can get a better grasp on what I'm missing. This would seem to be the most difficult part of creating the configuration template within Meraki.
... View more
Apr 23 2018
7:07 AM
I'm attempting to setup one of my VLANs as such: Local VLAN Template Name: Client Network Subnetting: Unique Subnet: /24 from 10.110.0.0/13 Appliance IP: Auto-generated Group policy: Client Wi-Fi For this test, I'm trying to allocate 2048 subnets to this VLAN (2^(11)). That said, I've tried several combinations of subnet configurations and they all give the same error. I'm obviously not understanding something quite critical about subnet allocation.
... View more
Apr 22 2018
1:25 PM
Greetings, I just finally got to the point where I've deployed a few combined networks and I've been comfortable with their configuration, so I decided to create a template (versus just copying from another network). Seemed pretty straight-forward until I noticed that the bound networks were all getting all the same VLAN addresses. I see I overlooked the Same/Unique pull-down. I change that and setup all the VLANs. However, upon saving the changes, I get the following "The first IP's host bits are not valid". I suspect that I have a bad config, but I don't know what that is. For this template, I need to account for at least 1000 networks (sites), with a need for more in the next few years.. Using the formula from the documentation, I tried several combinations to get 2 to the 10th (1024 subnets), but everything, so far, has given the same error. Each network uses 8 VLANs, with 7 being unique and 1 being the same. I have allocated a pool of 2540 networks per VLAN (i.e. data = 10.20.0.1-10.29.254.254, voice = 10.30.0.1-10.39.254.254, etc.). Also, as I have existing networks already in the field, if I bind them to a template, will they keep all their existing VLANs? In my initial testing, they didn't, but the VLANs were set to "same". Obviously, I have this ticket open because I can't make "unique" work for testing. Lastly, just to confirm, the point of the template binding is so that many common settings can be managed at one time, such as firewall, content filtering, and Wi-Fi settings. This is how this works, correct? I'm going to have probably 150 networks on one template and another 1200 on another. I appreciate any assistance provided. Thank you, Jeremy
... View more
Feb 15 2018
7:33 AM
@Mr_IT_Guy At the time, I was working in an environment that was inside the router distributing the public IP. As I didn't have a loopback rule in place for the public IP, I was trying to use my phone to access the public IP. For whatever reason, it didn't work and I spent no more time on it, as I had local access. However, now that I'm at home, I can log into the static IP just fine and indeed get to the port config page, which is exactly what I was looking for. So, I now have everything configured correctly and the VPN is working just fine. Now on to figuring out routing on these units... 😉 Thanks for the help.
... View more
Feb 14 2018
12:41 PM
Adam, I only see "Local device status page" within Device Configuration.
... View more
Feb 14 2018
12:39 PM
DCooper, do you mean firmware? If so, I'm on MX 13.28.
... View more
Feb 14 2018
11:45 AM
I'll have to keep testing, but that is not working for me. If I put in the IP address in for either WAN port, it simply times out. Have I overlooked a setting that allows remote access to the public IP(s)?
... View more
Feb 14 2018
11:25 AM
Thanks for the response, JFM-FL. I had done local access for configuring the port 4, but I was hoping that I could make WAN 1 changes via the web interface. Having to be directly connected is going to be a very inconvenient element for my remote sites. My hope was that the Meraki cloud management was going to be more capable. Well, still figuring Meraki out, as it way different than all the other routers that I've worked with. Jeremy
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 3102 | Feb 5 2019 8:56 AM |
My Top Kudoed Posts
