Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About carl222
Community Record
24
Posts
0
Kudos
1
Solution
Badges
Jul 23 2021
1:30 PM
@PhilipDAth All right so problem solved for Teams. Now what about Netflix and YouTube. We cannot completely block them for business reasons but we also don't want them to hug all their bandwidth. How would you proceed ? Custom rules and put them in low priority ? This is what I have in mind :
... View more
Jul 22 2021
6:35 PM
@PhilipDAth I don't have QoS enabled on the downstream L2 switch. Does that make a difference ? What are these Default Rules doing anyways ? Do they mark packets or they respect marking and queue/schedule packets accordingly ? Thanks
... View more
Jul 22 2021
1:48 PM
Hi, We have a branch with limited Internet bandwidth. I need to prioritize Teams, Office 365 and microsoft.com traffic. I am a bit confused by this documentation: https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Using_Packet_Prioritization_on_a_Traffic_Shaping_Rule Do I need to just basically put a single custom traffic shaping rule for these apps and set priority to High ? High priority will give me 4/7 of the bandwidth but what about the rest of the traffic, will it be treated as Normal 2/7 ? Thanks
... View more
Jun 30 2021
3:59 AM
@Bruce Thank you very much sir! I will try to put it down to 95Mbps and setup Netflow to see which applications I can throttle down a bit. What would be your recommendations for the Per-Client shaping? They are around 60 users on the MX68. Would you enable the burst option as well? Thanks
... View more
Jun 29 2021
7:29 PM
I saw this article but it doesn't explain how the "Default Rules" work. If I select "Enable default traffic shaping rules", that means the MX will prioritize traffic internally going out on the Internet according to these default rules ? Do the MX take into consideration the 100Mbps specified in the Uplink configuration ? Thanks
... View more
Jun 29 2021
7:20 PM
Hi, We have a 100Mbps ISP circuit at a remote location. Users have been experiencing drops from time to time. Looking at the uplink statistics in the past week, I see intermittent 0.5-1% packet lost everyday during business hours. Meraki and our monitoring platform are reporting an average of 30-40Mbps on the interface. I know it is an average and doesn't really represent reality. When I look at real time traffic on the dashboard, I see peaks to 100Mbps quite often. ISP is reporting that the circuit is all good (dedicated Fiber) and they said that the drops were caused by us saturating the link. Makes sense if I see these peaks + packet lost. Few questions : 1- Can I play with traffic shaping rules ? I tried Per-client limit to 10Mbps with SpeedBurst, didn't really change anything. 2- What are these Default Rules for ? Is the MX tagging packets according to these Default Rules ? Thank you
... View more
Jun 29 2021
7:03 PM
@Bruce Problem solved... I had my MX's in a combined network with Client-Tracking set to MAC address. I split the network and swapped Client-Tracking to IP address. I'm not sure if this is a requirement or not when you have a non-Meraki L3 switch downstream but it solved the problem for me. Thanks !
... View more
Jun 9 2021
3:22 AM
Hi, That's what they said, upgrade and then they will investigate further if the issue persists. MX100. Could it be the IP spoof protection acting weird with this new L3 Cisco switch downstream? We didn't have that problem before the refresh when the MX100 was doing the L3 routing..
... View more
Jun 8 2021
7:51 PM
Hello, I've been troubleshooting a weird issue that one of our remote site has been experiencing since a network refresh. The new architecture is the same as this one : https://documentation.meraki.com/Architectures_and_Best_Practices/Recommended_Topologies/MX_and_MS_Basic_Recommended_Layer_3_Topology Users have been experiencing slowness while accessing different websites. I ran a packet capture on the LAN and WAN interfaces. On the LAN side, I can see the HTTP GET Request from my client going to the web server followed by 6 TCP Retransmission packets of that Request and a Request Time-out from the server after. Client then sends a RST, ACK to the server, sends another GET Request and now the webpage shows up. This whole process takes around 20 seconds... On the WAN side, I see the 3-way handshake but I do not see the initial GET Request for the client nor the retransmitted packets. I do see the RST, ACK from the client and the second GET Request after. It looks to me that the MX is dropping the initial GET Request. We have a server running HTTP (port 80) in our DC and same thing happens. HTTPS works just fine. No TCP errors in the captures. I also noticed that when the users are accessing our HTTP server with their client VPN on, no issue. Makes sense because traffic is leaving their PC encrypted. I called Meraki support, they noticed the same problems. We tried to failover to MX2, same issue. They suggested upgrading the MXs to 15.42.1. We are on 14.53 now. Any ideas ? Thanks
... View more
Aug 2 2020
4:32 PM
@PhilipDAth In Wireshark, on almost every APs, I see thousands of broadcast deauthentication frames sent by the same 5 SSIDs by a slightly different broadcast MACs (According to AirMarshal). The SSIDs are being seen by all our 30 APs, and Manufacture is Aruba (No clue where it's coming from). Any ideas ? Thanks
... View more
Aug 1 2020
5:41 PM
Yes WPA2-PSK. We need to keep WPA1 for older RF scanners that we still use for now. Older scanners are using the 2.4Ghz and WPA1. Channel utilization is very high for 2.4Ghz so even these guns are having problems. I think they used the same SSID as the old APs. You think there might be an old AP still around ?
... View more
Jul 29 2020
1:50 PM
Half of them are mounted on roof truss at 26-foot level. Other half are 9 foot off floor. They are between 20 and 40 dB. Most of them are above 30 dB. They run Android so yes they have a power saving option (not enabled). Logs are full of : " Client attempted to associate XX times on the 5 GHz band ". Some authentication errors but nothing alarming. I just found out that the problematic guns are set-up to use 5 Ghz only. Thanks
... View more
Jul 29 2020
12:55 PM
Hi, We just deployed 12 new MR52 in a warehouse. We have around 20 RF scanners that supports 2.4Ghz and 5Ghz. Employees are complaining about slowness and performance issue with these scanners. In wireless health, I see about "40% fail to associate" in the last hour. I know that these scanners are in "Auto Mode" for 2.4 and 5Ghz and Meraki also tells me 2.4 and 5 Ghz capabilities in the client page. Screenshots: Latency is also very high (400ms) for these APs. Band steering is enabled because I want these RF scanners to go on the 5Ghz (2.4Ghz average utilization is 75-80%). Thank you
... View more
Jul 8 2020
4:48 AM
@cmr Thanks for the reply! The architecture of that site is note completely done yet so I'm trying to find the best way to put this all together. We might just stack both 3850s together like you said earlier. MX1 P3 --> Stack G1/0/1 MX1 P4 --> Stack G2/0/1 MX2 P3 --> Stack G1/0/2 MX2 P4 --> Stack G2/0/2 On the MXs I would use access ports in VLAN50 (192.168.1.1) and on the stack I would use interface SVI 50 (192.168.1.2) and put all 4 ports in VLAN50 like you said. And for the LAN I'll do the same thing but in differents SVIs. Thoughts ? Thank you
... View more
Jul 8 2020
4:34 AM
@PhilipDAth Yeah, MXs ports are Layer 2 right ? They use SVIs just like L3 switches. So you would do no switchport on both switches, Ex: 192.168.1.252 on SW1, 192.168.1.253 on SW2 (HSRP VIP 192.168.1.254) and then connect them up individually on each MX Port3 in Access VLAN50 with subnet 192.168.1.1? Thank you
... View more
Jul 7 2020
8:06 PM
Hello! I'm wondering what would be the best way to configure and connect 2X MX68 and 2X C3850 together. In this topology, SW1 and SW2 are Layer 3 switches doing the routing between VLANs. They also have a Layer 3 link between them to avoid loops in the layer 2 domain. With only 1 switch, I would do no switchport and assign let's say 192.168.1.2 on the routed port of the C3850 switch. On the MX, I would put Port3 as an access port in VLAN50 and configure the subnet as 192.168.1.1. SW1 would have a default route pointing to the MX (192.168.1.1) and the MX would have static routes for VLANs 150,160,170 pointing to SW1 (192.168.1.2). Clients below would have SW1/SW2 (HSRP) as their gateways. Now how would you configure the same setup in redundancy ? Thank you Carl
... View more
Jul 1 2020
11:25 AM
Hello! If we see a private address like this in the event log, does that mean the tunnel is built on our private MPLS link (WAN1) ? vpn_type: site-to-site, peer_contact: 172.24.200.254:55467, connectivity: false Thank you!
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 2726 | Jun 29 2021 7:03 PM |
© 2024 Cisco Systems, Inc.
