The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About Crocker
Crocker

Crocker

Building a reputation

Member since Nov 10, 2020

yesterday
Kudos from
User Count
Steven_Johnson
Meraki Employee Steven_Johnson
1
Brian_Scheele
Brian_Scheele
1
BlakeRichardson
Kind of a big deal BlakeRichardson
4
GiacomoS
Meraki Employee GiacomoS
1
Gineesh
Gineesh
1
View All
Kudos given to
User Count
GeorgeMokdessi
Meraki Employee GeorgeMokdessi
1
cmr
Kind of a big deal cmr
1
RaphaelL
Kind of a big deal RaphaelL
2
PhilipDAth
Kind of a big deal PhilipDAth
2
rabusiak
rabusiak
1
View All

Community Record

88
Posts
53
Kudos
5
Solutions

Badges

ECMS1
5th Birthday
50 Posts
First 5 Posts
50 Kudos
25 Kudos View All
Latest Contributions by Crocker
  • Topics Crocker has Participated In
  • Latest Contributions by Crocker
  • « Previous
    • 1
    • 2
    • 3
  • Next »

Re: 403 Forbidden with Update Network Appliance Firewall L3 Firewall Rules

by Crocker in Developers & APIs
2 weeks ago
1 Kudo
2 weeks ago
1 Kudo
It's throwing an HTTP 403, which smells like it doesn't like your API key or the account associated with it. Can you post or put to any other endpoints with that key without error?   I've had some issues getting Invoke-RestMethod to consistently follow redirects through https://api.meraki.com/ ; However, usually that issue throws HTTP 308 error codes. Just for grins, it might be worth swapping in your node IE https://n263.meraki.com/ in place of that. ... View more

Re: Dashboard Down on Node 426?

by Crocker in Dashboard & Administration
3 weeks ago
3 weeks ago
This continues to occur on n426 at seemingly random intervals. So far they tend to last 8-12 minutes, though just recently I had one last from 2:39 to 2:58 PM CT.   Support is aware of the issue (Case 09090667, if any Meraki folks are haunting the forums today) and has notified the product team. I was able to get support on the line while the issue was occurring and they were able to reproduce. Sounds like there's at least one other ticket reporting similar issues.   Anyone else having short outages on their nodes?   EDIT: Added case # ... View more

Re: Dashboard Down on Node 426?

by Crocker in Dashboard & Administration
3 weeks ago
3 weeks ago
Occurring again as of 1/10 @ 2:30 PM CT. Same node.   Edit: working fine as of 1/10 @ 2:39 PM CT. ... View more

Dashboard Down on Node 426?

by Crocker in Dashboard & Administration
a month ago
a month ago
Getting Server Errors after signing into Dashboard on N426. Was working fine up till about 10:30 AM CST.   Anyone else?   Edit: Dashboard on N426 is behaving itself again as of 10:43 AM. ... View more

Re:

by Crocker in Switching
‎12-14-2022 04:00 PM
‎12-14-2022 04:00 PM
No, I ended up band-aiding this via an API script that looks for Critical Auth complaints from the switch event logs, identifies the affected ports, removes the Access Policy from those ports, waits 2-3 minutes, then places the Access Policy back in place. ... View more

Re: Access to the WAN router that is in front of the MX95

by Crocker in Security / SD-WAN
‎12-13-2022 03:04 PM
‎12-13-2022 03:04 PM
I've done something similar to this, but use it to get into the web interface of the upstream ISP router/modem/whatever  acts as the internet gateway for the MX/Z3 devices at our remote branches. At the remote site:   SD-WAN & Traffic Shaping -> Local Internet Breakout -> Create a rule that excludes TCP 80 (or TCP 443, or both) destined for 192.168.1.75 (or whatever the FritzBox's DHCP address is).   Then, remote into a workstation/server at the remote site - we use this as a proxy to connect to HTTP(S)://192.168.1.75. The host-specific (or subnet-specific) VPN Exclusion rule makes sure that the traffic targeting 192.168.1.75 on whatever ports we defined doesn't get wrapped up in the AutoVPN and dead-ended at your core. ... View more

Re: powershell REST API issue with Meraki Dashboard API

by Crocker in Developers & APIs
‎12-02-2022 10:11 AM
‎12-02-2022 10:11 AM
I've run into this a few times, and it seems to only occur when performing a POST or PUT via Invoke-RestMethod. My GETs via Invoke-RestMethod tend to work as expected. You can try to specify -maximumredirection ## (default value is 5) to get around this, though I'm not sure if it'll work - can't remember if I fiddled with this or not.   I kludged my scripts to point directly to the shard I'm on - n426.meraki.com/api/v1/. It's not recommended, and I'm sure this will bite me at some point.     ... View more

Dashboard showing faulty data

by Crocker in Dashboard & Administration
‎11-23-2022 08:20 AM
‎11-23-2022 08:20 AM
Just noticed this on a handful of MX67 nodes running MX17.10 (not sure how much that info matters). They're showing no VPN connection, though I know the branch is up and running just fine. Also, on the Network summary page, it's showing 0/2 healthy uplinks but if I click into the uplinks all is well. I've got one MX telling me there's no traffic and no clients when I can clearly ping/communicate with clients behind the MX!   Anyone else bumping into this? I've opened a ticket with support in the meantime.   EDIT: Also, we're on shard 426 ... View more

Re: Anyone having problems with Dashboard being unresponsive?

by Crocker in Dashboard & Administration
‎10-31-2022 08:40 AM
‎10-31-2022 08:40 AM
Am on 426 and it's feeling awfully sluggish this morning. ... View more

Re: ICMPv6 Router Solicitation

by Crocker in Switching
‎10-12-2022 09:11 AM
‎10-12-2022 09:11 AM
Wonder if my notes are wrong. Have you rebooted that MS since disabling those settings? ... View more

Re: ICMPv6 Router Solicitation

by Crocker in Switching
‎10-12-2022 08:48 AM
‎10-12-2022 08:48 AM
I believe we saw something similar when we installed our first MS250 at our HQ, hanging off a stack of Catalyst 3650's. Our firewall suddenly started seeing a bunch of IPv6 router solicitation requests and that set off some alarms (we shouldn't see any IPv6 traffic).   In the end, we ended up disabling IGMP snooping and Flood unknown multicast traffic  under Switch -> Switch Settings -> Multicast Settings. These were enabled by default, with no way to adjust separate settings between IPv4 and IPv6. ... View more

Re: Meraki Logs polled while the device is restarted

by Crocker in Dashboard & Administration
‎10-12-2022 08:32 AM
‎10-12-2022 08:32 AM
Support can poll the device uptime. Alternatively, you can look through the event log for "Ethernet port carrier change" messages for all of the connected interfaces. For example, when I see that message for ports 1, 2, 3 (we generally don't connect anything to 4 & 5) all with the same timestamp, I know the device rebooted. ... View more

Re: SpeedTest via API

by Crocker in Developers & APIs
‎09-15-2022 12:51 PM
‎09-15-2022 12:51 PM
Any chance you control a server/workstation on both ends of the link? Could look at iPerf testing between them. It's a little rough, but you can script around the iPerf3.exe to automate testing and log results per site. ... View more

Re: Granting technicians port-level configuration access

by Crocker in Dashboard & Administration
‎09-15-2022 09:51 AM
‎09-15-2022 09:51 AM
Took a swing at this this morning and all I'm getting when I try to PUT against  https://developer.cisco.com/meraki/api-latest/#!update-organization-saml-role  the endpoint as documented is either 400 Bad Request or "There was a problem with the JSON you submitted".   I may be doing something wrong but...I dunno. Just for grins, I copied a Request Body example, generated with the form from the endpoint documentation, using just the default values (read-only for org, full access for network) and it just blows up. Curious. ... View more

Re: Granting technicians port-level configuration access

by Crocker in Dashboard & Administration
‎09-13-2022 07:25 AM
‎09-13-2022 07:25 AM
I'll give that a try and see how it plays, good suggestion.   Honestly was hoping I could use a network tag to tie the switchport modify privileges to a subset of networks to put a nice little bow on this, but when I try to do that I don't see the switchport access tag as an option...bummer. ... View more

Granting technicians port-level configuration access

by Crocker in Dashboard & Administration
‎09-12-2022 04:06 PM
‎09-12-2022 04:06 PM
I'm looking to allow our help desk techs to adjust non-trunk switchports. For example, swapping VLAN assignments when moving different bits of hardware around (phones, desktops, printers, etc).   I see that we can create a switchport tag, and grant that tag the ability to modify switchports. With an API script, I can determine if a port is an Access or Trunk port, and assign the tag appropriately. I see that the switchport tag privilege propagates to all networks, which is great; However, I don't see an immediately obvious way to grant a user (or a SAML role) the privilege across the across the board. It appears that I have to add this privilege for each network within our organization to that user (or SAML role)?   Am I missing something obvious? ... View more
Labels:
  • Labels:
  • Administrators

Re: Detailed traffic logs on Meraki

by Crocker in Security / SD-WAN
‎09-07-2022 04:01 PM
‎09-07-2022 04:01 PM
100% agree. Being told to use third party products just to see rule blocks is a cop-out. ... View more

Re: Vulnerability Scanner and Meraki MX

by Crocker in Security / SD-WAN
‎09-07-2022 12:20 PM
‎09-07-2022 12:20 PM
I have the same question. We're looking at enabling IDS/IPS on our AutoVPN spoke MX's, but that has the adverse effect of bricking the vulnerability scans against clients/devices behind the spokes. The only exceptions I thought I saw were for particular rules, rather than particular IP's. ... View more

Re: JQuery 1.2 < 3.5.0 Multiple XSS vulnerability

by Crocker in Switching
‎09-07-2022 10:35 AM
‎09-07-2022 10:35 AM
We bumped into this after our first Nessus vulnerability scan against the first few Meraki devices (MR33's and MX67C's) we implemented circa 2020. I can't remember if we reached out to Meraki support about it or not, but our workaround/permafix was to disable the Local Device Status Page across the board.   You can temporarily re-enable the Local Device Status Page if/when you need it. ... View more

Re: MS120/802.1X - Weird Critical Auth Behavior

by Crocker in Switching
‎08-19-2022 04:06 PM
‎08-19-2022 04:06 PM
Ran low on time so didn't get to do as much testing as I wanted; However, I did work with support today and was able to reproduce the issue by blocking comms between the switch and NPS via FW rule. With the comms interrupted, the port went into critical auth state as expected.   VLAN 10, the workstation VLAN, worked just fine - full open as expected; However, the support rep on the line mentioned that the phone appeared to come up in VLAN 10 instead of 20 (voice vlan - also, the dashboard showed it on 20). He ran a capture and mentioned he could see the phone attempting DHCP (unsure if it was doing this on VLAN10 or VLAN20) and getting no response. The workaround for this is to remove the 802.1X access policy from the switchport...   Additionally, once communications between the switch and NPS server were restored, the port stuck in critical auth mode and did not recover. We verified comms between switch and NPS via the radius test button in the access policy. This appears to be a known issue/is with development for resolution. The workaround for this is to remove the 802.1X access policy from the switchport, and then re-apply it.   If any of the Meraki folks that haunt the forums want to take a glance, this is case # 08412961. ... View more

Re: Idle timeout broken

by Crocker in Dashboard & Administration
‎08-18-2022 08:39 AM
2 Kudos
‎08-18-2022 08:39 AM
2 Kudos
Tossing my hat in on this as well. Super minor gripe, but it's something that's bothered me for awhile now.   Also...is it just me or is the session timeout kind of hit or miss in general? Anecdotally, I've left the Dashboard open/inactive in another tab for what I'm sure was longer than our timeout and not been prompted to re-login. I've also left the dashboard open/inactive in another tab for less than our timeout and been prompted to re-login. I'm pretty sure I've also seen one tab timeout while another tab did not. ... View more

Re: MS120/802.1X - Weird Critical Auth Behavior

by Crocker in Switching
‎08-15-2022 09:00 AM
1 Kudo
‎08-15-2022 09:00 AM
1 Kudo
Yup, I've got an open case with Support at the moment. They grabbed what they could, but need some real-time examples.   These are all MS120 switches   After some research/poking about last week, I've got a bit more information. First and foremost, this seems to surface if the remote network has had any sort of WAN/AutoVPN disruption. From what I've gathered, once a port has gone into crit auth mode, it seems to stay 'stuck' in that state until the 802.1X access policy is removed & re-applied. I suspect a switch reboot would also resolve.   Going to do some on-site testing with a test network (MX67 + MS120) on Wednesday. Pretty confident I can reproduce this by simply pulling the WAN connection for the MX and connecting a workstation to a switchport with the 802.1X access policy. Or using an MX FW rule to explicitly block traffic between the MS120 and the NPS/Radius server.   Will follow-up once this is done. ... View more

Re: MS120/802.1X - Weird Critical Auth Behavior

by Crocker in Switching
‎08-11-2022 11:59 AM
‎08-11-2022 11:59 AM
The switches in question are running 14.33, I'm gonna go ahead and bump them to 14.33.1 tonight and see if the weirdness goes away before taking this much further. Want to see if that has any impact on these things getting 'stuck' in critical auth, or if it at least fixes the issue with the Voice VLAN not failing open when in a crit auth state.   I'm using separate Data and Voice VLANs (ID's 10 and 20, respectively), though. ... View more

Re: MS120/802.1X - Weird Critical Auth Behavior

by Crocker in Switching
‎08-11-2022 10:00 AM
‎08-11-2022 10:00 AM
14.33 - That's a good call, hadn't even thought to check the 14.33.1 release notes. I (now) see a mention in there about NAC enhancements, is there anywhere I can look to see what that actually means? ... View more

MS120/802.1X - Weird Critical Auth Behavior

by Crocker in Switching
‎08-11-2022 09:47 AM
‎08-11-2022 09:47 AM
I've deployed 802.1X, backed by two Microsoft NPS servers, across our environment over the course of about a month. Mostly works exactly as expected; However, I've run into a couple odd issues regarding Critical Authentication.   In at least two instances, I've had switches go into Critical Auth even when the NPS servers are available. Additionally, while in Critical Auth, the Data VLAN fails open just like I want it to; However, the Voice VLAN doesn't appear to do so. The tell is that a workstation connected through a phone (Mitel series 5330e's, generally speaking) works just fine in this state, but the phone itself never pulls a DHCP address like it ought to. Removing the 802.1X access policy from the switchport gets the phone working again.   Any obvious noob traps come to mind? ... View more
  • « Previous
    • 1
    • 2
    • 3
  • Next »
Kudos from
User Count
Steven_Johnson
Meraki Employee Steven_Johnson
1
Brian_Scheele
Brian_Scheele
1
BlakeRichardson
Kind of a big deal BlakeRichardson
4
GiacomoS
Meraki Employee GiacomoS
1
Gineesh
Gineesh
1
View All
Kudos given to
User Count
GeorgeMokdessi
Meraki Employee GeorgeMokdessi
1
cmr
Kind of a big deal cmr
1
RaphaelL
Kind of a big deal RaphaelL
2
PhilipDAth
Kind of a big deal PhilipDAth
2
rabusiak
rabusiak
1
View All
My Accepted Solutions
Subject Views Posted

Re: 403 Forbidden with Update Network Appliance Firewall L3 Firewall Rules

Developers & APIs
186 2 weeks ago

Re: Meraki MX API - Update Network Appliance Firewall L3 Firewall Rules wit...

Developers & APIs
274 ‎07-14-2022 08:05 AM

Re: Z3C with Verizon

Security / SD-WAN
875 ‎02-01-2022 07:28 AM

Re: SNMP monitoring of MX VPNs

Dashboard & Administration
1095 ‎01-20-2022 02:13 PM

Re: Anyone tested site-to-site VPN on Starlink

Security / SD-WAN
13330 ‎05-21-2021 03:48 PM
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Anyone tested site-to-site VPN on Starlink

Security / SD-WAN
7 13330

Solarwinds Product Team actively seeking Meraki MX SNMPwalk results

Security / SD-WAN
6 372

Access Point (MR) licenses missing from Dashboard?

Dashboard & Administration
5 1208

Re: Z3C with Verizon

Security / SD-WAN
3 875

Re: SSID Spoof Logging?

Wireless LAN
3 896
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki