Meraki

Community

About Peter-Loyen

Re: WE Need IPV6 Support in MX

by Kind of a big deal in Security & SD-WAN
‎Sep 18 2021 1:25 PM
‎Sep 18 2021 1:25 PM
I'm guessing EE have got IPv6 to IPv4 working properly then, which is good 👍 ... View more

Re: Does Meraki MX Supported LAN VRRP?

by in Security & SD-WAN
‎Sep 7 2021 5:29 AM
‎Sep 7 2021 5:29 AM
I use a dedicated heartbeat/VRRP connection between MX nodes when the LAN network is not managed by us but by a 3rd party (i.e. the customer). The LAN is then an untrusted network with no visibility or management capabilities. The dedicated connection is using a separate vlan (access port). Whatever happens on the unmanaged LAN is not taken into consideration to trigger a failover but the WAN interfaces will ALWAYS trigger a failover. If the MAIN MX looses a WAN interface, there will be a failover to the SPARE MX.   Tested and working ... View more

Re: Systems manager VPN options

by Kind of a big deal in Mobile Device Management
‎Jul 27 2021 2:17 PM
‎Jul 27 2021 2:17 PM
Systems Manager supports L2TP, IPSsec and Cisco Anyconnect.     ... View more

Re: Low to none 4G LTE capabilities on SDWAN, Any improvements coming?

by in Security & SD-WAN
‎Jun 4 2021 5:16 AM
‎Jun 4 2021 5:16 AM
I definitely see your point for 50+ sites. Have you looked at the Inseego Skyus 160? We used the Inseego SA2100 (previous model) and I don't believe you need a license for that. We just replaced our SA2100s that worked for us for years with the MG21 for better integration with the Dashboard, but they are still working without issue. https://inseego.com/products/enterprise/skyus-160/ https://www.tessco.com/product/sa2100-at-t-3g-4g-lte-gateway-telemetry-bundle-222571 ... View more

Re: Using uplink ports to connect switch

by Kind of a big deal in Switching
‎Feb 12 2021 2:38 PM
‎Feb 12 2021 2:38 PM
This smells like it could be a spanning tree issue.  I'd follow @Bruce 's suggestions first.   Do any of the switch logs report anything interesting?   Make sure to use MST on the Catalyst switches.  Which switch have you made the root of the spanning tree? ... View more

Re: about a Smart breakout

by in Security & SD-WAN
‎Feb 12 2021 3:24 AM
2 Kudos
‎Feb 12 2021 3:24 AM
2 Kudos
Let’s start at the beginning: there are two ways that the Auto-VPN can work, either Full Tunnel or Split Tunnel. In Split Tunnel mode traffic is only encrypted into the VPN tunnel if it’s destined for a subnet advertised by another node on the Auto-VPN. In Full Tunnel mode all traffic leaving the site is encrypted into the VPN tunnel and sent to the hub site, where it is then decrypted and forwarded on. The VPN Full Tunnel Exclusion (breakout) applies only to the Full Tunnel mode and allows you to exclude specific destinations from the full tunnel.   For your scenarios:   In the initial one you could use Split Tunnel mode so that only traffic destined for an internal subnet is sent over the VPN on the MPLS link, and then use an Internet Flow Preference to send all internet traffic over the direct internet link on the second WAN link. There is no need to use the Full Tunnel Exclusion (breakout). If you do use a Full Tunnel and an Exclusion the internet traffic would be sent based on the Internet Flow Preferences. Incidentally you could also send the internet traffic unencrypted across the MPLS link so it is sent via the hub, and you could also use a VPN Tunnel over the direct internet link, these could be for failover of flow/performance based - this is the essence of a SD-WAN solution.   The the second scenario, as you say, is straightforward. You can use Split Tunnel or Full Tunnel, and if you do Full Tunnel you could use the Full Tunnel Exclusion (breakout) feature.   For the third scenario to work (which also applies to the MPLS link in the initial scenario) there must be a path to the internet from the MPLS underlay, not just the overlay. This scenario is pretty much as you describe, all traffic goes to the exit hub, the difference will be whether it is encrypted or not which has an impact on the CPU/utilisation of the MX device. Internet traffic will still be passed over the MPLS link in Split Tunnel mode or with a Full Tunnel Exclusion (breakout), it will just be unencrypted, it would not be dropped. Although if you wanted to you could configure the underlay to drop this traffic, so long as there is still access to the Meraki cloud.   Hope this explains it a bit more.     ... View more

Re: IGMP Querier purpose in an IPTV setup

by in Switching
‎Feb 5 2021 1:05 AM
1 Kudo
‎Feb 5 2021 1:05 AM
1 Kudo
Hi,   I finally got it properly working. changes I've made: igmp querier and BCC server in same vlan and subnet, Although the latter is not really a hard requirement, but better to do anyhow. More important and very obvious but easy to overlook, disable unknown multicast stream flooding on all switches. 🙂 Tracing shows, clients need to explicitly join the streams and block these when leaving/changing the stream. it is all IGMPv3.   What I do lack is a proper overview of the clients joining particular streams. Meraki is currently the only switch vendor not showing this. I made a request to Meraki to have this incorporated in the Meraki features.   Thanks to all for your feedback ... View more

Re: MX 100 throughput per tunnel

by Kind of a big deal in Security & SD-WAN
‎Jan 28 2021 1:39 PM
2 Kudos
‎Jan 28 2021 1:39 PM
2 Kudos
If you had one site putting pulling as much bandwidth as it could and 83 sites doing nothing - that site would get 500Mb/s.  However your spokes have an MX64 class device, which can do 100Mb/s, so it would actually be limited by the spoke to 100Mb/s.   If you had two sites putting pulling as much bandwidth as they could and 82 sites doing nothing - those two sites would get 250Mb/s each.  However your spokes have an MX64 class device, which can do 100Mb/s, so it would actually be limited by the spoke to 100Mb/s.   If you had three sites putting pulling as much bandwidth as they could and 81 sites doing nothing - those three sites would get 166Mb/s each.  However your spokes have an MX64 class device, which can do 100Mb/s, so it would actually be limited by the spoke to 100Mb/s.   If you had 84 sites using RDS each only able to pull 1Mb/s each because that is all that RDS is needing, then each site would get 1Mb/s (well under the total of 500Mb/s).     If all 84 sites were able to pull as much bandwidth as they could then they would get 500/84 - just under 6Mb/s each.     Unless you are doing something that saturates bandwidth constantly, like video surveillance, you can typically oversubscribe the sites as they won't be able to pull as much bandwidth as they can - they'll only pull enough bandwidth to complete the jobs they are trying to do.  You would have to measure that number yourself for your own network.   Let's pretend you are using a 20:1 oversubscription ratio.  Each site would get an average of just under 30Mb/s. ... View more
My Top Kudoed Posts
© 2024 Cisco Systems, Inc.