Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About LontzroV
LontzroV
Here to help
Member since Jan 28, 2021
Jan 30 2024
Community Record
17
Posts
6
Kudos
2
Solutions
Badges
I'm aware. Even if client and AP have to be within half a meter of height at 50m distance, if I get farther coverage I'm game for a flatter signal pattern (from a higher gain antenna). Hence I'm testing these. But it seems they just aren't working as they should. I posted here to see if I'm missing something obvious, but it seems you all know what I know, and surely these particular antennas aren't a way forward. Thank you all for engaging though!
... View more
Yep, that's the pain. And that is just 1 of 4 sites (it is greenhouses and open growing spaces). We actually have 6 units on that property now (you can imagine the inconsistent experience), but before I started in this company there were just two... I have no words. When I explain how far off we still are from an actual robust coverage, the numbers are always the impossible hurdle. We'd need at least 12 get things properly covered. So I was hoping to find a way to get more signal out of the existing APs, since the number of clients and throughput requirements are quite low. But it's not to be I guess.
... View more
Thanks for the input! @rhbirkelund I'm testing the signal exactly perpendicular to the antennas. Even then they're slightly worse than ANT-20. Maybe they're just junk after all. @UKDanJones I'm not sure how I can cover 20+ acres with directional antennas effectively. To cover all areas I'd need a few spots with many antennas pointing in 45 degree offset directions, requiring multiple APs to service the antennas. In that case I might as well spread the APs themselves out (at least according to my limited understanding). But I can appreciate how the signal pattern is much more predictable. Maybe I'll get one just to experiment with it.
... View more
To add more context: I'm mainly interested in boosting the 5GHz band, so as not to cause more CCI on the 2.4 GHZ band. I've created a SSID specific for testing the antennas, that is only available on the APs that test the antennas. I've also created a RF Profile that disables all SSIDs on the 2.4GHz band, and sets the 5GHz band to a TX power of 10 dbm. In the logs I can't see any changes to the TX power, so the AP does not seem to throttle the TZ power with the higher gain antennas present - or at least there are no logs of that happening. These antennas seem to be pretty high quality. To my knowledge Alfa is a reputable vendor, and each antenna shipped with a printout of its tested RF patterns (unique to each antenna, slight variations). I'm dumbfounded as to why the signal is worse, not better.
... View more
Hello, Our WiFi network is intended to cover large outdoor spaces. I understand the best way to increase coverage is to deploy more APs, but in our case the number of clients is relatively low and the requirements for throughput too. So I'm wanting to upgrade the existing access points with higher gain antennas to black holes between access points. I got 4 Alfa AOA-2458-79-AM antennas and I've tested them on an MR76 and on a MR86 AP. In both situations the signal levels with the Alfa antenna are worse than with the MA-ANT-20, and that's despite the Alfa being 7/9 dbi whilst the MA-ANT-20 is 4/7 dbi gain. I'm testing on a level plane with the antennas, so the decreased vertical beamwith should not be the issue. What am I missing? Does anyone have similar experience or found a way to boost the signal of MR access points?
... View more
Labels:
- Labels:
-
Other
Dec 11 2023
8:25 AM
Yeah I get that banner, but it just says "1 firewall rule will be removed", but does not identify it. So am I warned that a firewall rule will be deleted? Sure. But it seems like this wasn't designed well. I presume everything is working as intended though, so I will close the thread. My final comments to Meraki: 1. If there's a warning, please be more specific in that warning (which firewall rule/s?, Source or Dest?, etc) 2. Additional to a more specific warning, it would be great if the dashboard could just edit the rule in question and take out the offending subnet. Will also submit these thoughts through the dashboard. Thank you everyone!
... View more
Dec 8 2023
2:15 PM
2 Kudos
Ok, I may have to eat some humble pie here. I'm back to experimenting with this, but now I only get the above message when there is indeed a rule that references the VPN subnet. Either that suddenly changed or the subnet was indeed referenced in a rule and I repeatedly didn't catch it. However, there is still a lingering issue for me here. Consider this firewall rule: The rule includes the VPN subnet in the list of sources but alongside another network. If I change the VPN subnet, I get the "firewall rule will be removed message", and if I follow through, this rule is deleted. It does not delete the subnet from the rule or update it - it just bins the whole rule. I tried defining the VPN subnet as a CIDR entry as well as via GPO, but the result is the deletion of the firewall, rule even if the deletion wrecks connectivity for other subnets in the process. That seems poorly thought through to me unless I'm missing a piece of the logic here. Especially if the VPN subnet can't be changed without this consequence. Is this expected behaviour? (I know the workaround would be to skim through and pluck the VPN subnet from all firewall rules first and then change it, but this behaviour still doesn't seem like a good process. It doesn't even specify which firewall rule it is going to nix, which would be more helpful at least)
... View more
Dec 8 2023
9:57 AM
Hey guys, I'm having a hard time wrapping my mind around this one. I changed the VPN subnet for one of our sites, after which I got a pop-up banner at the top of the dashboard saying: "The settings you requested require confirmation. Please review the following list: * 1 firewall rule will be removed because they longer contain any valid entries." This is weird because the VPN subnet is not referenced in any of the firewall rules. I opted to confirm the changes, assuming since there are no rules specific to this subnet, there wouldn't be any changes. Boy was I wrong. The dashboard flatout deleted a firewall rule and the whole site was cut off from the internet until I was noticed what had happened. I can reproduce this behaviour consistently. Can somebody explain this to me? Why can't I change the VPN subnet without the dashboard deleting an unrelated firewall rule? I'm a bit concerned about this behaviour.
... View more
Jun 14 2022
4:11 PM
2 Kudos
Hm. Let's assume a VIP setup... If the Modem is in passthrough: I'd need 3 public IP addresses (MX1, MX2, VIP) If the Modem is NATed: I'd need 1 public IP (on modem) and 4 private IPs (Modem, MX1, MX2, VIP) in a dedicated WAN VLAN. Modem configured to forward traffic to VIP. Is this correct?
... View more
Jun 14 2022
1:11 PM
We currently have a single MX in our topology, but would like to upgrade to an HA deployment. I have some vague memories around VRRP but get a little confused with the WAN configuration. I've devoured the Meraki documentation on the HA feature, and this is what I am left with. Facts: - Currently our ISP modems are set to 'passthrough', meaning the public IPs are physically assigned to the MX - One ISP is a cable provider who also provides us with a static public IP (set as static on MX) - The other ISP is a cellphone carrier which we access through a MG21E modem Questions: 1. For the HA setup to work, does the modem need to own the public IP instead of the MXs? I assume this, given that at least a VIP setup requires non-public IPs on the WAN interfaces. If we ditched VIPs, could the modems remain in 'passthroug' mode? 2. It is recommended to use VIPs to make failovers as seemless as possible. What exactly makes a non-VIP setup less seemless? Would not the secondary MX take on the static IP settings from the primary, and thus start to communicate with the modem imitating the primary? 3. Why do some people suggest we need multiple public IPs for the VIP solution to work? Assuming modem owns the public IP and forwards relevant traffic to the VIP shared between the MXs, why would we need 3 public IPs per ISP (I've seen people suggest that each MX requires a public IP as well as the VIP interface - how can an IP need an IP?) 4. Can HA even work with an MG21E? I know the MG21E has two lan ports, so perhaps it can work withoug a VIP setup. But I seem to be unable to create internal subnets and VLANs on the gateway- so a VIP setup seems impossible for sure...? Probably not great to ask 4 questions at once, but I assume some answers will have bearing on all three. Any info/suggestion/clarifcation will be of help!
... View more
Nov 29 2021
11:35 AM
Thanks for sharing your experience, that might be something for us to consider for the long run.
... View more
Nov 26 2021
9:05 AM
Good day everyone. Our company is comprised of 4 sites, with the main site hosting most of the webfacing resources. The problem we have is that there is only one ISP who offers wired internet (rural setting); that being our primary uplink. Our backup internet currently consits of an MR modem uplinking to the cellular network, although we are also considering Starlink. However, both of those solutions are are problematic for us due to their implementation of CGNAT. Looking for a way around this issue I came across vMX. I picture incorporating the vMX in our VPN infrastucture as a hub and then have the hostname of our main site resolve to the vMX public IP. From there I would add the main-site MX as a spoke to the vMX hub. Is the above outlined setup realistic? How could traffic be addressed to local servers on our main site if their subnet is not configured on the vMX? Can vMX be used for this purpose or am I way off? Any feedback or input appreciated!
... View more
Feb 1 2021
11:02 AM
Thanks Bruce! What you're saying makes sense. I will try moving the default gateway to Vlan 5 later this week. What puzzles me though is that clients in Vlan 1 are able to ping/access the switch interfaces on Vlan 5. This must be through the MX since no other device on site has routing enabled currently. So I'm having a hard time wrapping my mind around how the MX is routing traffic between Vlans 1 and 5, as well as Vlan 1 and the VPN, but apparently not between vlan 5 and the VPN, even though Vlan 5 is included. This is why I posted here, thinking it must be an issue on the MX. Just clarifying: Vlan 5 is intended for management but is not yet set to 'management', so it currently behaves like any other Vlan. I'm waiting until I can successfully access the switches on Vlan 5 before I restrict management traffic to that Vlan.
... View more
Jan 29 2021
1:19 PM
Until now we have managed our switches from the default vlan (1). I have now created vlan 5 on 2 switches (the first is connected directly the the MX and the second links into the first switch). Both switches have SVIs in Vlan 1 (used until now) and in Vlan 5. On the MX both Vlans are vpn-enabled and tagged to the corresponding MX port. On the first switch both Vlans are tagged to the port that connects to the MX (trunk protocoll), and to the uplink to the second switch. Both switches have the Vlan 1 interface of the MX as default gateway MX: Vlan 1 10.4.0.1 Vlan 5 10.5.0.100 First Switch: Vlan 1 10.4.0.2 Vlan 5 10.5.0.1 Gateway 10.4.0.1 Second Switch: Vlan 1 10.4.0.8 Vlan 5 10.5.0.2 Gateway 10.4.0.1 Over the vpn: I can access both switches on their Vlan 1 interface/ip I cannot access either switch on their Vlan 5 interface/ip From a local computer: I can access both switches on both Vlan interfaces/ip
... View more
Jan 29 2021
9:10 AM
Hey Bruce. We use HP Aruba switches. The default gateway on the switches is pointing to the vlan 1 interface on the MX. Vlan 1 is included in the vpn.
... View more
Jan 28 2021
2:49 PM
Hello everyone, this is my first inquiry here. I am having trouble setting up a management VLan on one of our sites. We have Meraki appliances on all our sites (Site A = MX100, Site B = MX80) connected via vpn in hub-mode. The appliance on site A is in single Lan mode (flat network on that site, no static routes into any subnets), and Site B is in Vlan mode. The switch interfaces are currently still in Vlan 1. I have created a management Vlan on Site B (Vlan 5) on the appliance and on the Switches - the switches also have ip interfaces on that vlan). Vlan 5 is also enabled on the VPN. Locally on site B I can access those switch interfaces in Vlan 5. However, I cannot access them remotely from site A. From Site A (MX100 single Lan) - I can ping the Vlan 5 interface on the Site B appliance - I cannot ping or access the switch interfaces in Vlan 5 From Site B (MX80 vlan mode) - I can access the switch interfaces in Vlan 5 - I can ping the vlan 5 interface on the appliance - I can even ping my computer at Site A from which I intend to manage the Switches. So it works that way, but not from My computer to the switches at the remote site. We have few and basic firewall rules at both sites. The traffic should not be blocked. Just in case I added "allow any" rules on both sites but no success - but then, I also know that firewall rules don't apply to vpn. There are no blocking rules of any kind in the site to site vpn settings. What am i missing? Any pointers are apreciated!
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 1463 | Jun 14 2022 4:11 PM | |
| 5220 | Feb 1 2021 11:02 AM |
My Top Kudoed Posts
© 2024 Cisco Systems, Inc.
