Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About merakiinsanity
merakiinsanity
Here to help
Member since May 5, 2021
Dec 4 2023
Community Record
15
Posts
8
Kudos
0
Solutions
Badges
Mar 13 2023
3:56 AM
Hi We have an SSID that uses a WPA2 PSK. However Windows 10 and 11 clients can't connect to it. Dashboard says that authentication is failing due to a 'bad password' even though we're copying and pasting the wassword from the dashboard. Other clients such as iOS devices and connect fine. This is regardles of whether the SSID is hidden or broadcasting. I can confirm that there aren't any GPOs or InTune policies preventing clients connecting to unauthorized SSIDs, or any specific SSIDs being blocked. Happens on both on-prem AD joined and Azure joined clients, but seemingly only Windows 10 and 11. All other SSIDs can be connected to fine. Any ideas?
... View more
Sep 22 2022
3:13 AM
1 Kudo
After a morning of investigation, it looks like its a bug in the latest version of Edge from the 22H2 Windows 11 update. After filtering the switches a few times, they all start displaying properly.
... View more
Sep 22 2022
1:45 AM
1 Kudo
Hi Came into work this morning to find the following. Has anyone else seen this before? There doesn't appear to be any downstream issues caused by it from the clients or APs but something is obviously wrong. Also APs themselves are fine, just appears to be switches effected. I've checked the firewall rules and all are in compliance with the rules stated in the Dashboard.
... View more
Labels:
- Labels:
-
Other
Jul 28 2022
4:35 AM
As an FYI... Did a sneaky reboot of our Watchguard firewall that I performed a OS update on from 12.8 to 12.8.1 overnight. Can access the Meraki Dashboard now. ¯\_(ツ)_/¯
... View more
Jul 28 2022
1:54 AM
2 Kudos
It's working for me over by mobile phone on 5G so it's must be something internal. Trying to track it down now.
... View more
Jul 27 2022
11:11 PM
Hi I'm getting a timeout when trying to get onto the the dashboard at n440.meraki.com Anyone else in the same boat?
... View more
Labels:
- Labels:
-
Other
Jun 20 2022
2:58 AM
Found that it produces an Assertion Error exception with the following value: "stpGuard" cannot be "dkgfjh", & must be set to one of: ['disabled', 'root guard', 'bpdu guard', 'loop guard'] Exactly this info I was looking for. Thanks a lot for your help!
... View more
Jun 20 2022
2:27 AM
1 Kudo
Ahh sweet, I'll certainly have a look. Thanks
... View more
Jun 20 2022
2:22 AM
Thanks for the reply. The check is mainly for console feedback and logging. I was hoping that if an incorrect value was given for a key in the switch_port_conf dictionary (e.g. 'stpGuard': 'asdfg'), a response would be given indicating this as the reason that the update was unsuccessful. This would then be fed back to the user via the console or log file. I suppose I will just have to put the print statements inside an "if new_port_config:" statement. Currently it's in a Try block which gives a NameError exception if the new_port_config variable isn't there. This is more of the code for more context: for port in switch_ports[1:2]:
if port['type'] == 'access':
# New port configuration change
switch_port_conf = {
'rstpEnabled': False,
'stpGuard': 'bpdu guard'
}
# Update switchport with new config
try:
new_port_config = dashboard.switch.updateDeviceSwitchPort(switch['serial'], port['portId'], **switch_port_conf)
except meraki.APIError as e:
meraki_error(e)
except Exception as e:
other_error(e)
# if the port update was successful display the new config from the update response
try:
if new_port_config['rstpEnabled'] == switch_port_conf['rstpEnabled'] and new_port_config['stpGuard'] == \
switch_port_conf['stpGuard']:
print(f"New Configuration updated on port {port['portId']} on {switch['name']}:")
print(f"\tRSTP Status: {new_port_config['rstpEnabled']}")
print(f"\tSTP Guard Mode: {new_port_config['stpGuard']}")
else:
print(f"Failed to update config on port {port['portId']} on switch {switch['name']}.")
print(f"Current configuration:")
print(f"\tRSTP Status: {port['rstpEnabled']}")
print(f"\tSTP Guard Mode: {port['stpGuard']}")
except NameError as e:
print(f"Update failed on port {port['portId']} on switch {switch['name']}")
... View more
Jun 20 2022
12:46 AM
Hi When running the following code, if the update was successful, I get the expected JSON response of the port configuration as it is after the update was successful. However, if the update wasn't successful, for example I get the stpGuard option an invalid option, the new_port_config variable doesn't get create. Can I presume then, that there is no response if the update was unsuccessful and therefore I only need to check that the new_port_config exists, rather than checking against any articular content of the response? for port in switch_ports[1:2]:
if port['type'] == 'access':
# New port configuration change
switch_port_conf = {
'rstpEnabled': False,
'stpGuard': 'bpdu guard'
}
# Update switchport with new config
try:
new_port_config = dashboard.switch.updateDeviceSwitchPort(switch['serial'], port['portId'], **switch_port_conf)
except meraki.APIError as e:
meraki_error(e)
except Exception as e:
other_error(e)
... View more
Mar 18 2022
2:39 PM
Hi Our network doesn't really require much change but I'm wanting to expand my script portfolio for future jobs I may go for. I was hoping I could get some ideas for them from some of the scripts that you may have done. I'm not looking for the actual code, just ideas for functionality and maybe scenarios where they've been useful.
... View more
May 8 2021
12:05 AM
Hi I've started learning the Meraki Python API and been going through the following example from the library: https://github.com/meraki/dashboard-api-python/blob/master/examples/org_wide_clients_v1.py I've changed to base_url to https://api.meraki.com/api/v1 I have two networks in use. For the first network I get a Timeout error, but not for the second network. I've tried increasing the single_request_timeout parameter to various value from 90 up to 300 seconds. I've also reduced the perPage parameter of the getNetworkClients call down to 100 from 1000. Even with perPage as 100, I successfully get the first page shown by: 2021-05-08 07:54:05 meraki: INFO > networks, getNetworkClients; page 1 - 200 OK But each subsequent call produces the following: 2021-05-08 07:55:05 meraki: WARNING > networks, getNetworkClients - HTTPSConnectionPool(host='n121.meraki.com', port=443): Read timed out. (read timeout=60), retrying in 1 second However, once it moves onto the 2nd network, regardless of what single_request_timeout or perPage parameters I use, every page is successfully retrieved. Does anyone have any insight why the 1st network fails but the 2nd one is succeeding?
... View more
Labels:
- Labels:
-
Dashboard API
May 6 2021
12:10 AM
I've had to expand 2 rules on my Watchguard's, into 6 rules on Meraki. Although I could put the 3 port TCP range for Avaya into the rule above. I've also noticed that you can't put subnets from the Switch Routing & DHCP, or even the VLANs configured on the MX itself, into the source of the firewall rule, so I've created a Network Object for it so if I need to update the subnet, I'l just have to update the Switch subnet and remember to do the Network Object
... View more
May 5 2021
10:33 PM
2 Kudos
Hi again Our org uses a cloud platform that requires destination UDP ports 10000-60000 to be open to their ip range. Unfortunately, Cisco hasn't given the ability to enter ranges (for both ports and IPs other than CIDR) for some reason known only to themselves. Before I do something I really don't want to do, namely allow any port number, is there some other way I can tell the rule to only look at port 10000-60000 without having to put in 10000, 10001, 10002 etc etc. Even then, I'm sure I'll hit a limit at some point. This seems like really basic functionality that should be catered. EDIT: Ok, so I've found a workaround. It seemingly can't cope with having a range in a list. So I can have 10000-60000 in it's own rule, but having 3478, 10000-60000 is beyond its capability. Have to have a separate rule for port 3478, despite it all being UDP. Apologies if I sound frustrated, it's because I'm extremely frustrated.
... View more
May 5 2021
1:36 AM
1 Kudo
Hi I'm in the process of migrating from a couple of Watchguard's to a couple of MX450s. I'm looking at utilising the L7 firewall rules but have become utterly confused. Unless I'm total out-of-date, best practice for firewall rules is to have a catch-all deny rule at the bottom of the ACL, so you deny everything except for traffic you explicitly allow. L7 firewall rules only come into play on MXs if the traffic has been allowed by L3, at which point L7 can deny it. However, surely, if you have a catch-all deny rule as is best practice for firewalls, the L3 rule will be denying a lot of these services anyway. What would be infinitely more useful would be being able to configure *allow* rules at L7, so that if the traffic is denied at L3 based on non-wellknown port number for example, it then allows it through at L7 because it matches that particular service.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 607 | |
| 2 | 1804 | |
| 1 | 1170 | |
| 1 | 1182 | |
| 1 | 1048 |
© 2024 Cisco Systems, Inc.
