Meraki

Community

About ErnstTFD

Intermittent internet for one device only

by in Security & SD-WAN
‎Aug 21 2024 3:53 AM
‎Aug 21 2024 3:53 AM
OK, so I'm completely stumped here. I need help.   I have around 140 users on my Meraki MX64 with a 100Mbps up/down fibre network connection. Only one of my users has this problem.   This user has a Dell XPS 13 9310 laptop with Windows 11 installed. They use a J-Create JCD542 docking station's RJ-45 port to connect to the network.   Problem: The user has intermittent internet. However the local network is not intermittent.   To clarify, if I ping my local NAS drive (that is connected on the same switch as my Meraki MX64) then there is no packet loss. If I ping 8.8.8.8, then I have packet loss. If I connect another laptop on the same lan cable, the packet loss to 8.8.8.8 goes away. If I move the XPS laptop to a different lan connection, I still get packet loss to 8.8.8.8. Also if I connect the XPS to a D-Link router with 4G mobile internet via the same docking station, then the packet loss to 8.8.8.8 goes away. I have also tried a two other docking stations with the XPS and the packet loss still occurs when connected via the Meraki.   So the problem is not (as far as I can tell): a) The network or the local lan cable, that works perfectly if another laptop is connected. Also the problem persists if the XPS user connects to the network at a different location. b) The docking station, we have tried 3 different docking stations. Also the docking station is not intermittent when on a 4G router.   What I have done to try to fix the problem: 1) I have moved the user to a group policy with no restrictions. 2) I have changed the IP assignment of the user. 3) I have uninstalled the network driver in device manager and rebooted the laptop. 4) I have tried the Windows 11 internet connection troubleshooter, that found no problem. 5) I have tried these commands: netsh winsock reset netsh int ip reset ipconfig /release ipconipconfig /flushdnsfig /renew 6) In windows 11 I did: Settings > Network & internet > Advanced network settings > Network reset   Nothing works, the internet connection remains intermittent for this one user on this one laptop and nowhere else. I add a screenshot of how we ping a local NAS with no packet loss and 8.8.8.8 with packet loss at the same time.     ... View more

Re: Block Linkedin

by in Security & SD-WAN
‎Jul 10 2024 7:27 AM
2 Kudos
‎Jul 10 2024 7:27 AM
2 Kudos
I in fact did this. Blocked professional networking and added the *linkedin.com rule. Works well. ... View more

Block Linkedin

by in Security & SD-WAN
‎Jul 10 2024 6:03 AM
‎Jul 10 2024 6:03 AM
How to best block the use of LinkedIn with a group policy? Is there a layer 7 rule? If so in what category is it? If not any suggestions? Thanks. ... View more
Labels:

Re: How to get rid of annoying maintenance notification.

by in Security & SD-WAN
‎Jun 10 2024 2:14 AM
‎Jun 10 2024 2:14 AM
Will do. Thanks. ... View more

How to get rid of annoying maintenance notification.

by in Security & SD-WAN
‎Jun 10 2024 12:37 AM
‎Jun 10 2024 12:37 AM
Hello,   The whole of last week I had to click on the maintenance notification for 6th of June every time I opened my Meraki dashboard. Then on the 7th, the notification for the 6th still showed up as well as a new one about the 7th. These have now gone, but today there is a new notification about the 23 of June popping up. This is very irritating because it does not go away once closed. The notification keeps popping up every time I access my Meraki. Is there no way to click it once and never have to see it again? Or am I going to have to look at it every day repeatedly for the next two weeks?   Thank you for any help if possible. ... View more
Labels:

Re: Using Client VPN to connect to a local NAS drive

by in Security & SD-WAN
‎Nov 2 2022 5:27 AM
‎Nov 2 2022 5:27 AM
Creating the VPN manually without the scripts and the routing, the routing table in windows look like this. (In this case I cannot ping 192.168.1.3 at all).   IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.17.2.1 172.17.2.95 55 41.138.70.14 255.255.255.255 172.17.2.1 172.17.2.95 56 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 172.17.2.0 255.255.255.0 On-link 172.17.2.95 311 172.17.2.95 255.255.255.255 On-link 172.17.2.95 311 172.17.2.255 255.255.255.255 On-link 172.17.2.95 311 192.168.5.0 255.255.255.0 192.0.2.1 192.168.5.118 46 192.168.5.118 255.255.255.255 On-link 192.168.5.118 301 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 172.17.2.95 311 224.0.0.0 240.0.0.0 On-link 192.168.5.118 301 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 172.17.2.95 311 255.255.255.255 255.255.255.255 On-link 192.168.5.118 301 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.1 Default =========================================================================== ... View more

Re: Using Client VPN to connect to a local NAS drive

by in Security & SD-WAN
‎Nov 2 2022 3:37 AM
‎Nov 2 2022 3:37 AM
So I am currently using this tool: https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html   It allows you to enter your desired subnets. This adds routes for those subnets.   I've added 192.168.1.0/24 and 10.5.5.0/24 subnets. After doing this, I can now ping 192.168.1.3 for the first time. However if I enter \\192.168.1.3 in my file explorer is still fails to connect to the NAS. Also I cannot ping 10.5.5.1 or 10.5.5.5. I need access to both of these as well.   The route looks like this when the VPN is connected:   IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.17.2.1 172.17.2.95 55 10.5.5.0 255.255.255.0 On-link 192.168.5.118 46 10.5.5.255 255.255.255.255 On-link 192.168.5.118 301 41.138.70.14 255.255.255.255 172.17.2.1 172.17.2.95 56 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 172.17.2.0 255.255.255.0 On-link 172.17.2.95 311 172.17.2.95 255.255.255.255 On-link 172.17.2.95 311 172.17.2.255 255.255.255.255 On-link 172.17.2.95 311 192.168.1.0 255.255.255.0 On-link 192.168.5.118 46 192.168.1.255 255.255.255.255 On-link 192.168.5.118 301 192.168.5.0 255.255.255.0 192.0.2.1 192.168.5.118 46 192.168.5.118 255.255.255.255 On-link 192.168.5.118 301 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 172.17.2.95 311 224.0.0.0 240.0.0.0 On-link 192.168.5.118 301 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 172.17.2.95 311 255.255.255.255 255.255.255.255 On-link 192.168.5.118 301 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.1 Default =========================================================================== ... View more

Using Client VPN to connect to a local NAS drive

by in Security & SD-WAN
‎Oct 28 2022 2:43 AM
‎Oct 28 2022 2:43 AM
Hello, I have posted before, but either my question was asked incorrectly or no one know the answer on these forums. I will try to put it a straight forward as possible here.   I can successfully log into my Meraki, using client VPN with the vlan 192.168.5.x. In my case the address 192.168.5.118 was assigned to the laptop I'm using to log into the VPN.   On the local network there is a NAS drive on IP 192.168.1.3. When I try to ping this IP from the logged in laptop, the ping fails. Ie. I cannot access the local network connected to the Meraki, from the Client VPN login.   A secondary issue. I have given one of the local PC's on the network connected to the Meraki an address in the VPN subnet: 192.168.5.42. I cannot ping this IP either from the logged in laptop (192.168.5.118).   I've used to different ISP's with two different Public IP's for the VPN connection. In both instances I can connect, but I cannot ping anything.   If I go to Clients page and enter Client type VPN, then nothing shows up. There is no records of any VPN connection.   If your just going to point me to the Meraki help files, don't bother, I've read them all and did everything contained therein.   I need practical step by step assistance at to what I'm ding incorrectly please. Thank you. ... View more

Re: VPN client to access NAS drive on local VLAN

by in Security & SD-WAN
‎Oct 17 2022 5:46 AM
‎Oct 17 2022 5:46 AM
Here you can see I am connected to the VPN, but I cannot trace the VLAN. Here you can see my IP that was assigned by the Meraki VPN, so the connection is live. Here is my settings for the Client VPN, what do you suggest that I change?     ... View more

Re: VPN client to access NAS drive on local VLAN

by in Security & SD-WAN
‎Oct 17 2022 5:29 AM
‎Oct 17 2022 5:29 AM
This is not true: "Client VPN users may access all subnets within the network by default." If it is show me how. I cannot do it. ... View more

VPN client to access NAS drive on local VLAN

by in Security & SD-WAN
‎Oct 17 2022 4:00 AM
‎Oct 17 2022 4:00 AM
Hello,   How do I allow a VPN client with IP adress 192.168.5.118 to have access to a NAS drive located at 192.168.1.3 on the local VLAN?   Note: Meraki does not allow client VPN to use the same subnet/vlan as a local vlan.   Thanks. ... View more

Re: How to allow traffic from VPN vlan to local vlans

by in Security & SD-WAN
‎Oct 17 2022 3:57 AM
‎Oct 17 2022 3:57 AM
I use MAC addresses to add clients to a Group Policy. The VPN connection does not have a MAC adress. How will I add a policy to it? ... View more

Re: How to allow traffic from VPN vlan to local vlans

by in Security & SD-WAN
‎Oct 12 2022 11:59 PM
‎Oct 12 2022 11:59 PM
I've not changed anything in the routing table, it is still on default settings and look like this: I do have several Group policies setup and the laptop in question is configured for one of these policies. But I must add that the Group policies are assigned by MAC adress and as the VPN is not using the MAC address of the LAN port on the laptop, I'm not sure that the Meraki will identify the laptop correctly. That being said I'm not interested in using the internet throught the meraki. The laptop can use it's own local internet as long as I can access the LAN on my office network.     ... View more

Re: How to allow traffic from VPN vlan to local vlans

by in Security & SD-WAN
‎Oct 12 2022 11:18 PM
‎Oct 12 2022 11:18 PM
So I am simulating a person working from home. That is a windows laptop on a home wifi using VPN to connect to the office MX64.   At the office they must, for example, be able to access the local NAS drive, Server1 or 192.168.1.3. Another user must be able to access a SQL server located at 10.5.5.1.   The VPN only assigns a subnet that is not the same as the local vlan's subnet and I cannot find a way to add more than one subnet to the VPN. So I don't know what to do to access the local subnet/vlan once looged in as a VPN user.   Maybe I'm missing something obvious, as everyone is telling me by default it is all accessible. However the method of accessing it eludes me. ... View more

Re: How to allow traffic from VPN vlan to local vlans

by in Security & SD-WAN
‎Oct 12 2022 2:57 AM
‎Oct 12 2022 2:57 AM
My laptop is on wifi at the moment to test VPN connectivity, here is the wifi and VPN IP's I have (for now) changed the block rule to allow, for testing.     ... View more

Re: Client VPN and access to local LAN

by in Dashboard & Administration
‎Oct 12 2022 2:29 AM
‎Oct 12 2022 2:29 AM
"Client VPN users may access all subnets within the network by default."   How does this work? My VPN subnet is 192.168.5.0/24, I'm connected as 192.168.5.118. However I cannot connect to anything in my 192.168.1.0/24 subnet. For example if I ping 192.168.1.3, a NAS server, I get no response. If I put 192.168.1.3 in my file explorer, it fails to access the NAS drive.   What can I do to fix this? ... View more

Re: How to allow traffic from VPN vlan to local vlans

by in Security & SD-WAN
‎Oct 12 2022 2:17 AM
‎Oct 12 2022 2:17 AM
I don't understand. I don't want to restrict access. I want to allow it. How do I allow it?   I am now connected as 192.168.5.118. When I ping 192.168.1.3 I don't get a ping. When I try to access 192.168.1.3 with my file explorer is cannot find that IP. How do I reach it?   I have added a rule to the Layer 3 firewall like this: This does not help. I still cannot access 192.168.1.3. ... View more

How to allow traffic from VPN vlan to local vlans

by in Security & SD-WAN
‎Oct 12 2022 12:05 AM
1 Kudo
‎Oct 12 2022 12:05 AM
1 Kudo
Hello,   I have only recently succeeded in establishing a VPN connection from a client PC to my Meraki.   The specified vlan for the VPN is 192.168.5.0/24. My clients have to access servers in my local vlans. These are 10.5.5.0/24 and 192.168.1.0/24.   Do I set this up under port forwarding or under the Firewall? Can you please show an example of how to do it properly?   Second question is there a way to give some clients access to one local vlan, but not the other and vice versa? ... View more

Re: VPN not connecting

by in Security & SD-WAN
‎Oct 11 2022 11:54 PM
‎Oct 11 2022 11:54 PM
The problem with this connection was with my ISP and not any setting on my Meraki.   There are only two things to note: 1) The host-name provided by my Meraki unit, pointed to the public IP. In my case the Public IP is not the same as the WAN1 IP of the Meraki.With the result that I had to specify the VPN Server address as the WAN1 IP and the host-name does not work. 2) I had to allow PAP, CHAP and MS-CHAP v2 on my PC before the connection would establish successfully. Now the VPN connection works. ... View more

Re: VPN not connecting

by in Security & SD-WAN
‎Sep 26 2022 6:43 AM
‎Sep 26 2022 6:43 AM
OK, I will ask the ISP to create and Public IP for me and move the Meraki to the new address. Fingers crossed this solves the issue. ... View more

Re: VPN not connecting

by in Security & SD-WAN
‎Sep 26 2022 6:31 AM
‎Sep 26 2022 6:31 AM
Yes, this seems to be our issue.   Do you think it will solve the issue if I ask the ISP to give me a public IP for the Meraki and move it out of the DMZ?   They have given me a /30 IP for another device which does work OK. ... View more

Re: VPN not connecting

by in Security & SD-WAN
‎Sep 26 2022 6:19 AM
‎Sep 26 2022 6:19 AM
To confirm the ports that should be forwarded are 500 en 4500? Are there any other ports required? ... View more

Re: VPN not connecting

by in Security & SD-WAN
‎Sep 26 2022 5:31 AM
‎Sep 26 2022 5:31 AM
Confirmend. The ISP is using CG-NAT. ... View more

Re: VPN not connecting

by in Security & SD-WAN
‎Sep 26 2022 4:23 AM
‎Sep 26 2022 4:23 AM
Not sure, I will inquire and give you feedback when I get it. ... View more

Re: VPN not connecting

by in Security & SD-WAN
‎Sep 26 2022 4:10 AM
‎Sep 26 2022 4:10 AM
My Meraki sits behind a Mikrotik Router that is managed by the ISP. Accoring to the, all incoming traffic to the Public IP is being forwarded to the Meraki. They sent me their Firewall rules to look at. I'm not an expert in Mikrotik friewalls but it seems in order to me.   This is what they have sent: 0    chain=srcnat action=masquerade src-address=!41.138.70.12/30 out-interface=Client_Details log=no log-prefix=""   1    chain=dstnat action=dst-nat to-addresses=192.168.0.91 protocol=tcp dst-address=41.76.33.18 dst-port=!8291,2000,8728 log=no log-prefix=""   2    chain=dstnat action=dst-nat to-addresses=192.168.0.91 protocol=udp dst-address=41.76.33.18 dst-port=!8291,2000,8728 log=no log-prefix=""   3    chain=dstnat action=dst-nat to-addresses=192.168.0.91 protocol=gre log=no log-prefix=""   4    chain=srcnat action=masquerade dst-address=192.168.0.91 log=no log-prefix="" ... View more
My Accepted Solutions
View all
© 2024 Cisco Systems, Inc.