Community Record
20
Posts
18
Kudos
1
Solution
Badges
2 weeks ago
Good to know! Looks like we'll be implementing API-driven upgrades as well 🙂
... View more
2 weeks ago
"Can sometimes take weeks"— shouldn't mean months in reality. Or do we interpret this differently? I understand your point, but we're talking about SMB/Enterprise-grade hardware with a matching price tag. When it comes to a critical feature like firmware updates, I believe Meraki should provide MSPs with more control over the upgrade process. We've all experienced issues after a firmware upgrade, and manually overseeing 40+ organizations is neither practical nor an efficient use of time, in my opinion. At the very least, if Customer A has the same setup as Customer B, they should receive the same firmware automatically based on the network settings— but that’s not happening consistently. For now, we'll be using the API to gain proper control and roll out firmware updates across all our customers simultaneously.
... View more
2 weeks ago
2 Kudos
Hi fellow Meraki admins, Lately, we've noticed across multiple customers that the firmware of all devices within a network is not being automatically upgraded as expected. I'm not just talking about waiting 1–2 months for an upgrade to the latest firmware, but rather critical updates (at least according to the dashboard) still remaining unscheduled. We've seen multiple customers running firmware that is over 10 months old, with seemingly no automatic scheduling. The wording in the dashboard regarding firmware management is, in my opinion, misleading. Under "Network-wide" → "General", the configuration states: "The *insert Meraki Product* in this network are configured to run the latest available firmware." As a Meraki admin, when I read this, I expect the network to eventually update to the latest firmware—certainly not after 10 months. Now, here’s my issue: I'm not expecting Meraki support to immediately conduct an in-depth investigation, but my support ticket response was disappointing. They simply told me that this is "expected behavior" and referenced their docs: Though it will eventually be pushed to qualified networks via the automated upgrade process, the automated upgrade process does not happen immediately after release and is rolled out over time. The automated process can sometimes take weeks to occur on all networks, depending on certain factors. I'm sorry, but I find it hard to believe that this feature is intended to work this way. Sure, we can leverage the API to manually schedule firmware updates for our customers, but this has been a built-in feature for years. As paying customers, we should expect it to work as advertised, especially since Meraki actively promotes it in their sales documentation. How do you guys handle firmware upgrades across 40+ organizations? Am I supposed to just accept the current state of things?
... View more
Labels:
- Labels:
-
Firmware upgrades
Sep 10 2024
3:55 AM
Thanks for responding, guess we'll wait for further updates.
... View more
Sep 10 2024
3:51 AM
2 Kudos
Hi Philip, seems odd we're running 18.211.2 as well and no matter which setting I'm changing it shows me the error. Guess I'll contact support again and tell them that it works on other MX95 HA setups. Thanks for responding! 🙂
... View more
Sep 10 2024
3:04 AM
Hi Is anyone else having this issue on the MX95 since the 18.210 release when trying to change the SD-WAN & traffic shaping configuration it shows an error for WAN3, but there's no WAN3: 'Slightly' annoyed since Meraki support just tells me to wait for a firmware which is supposed to fix this issue. But it's not even stated as a known issue. It's been months...
... View more
Mar 28 2024
2:21 AM
Please note that the drawing is only a best practice topology, our setup is slightly different but functions in the same way as the topology drawing. I could make an exact one, but since it's rather simple: MS Port 1 -> ISP Device Fiber MS Port 2 -> ISP Device Copper MS Port 3 -> MX1 - WAN 1 MS Port 4 -> MX2 - WAN 1 And the MS is connected to each MX on Port 7, every port is configured as "Access" with VLAN1000. MS Port 7 - > MX1 - LAN Port 7 MS Port 8 -> MX2 - LAN Port 7
... View more
Mar 28 2024
12:54 AM
Downstream on the MX only the MS in the separate network is using VLAN 1000 and only on port 7 on each MX: I'm a bit puzzled why this configuration is causing a loop:
... View more
Mar 27 2024
9:57 AM
Hi Ryan, all MS LAN and MX LAN Ports are configured as "access" ports. To further explain the setup this might help: On the MS Port 1-4 are only used as WAN Ports using VLAN 900. The ISP is using two devices to provide failover from fiber to copper, but thats working fine. Port 1 -> ISP Device Fiber Port 2 -> ISP Device Copper Port 3 -> MX1 - WAN 1 Port 4 -> MX2 - WAN 1 And the MS is connected to each MX on Port 7, every port is configured as "Access" with VLAN1000. MS Port 7 - > MX1 - Port 7 MS Port 8 -> MX2 - Port 7 The MS resides in a separate meraki network, otherwise it would influence the topology or cause issues. As soon as MS Port 8 -> MX2 - Port 7 is plugged in, it all goes offline. I'm seeing RSTP changes and MAC Flapping when plugging it in, it even says loop detected. But it didn't seem like STP loop guard helped. *slight mixup with ports, obviously the connection MS Port 7&8 are connected to MX1/2 on Port 7
... View more
Mar 27 2024
9:51 AM
On the MS Port 1-4 are only used as WAN Ports using VLAN 900. The ISP is using two devices to provide failover from fiber to copper, but thats working fine. Port 1 -> ISP Device Fiber Port 2 -> ISP Device Copper Port 3 -> MX1 - WAN 1 Port 4 -> MX2 - WAN 1 And the MS is connected to each MX on Port 7, every port is configured as "Access" with VLAN1000. MS Port 7 - > MX1 - Port 7 MS Port 8 -> MX2 - Port 8 The MS resides in a separate meraki network, otherwise it would influence the topology or cause issues. As soon as MS Port 8 -> MX2 - Port 8 is plugged in, it all goes offline.
... View more
Mar 27 2024
9:46 AM
Hi Alessandro, that doesn't work in our case. Our ISP is providing a failover from fiber to copper in case one line goes down. This results in 2 RJ45 ports which have to be connected to both MX's, as a result both MX can use the MS as a breakout to each ISP Device.We can't hook up MX1 and MX2 with failover if we don't use the MS. The MS continues to work just fine even if it has no cloud connectivity, but in this topology it should always have since it can connect ot the dashboard using VLAN 1000 which is connected to both MX.
... View more
Mar 27 2024
5:08 AM
Hi all I’ve got a topology with an ISP uplink, 2 MXs and one breakout switch. The setup works perfectly fine concerning the WAN side. But as soon as I hook up the breakout switch to the secondary MX which is in standby everything goes offline, it seems like it’s causing a loop even though it's connected to two different MXs. The following topology is exactly like the one I’m having issues with. My question is how are the MS management ports supposed to be configured? Is the STP guard needed in a topology like this or am I missing something else? The MS management ports are currently configured like this: The MX LAN port which connects to the MS management port is configured like this:
... View more
Feb 6 2024
4:36 AM
That's not really a solution, once you start it, it will pop up even if you're connected. And in what world would a customer accept this 😅? I've posted my findings below, still can't wrap my head around the fact the pop-up is a default behaviour and has to be disabled through so many settings. I guess they all work on MacBooks.
... View more
Feb 6 2024
4:32 AM
2 Kudos
I've found a solution, I guess writing everything down helped to point me in the right direction. If anyone ever has the same problem, here's what I had to adjust. Disable the captive portal detection in your VPN profile XML if you don't need it (Preferences Part 1 in the Profile Editor): <DisableCaptivePortalDetection UserControllable="true">true</DisableCaptivePortalDetection> The AutomaticVPNPolicy in the XML shouldn't prompt the user at any point (Preferences Part 2 in the Profile Editor): <AutomaticVPNPolicy>true
<TrustedDNSDomains>corp.customer.com</TrustedDNSDomains>
<TrustedNetworkPolicy>Disconnect</TrustedNetworkPolicy>
<UntrustedNetworkPolicy>DoNothing</UntrustedNetworkPolicy>
<AlwaysOn>false
</AlwaysOn>
</AutomaticVPNPolicy> Be sure to disable all AnyConnect notifications on Windows and in the AnyConnect Client itself, we deploy a .ps1 script to change the settings. # Define the path and property
$registryPath = "HKCU:\Software\Cisco\Cisco Secure Client"
$propertyName = "EnableStatusPopups"
$propertyValue = 0
$propertyType = "DWORD"
# Check if the path exists
if (-not (Test-Path $registryPath)) {
# Create the path
New-Item -Path $registryPath -Force
}
# Create or update the property
New-ItemProperty -Path $registryPath -Name $propertyName -Value $propertyValue -PropertyType $propertyType -Force
# Define the path and property
$registryPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Cisco.SecureClient"
$propertyName = "Enabled"
$propertyValue = 0
$propertyType = "DWORD"
# Check if the path exists
if (-not (Test-Path $registryPath)) {
# Create the path
New-Item -Path $registryPath -Force
}
# Create or update the property
New-ItemProperty -Path $registryPath -Name $propertyName -Value $propertyValue -PropertyType $propertyType -Force Frustrating to deal with this for a paid enterprise software, but I guess we all have to. I couldn't find a solution in any forum, hopefully this will help someone else.
... View more
Feb 6 2024
2:41 AM
Hi, thought I'd try my luck on here, since Meraki Support rejected my case because they don't provide extended support for the AnyConnect client and VPN profiles. We've got multiple customers using the AnyConnect client on Windows and with default settings the client shows up each time a network change is detected, which is just infuriating. Upon searching the web I've found multiple settings which helped in some cases but not all. Disable Windows Notifications for "Cisco Secure Client" Setting the AutomaticVPNPolicy behaviour in the VPN Profile XML: <AutomaticVPNPolicy>true
<TrustedDNSDomains>corp.customer.com</TrustedDNSDomains>
<TrustedNetworkPolicy>Disconnect</TrustedNetworkPolicy>
<UntrustedNetworkPolicy>DoNothing</UntrustedNetworkPolicy>
<BypassConnectUponSessionTimeout>false</BypassConnectUponSessionTimeout>
<AlwaysOn>false
</AlwaysOn>
</AutomaticVPNPolicy> Changing the DWORD value to disable "StatusPopups", can also be achieved with right-click on the client in the system tray -> "Show Notifications". # Define the path and property
$registryPath = "HKCU:\Software\Cisco\Cisco Secure Client"
$propertyName = "EnableStatusPopups"
$propertyValue = 0
$propertyType = "DWORD"
# Check if the path exists
if (-not (Test-Path $registryPath)) {
# Create the path
New-Item -Path $registryPath -Force
}
# Create or update the property
New-ItemProperty -Path $registryPath -Name $propertyName -Value $propertyValue -PropertyType $propertyType -Force Does anyone have any idea why the client still shows up out of nowhere? It just pops up on the main screen even though "Show Notifications" is disabled.
... View more
Labels:
- Labels:
-
Client VPN
Jan 16 2024
9:38 AM
3 Kudos
I've just read that the MX doesn't support IPv6 in a warm spare topology, does anyone actually know if this is a technical issue or has it just not been implemented yet? IPv6 implementation seems to be a slow process, and it would be nice to move towards IPv6 at some point. It's been supported in a 'single MX' topology for about two years now (MX 17.5), just kind of weird to let the well-prepared customers wait so long. High-availability (HA) and template deployments are not supported at this time. IPv6 Support on MX Security & SD-WAN Platforms [Core Fundamentals] - Cisco Meraki Documentation
... View more
Jun 17 2023
3:23 AM
Hi Martin, I'd have a look at the Meraki App Marketplace, there's a section for computer vision Cisco Meraki Marketplace | Cisco Meraki, and I've heard about some projects in a Meraki podcast. Otherwise maybe Webhooks - Cisco Meraki
... View more
Mar 14 2023
10:14 AM
7 Kudos
Sent the FortiGate and HPE Switches into their well deserved retirement.
... View more
Feb 9 2022
10:27 AM
2 Kudos
Greetings, my name is Janic and I've been working with Meraki products for a couple of years. I fell in love with the simplicity of meraki products, the outstanding documentation and the really helpful support team. Sadly I had to manage FortiGates, UniFi and HPE network products for my current employer but finally convinced them to take a look into Cisco Meraki. Looking forward to onboard many of our customers to Meraki. I've just passed the 500-220 ECMS exam and hopefully I'm exchanging all of our network gear in the near future. Fun fact, I read Microsoft documentations to fall asleep or wind down before bedtime. Calms me down and keeps me up to date. Glad to be a part of the community.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 5932 | Feb 6 2024 4:32 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 7 | 7166 | |
| 3 | 2815 | |
| 2 | 1942 | |
| 2 | 1136 | |
| 2 | 5932 |
