Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About mwiater
mwiater
Getting noticed
Member since Mar 11, 2022
yesterday
Community Record
20
Posts
6
Kudos
3
Solutions
Badges
yesterday
2 Kudos
I'd think this might be a good use for a dedicated VLAN on those two ports and the MX.
... View more
04-21-2023
12:51 PM
I was always suspicious that I wouldn't see everything if the interface flapped, tcpdump stopping when the interface goes down. It's also worth checking the logs on that switch.
... View more
04-21-2023
12:42 PM
2 Kudos
This is in the release notes for 18.106, Fixed a rare issue that could result in the WAN interfaces for MX appliances incorrectly transitioning to a down state for a brief period of time. I've seen this as well. Other than that, packet capture between the isp and the mx is the next best thing for what you can't see
... View more
03-20-2023
02:28 PM
I really appreciate both of your responses, I hope you didn't feel anything but that appreciation. We're reaching out to our rep to see if anything can be done to enable the feature. I understand that even a small change can be significant, but it really feels worth quite a bit to me as a network operator. This problem, where our DHCP clients in network A have Internet connectivity but no DNS connectivity to network B where the DNS servers live (for varying reasons), is one that clients end up experiencing way more than they need to, at least in my world. I think the benefit is large and it's another thing that makes a Meraki network 'just work' even when components on it don't.
... View more
03-20-2023
02:11 PM
Understood that another product can do this, several others can including NRPT in windows. But it makes so much sense to me for this really simple configuration item that already exists in the underlying product to be leveraged in the dashboard.
... View more
03-19-2023
12:55 PM
I think I understand that the MX firewalls internally run dnsmasq. If that's the case, what are the chances that Meraki is looking to supportthe use of the Server= configuration option that dnsmasq has, allowing admins to send dns queries for some domains to specific servers? My use case is multi site Micrsoft based organizations that have all server resources in one of the networks, my server= command could direct windows domain queries to the internal servers and lookups for external domains could be sent out to the internet. There are unfortunately times when the servers become unavailable and everything breaks because dns is broken. Is this even being considered and if not, how would i get that on folks' radar?
... View more
Labels:
- Labels:
-
Firewall
01-11-2023
12:24 PM
How helpful, thank you. I don't know why I didn't find that myself.
... View more
01-11-2023
07:07 AM
I'm looking for some details on the categories offered in the traffic shaping rules. I'm particularly interested in how traffic is matched. For instance, what is the difference between Real-time Transport Protocol and Real-time Transport Protocol Audio. Same questions for WebRTC. And if my voice traffic is SIP-TLS, can the RTCP rules work anyway? I'm curious about the other rules and how traffic is classified too, but this is my starting point. thanks in advance
... View more
12-19-2022
10:45 AM
Is the performance problem that you described restricted to the testing you conducted? Does conventional internet traffic experience the same? Was your test to the data collection folder using windows file sharing, SMB? Does all traffic over this VPN behave like this on the affected link? That SQL traffic is also slow? While fragmentation may be an issue, I'd not exclude other problems creating the slowness you described.
... View more
07-25-2022
09:06 AM
Did you get an idea from them when it might be fixed?
... View more
07-05-2022
04:22 AM
some IPSEC implementations support responder, initiator or both implementations. It your peer is configured as an initiator only, it won't respond to the MX's attempts to initiate the tunnel.
... View more
05-06-2022
08:06 AM
1 Kudo
I was really hoping to see the observed/reported NBAR and Site to Site VPN issues addressed. I'll keep hoping
... View more
04-14-2022
05:08 AM
I don't think there is a choice, at least not for me. I can only delay firmware upgrade until sometime in May it seems. Clients won't be thrilled that we can't use the layer 7 rules that they want though.
... View more
04-05-2022
12:08 PM
we're looking around but so far, no, we don't. Good to know there's a model that does not exhibit these problems. Very painful.
... View more
04-05-2022
10:38 AM
I should have mentioned, we're confident our problem is unrelated to crashing nor load issues. And we don't see the problems on MX-84's that we swapped in place of the 85's.
... View more
04-05-2022
10:36 AM
We too saw this behavior on MX 85's with Cisco SG110 switches, and possible Netgear 105s (we don't have a record of what we swapped in for our test), on the wan side. My ticket is still awaiting input from engineering, but we had to remove our MX-85's from production as it was impacting voice. If anyone has more information, or a recommended switch, would appreciate input.
... View more
03-14-2022
07:33 AM
i did disable traffic analysis for all networks in the organization, however I learned on Saturday that this did not disable NBAR. Apparently NBAR is enabled if you use any layer 7 rules. We had to revert to a previous firmware version
... View more
03-12-2022
07:33 AM
i just went to 16.16 on several networks in an organization and am seeing it misclassify internal and external DNS traffic, and internal Avaya IP Office to IP Office traffic as well. And for good measure, some internet based line of business applications for a health care facility. Would be great to be able to more knobs related to NBAR. My choices today seem to be able to remove l7 rules for all social media to make dns work. I must be missing some docs My ticket is 07775843
... View more
03-11-2022
10:58 AM
I had similar problems where some traffic was being miscategorized and NBAR blocked, for me it was Avaya IP Office communications as well as internal and external dns. Turning traffic analysis off fixed that for me
... View more
03-11-2022
10:27 AM
1 Kudo
I had a couple networks get NBAR blocks in the event logs, internal VPN traffic between Avaya IP Offices at different sites and internal as well as external DNS requests as a result of upgrading to 16.16
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 95 | yesterday | |
| 413 | 07-05-2022 04:22 AM | |
| 1437 | 03-14-2022 07:33 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 95 | |
| 2 | 623 | |
| 1 | 1175 | |
| 1 | 11046 |
