Community Record
60
Posts
51
Kudos
2
Solutions
Badges
Jul 27 2023
7:42 AM
We had similar problems at a site in the last few weeks, all MR44s except for two MR32s that were put in to fill bad spots while more MR44s were on long backorder. Disabling client load balancing helped, but did not eliminate the problem, which had the clients roaming to APs with poor signal quality, then bouncing back to one with good quality. All firmware up to date. These would occur several times per minute on affected clients even if the client was not moving, but was not happening all the time; sporadically one or more clients would start having issues at about the same time. RF and Health were unrevealing, showing no particular issues. Two additional items were found last year. First was that most of the problem clients were HP laptops with Realtek controllers. This affected both fixed and roaming clients and impacted multiple customer sites; our techs tried both switching users to USB wireless adapters for a while (which helped) and testing different drivers, and then found one Lenovo Realtek driver that worked on the HP laptops to significantly reduce (but still did not eliminate) the problem. "Realtek wifi RTK8822BE-CE Ver 2024_0_8_134 At the time (10/2022) others reported similar problems corrected via newer HP drivers but that didn't work for us. And we do not see similar problems at sites with non Meraki APs (to be fair totally different sites that may have more AP coverage due to cost).
... View more
Oct 11 2022
3:03 PM
2 Kudos
We had two customers that recently started having issues with MacOS wireless clients; I do not have the exact error message but the gist was that the Mac said the network required a WPA2 passphrase. The SSID DOES have a WPA2 compliant passphrase, but some Macs gave the error. This occurred even when the We ended up turning off WPA1 compatibility where it was still enabled, and switched all of the SSIDs to WPA3 transition mode (support WPA2 and WPA3). That pretty much stopped the complaints. Not sure if it was related to a recent AP firmware update, but the Macbooks in question had Mojave, Catalina, and whatever the latest OS versions (maybe a newer one too). One M1, the rest were intels. So far no complaints from old WPA1 only devices losing connectivity.
... View more
Apr 22 2022
10:06 AM
Philip, we are doing that with our customer's own zoom setup. However we (and they) cannot do anything about _their_ clients' zoom setups; the people using the coworking spaces generally don't even know if their own organizations configure QoS, or they're using one of the 'free' zoom options which by my understanding do not have the option. Enabling the Meraki default QoS rules has not noticeably helped with those users. We've tried a couple of packet traces when we can ID the particular user's device; one had Zoom QoS enabled per the tech who looked at it, the other did not; nothing we can do about the latter.
... View more
Apr 21 2022
8:55 AM
This question is about two different sites. One has all MR44 APs and can use the new NBAR QoS selections, the other has older APs. Both have MX firewalls so have NBAR on the MX. I do have a support ticket open for this but hoping someone has had live experience. Online best practice info about zoom and videoconferencing in general, including Teams, seems to require setting different priorities for audio vs video. Audio gets higher priority. However NBAR only has one selection for zoom (unlike MS Teams that has, I think, five different selections and breaks out audio and video). So if we create a traffic shaping rule for 'zoom' we can only pick one per-client bandwidth and one setting for either PCP or DSCP tag (APs) or just the DSCP tag and priority (low, normal, high)(MX), which would seem to put video and audio (and sharing?, etc) all at the same priority level, not matching alleged best practice. We can do the NBAR custom rules for the site with MR44s on both the APs and the firewall, or just the firewall at the other site. Default QoS rules are enabled Switches are set to accept QoS in settings on voice, production, and office wifi VLANs Both sites need to support zoom meetings from multiple sources, not just the customer running their own (coworking spaces), some of which may have QoS enabled and some not, but we do not have control over that; it sounds like we might need to force QoS as opposed to accepting and not changing what the client (or upstream) puts out, but again that leaves us with audio and video and whatever else all at the same priority. What is the proper way to deal with this? Thanks
... View more
Apr 28 2020
7:23 AM
4 Kudos
Ah, the melancholy of not winning, and yet not really losing because in the pursuit of points we found the information to make our customers with Sonos speakers much much happier and got some great ideas for fun SSID names! Thanks @MeredithW And congrats, @PacerX
... View more
Apr 16 2020
1:57 PM
This was a fortuitously timed post; one of our customers has had periodic Sonos problems and just called in again with them; their devices are on a separate SSID but it was in L3 roaming mode; we're going to switch it and see how they do. There's no reason for the roaming capabilities on that particular SSID Thanks Rich
... View more
Mar 27 2020
1:08 PM
4 Kudos
I bet the initial application for that nice Meraki camera won't be monitoring the dog, or keeping an eye on the kids.... It'll be monitoring the security of the precious precious toilet paper, bottled water, and canned food stash. Motion detect, guard my precioussss.....
... View more
Mar 26 2020
1:32 PM
4 Kudos
So far work from home seems to be half again as busy as normal, with longer hours. But this will make a nice break. Thanks for putting it together!
... View more
Jan 8 2020
12:55 PM
1 Kudo
Actually attend at least 50% of the Meraki webinars and quarterlies I sign up for (usually work blows me out). Python, same as last year, learn it, use it. Keep sending heartfelt wishes to Meraki to improve some of its firewall management and rules.
... View more
Dec 13 2019
8:40 AM
Immediate/live display of bandwidth usage on any MX or MS ports (MR would be nice but the first two are needful), if possible with available breakdown by type of traffic. If it also gave us the ability to then filter the view to traffic on (say) an MX WAN port that is sourcing or sinking from a particular client or switch port and display that usage in real time, that would be icing on the pudding on the cake. Most of my other wishes are capabilities, not dashboard items: the ability to use arbitrary IP address ranges, not just CIDR; the ability to create 'groups' of addresses, address ranges, CIDR ranges, for use in rules, the ability to create groups of services/ports for use in rules so we don't have to create so many individual rules...
... View more
Nov 13 2019
7:23 AM
I try to keep at least a small part of the company's focus on alternatives to the unfortunately mandated use of a certain large northwestern software company's not very secure operating systems and environments, and also the continued unfortunate tendencies to not even look at alternative products and to automatically purchase each new service, system, and application put out by said company with no competitive reviews (or for that matter, any kind of review). In reality we can only continue to try and wrap those systems and applications with layers of security to offset their own lack of same. I wish I could say we are using Meraki exclusively but there are too many limitations to the VPN support for some of our customers. At other sites though we've put in partial (Cisco ASA/Meraki) or whole Meraki stacks with excellent results, especially with AMP service licensed, and expect to continue doing so for sites that don't have more involved VPN requirements. In the future we are pressing for all sites to have AMP licensed and working on their perimeter firewall(s) because it really has proven to be a benefit to the sites that have it despite the high cost. It remains a very hard sell for small customers because of the cost. I would like to try the cameras, but so far no takers. Physical security is not really a topic the company gets into.
... View more
Oct 23 2019
3:09 PM
Done. The magnet sculpture would look smashing next to my collection of hard drive magnets...
... View more
Aug 20 2019
3:52 PM
8 Kudos
Congratulations to the community, and thanks for all the assistance!
... View more
Aug 14 2019
9:25 AM
(Not my entry) The CEO read it in Gartner And said its the way we must go Hurrah for this new transformation Our old ways that worked really blow. This new digital Transformation Will make all our processes slick No more manual operations That make our millennials sick! The IT department had warned them Complexity rules this path And if we're not ever so careful we might just get bit in the ass... (yeah, I know...) But management can't be dissuaded And said "Gartner's showing the way!" "The deadline is closing in quickly" "Get it done or there'll be hell to pay!" Now HR can check inventory And Maintenance sees the GL Our data's all stirred in together This new paradigm works so well! Our CEO soon left this business His parachute golden deployed The government screams about HIPAA Our IT staff's soon unemployed The new CEO came in breathless Said "Look whats in Gartner today!" "Get rid of these old crufty methods" "We're going to go this new way!"
... View more
Aug 13 2019
4:11 PM
Digital Transformation first defined itself to me at a Compaq conference shortly after they purchased Digital Equipment Corporation and started more aggressive moves into the enterprise environment. They called it "Zero Latency Enterprise", where all processes and functions, including human interaction inside the enterprise, expanding out to satellite locations, and with end customers, was completely digital, redundant, and centrally available. The concept was that if a customer expressed interest in an item (via online, or at the time interactive kiosk or other physical terminal, or the early customer scanning devices folks thought might catch on), that information was immediately digested and made available to every level of the enterprise 'business intelligence' and CRM datastores; enough customers expressing said interest might trigger automatic inventory changes, as well as alerting about possible trends or fads, alerting store managers to 'feature' items on end-caps, or the ads department to make sure those items were in next weeks commercials or newspaper ads. They used Disneyland as an example (and Disneyland has made a lot of changes that reflect ZLE, whether or not that came from Compaq). The ride reservations, timers to go places so you didn't have to stand in line, forecasting things you might want because you bought particular tickets/entry tokens/whatever, to keep all the customers as happy as possible while minimizing costs of walkouts, improving sales (we have time to hit the food stand instead of waiting in line), etc. ZLE talked about magnetic stripe card or a portable PDA type device at the customer level, obviously no longer needed with current tech. It was all quite interesting, though the complexity of what they were envisioning may be part of why Compaq got eaten by HP not long after and ZLE disappeared into the bit bucket (a digital transformation of a trash can...). So Digital Transformation, from this early ZLE concept to current, is about gathering as much data as possible about every aspect of the business environment and the people in it, and the people they work with, sell to, buy from, deal with, and optionally _might_ do any of those with in the future, as close to real time as possible, analyzing it, collating it, making it available to as many relevant people, processes, and systems as possible in coherent and usable form as close to real time as possible, so that it can be used to best prepare and position the business/organization to prosper. Digital Transformation has also meant that many businesses are forced to change their methods and processes to work the way whatever package they purchase wants them to work. It doesn't matter if your business has refined its procedures and methods for decades; if you go with a pre-package you must change a lot in order to squeeze into that new mold, otherwise you have to have the large IT departments of the past with considerable development staff and support costs... but then keep your long learned/earned methods. The latter doesn't seem to get counted as "Digital Transformation" in current parlance; if you don't standardize on an 'industry standard' package or giant well known BI/CRM/etc service, then you're still stuck in the past.
... View more
Jun 24 2019
1:48 PM
2 Kudos
Swiper the Dog says hello from his (my) new Avatar And after reading the fine print: I have a new avatar!
... View more
May 2 2019
7:25 AM
3 Kudos
Congrats to @JimL - have fun monitoring your castle! I'll admit the contest was an incentive to get back on the forum; we're just so busy here that its hard to try keeping up. How are everyones' new year resolutions coming? Mine are mostly being deferred again under the press of work...
... View more
Apr 25 2019
3:47 PM
1 Kudo
I don't think our dev team saw this. Thanks for the heads-up!
... View more
Apr 25 2019
3:45 PM
I think you need to look at the QoS rules config; I was used to ProCurve and other switches and Meraki seems to centralize this much more than others. In the dashboard go to Switch - Configure - Switch settings and scroll down to the Quality of Service settings. There is a default rule there that will trust incoming DSCP settings and a link that will allow you to customize the DSCP to Class of Service mapping, and set up your own specific rules based on IPs or ports (with some limitations on the smallest switches). Basic docs on this are here
... View more
Apr 24 2019
7:59 AM
2 Kudos
Thank you for the reminder email; we've been so busy I forgot to follow up. And, handily, I have a question to post today!
... View more
Jan 8 2019
8:36 AM
4 Kudos
Complete my initial Cisco/Meraki Express certifications Get my Z3C Teleworker set up at home, replacing the tired SonicWALL TZ100 we've had for years Use that to justify increasing our home cable connection bandwidth, since the gateway will be able to handle it Stream ALL THE THINGS! Update the non-Meraki site tunnel to work (different organizations... work can't have my Z3C! ) Update Python to current on the home Alphastation DS10 (running OpenVMS) and work's OpenVMS Integrity servers Use said Python to see if I can get the Dashboard API to work via this unlikely, but endlessly awesome platform. If it works, set up our work VMSCluster to do the Meraki monitoring so we're not depending on some silly PC (monitoring platform should be as or more reliable than the objects being monitored) (*) (*) subject to available period of time when silly PCs don't break down for long enough to allow said work to occur... this is rare.
... View more
Sep 21 2018
2:23 PM
Apparently content filtering can require an adjustment to those specs; we have 50Mbps symmetric and 10-15 people in house, with the only really heavy data being overnight cloud backups. The website issues were occurring all day long for more than a week; we will have to take that into account when sizing for customers who require content filtering.
... View more
Sep 21 2018
1:33 PM
@Adam wrote: Thanks for the update. I'm glad to hear you are making some progress. The 'top sites' with categories will probably resolve the issue. I'm willing to bet that was the cause. We experienced the same thing. Very intermittent page load times with full list since it had to do the site lookups every time (you'd think it'd cache the sites visited). But keep in mind, you'll have much less protection with 'top sites' vs 'full list'. So far so good, no complaints today. I guess it was content filter checking each of the dozens of domains (ads, tracking, countertracking, more ads, etc) that get hit when you visit a site. It turns out we were running double content filtering too; management had turned up content filtering at OpenDNS for us, which probably explains the occasional 'site not found' errors we saw when it was too slow. Would have been nice to know that going in. We don't need to run it in both places. I imagine the Meraki would be more effective at blocking any sneaky workarounds than a DNS service, but we'll probably stick with OpenDNS anyway, given this performance example. One of the managers is now concerned that the MX84 is undersized for our usage. Would a larger/faster MX be better _specifically_ at dealing with full content filtering with multiple categories over a same-speed link? Or is that overhead more or less fixed?
... View more
Sep 20 2018
4:42 PM
Content filtering may be all or part, not sure yet. We ran concurrent tests with two PCs on the same LAN, both on internal DNS, both on external, or one on each (which made no difference). Maybe 1 in 4 times both PCs would display a site in the same amount of time. About 1 in 4 we'd get both hanging for a long time ('making a secure connection' or 'waiting for site' messages), and about half one would load at a normal speed and the other would be in one of the 'wait' modes for up to 40 seconds or so then either flash an error message and reload, or fail with a timeout, or eventually load. We tried disabling AMP, disabling IPD, etc, no change. Then we removed all the block categories from content filtering, and did not have one slowdown after that. More testing tomorrow. We do need to have content filtering enabled, so perhaps the 'top sites' option will work (it was on full; we didn't try turning that down before yanking the categories). Thanks for all the ideas. I'll post results tomorrow along with kudos.
... View more
My Accepted Solutions
Subject | Views | Posted |
---|---|---|
8289 | Oct 11 2022 3:03 PM | |
3647 | Apr 25 2019 3:45 PM |
My Top Kudoed Posts
Subject | Kudos | Views |
---|---|---|
9 | 16019 | |
8 | 41754 | |
4 | 21153 | |
4 | 49081 | |
4 | 49136 |