Community Record
14
Posts
1
Kudos
0
Solutions
Badges
Oct 15 2024
2:34 AM
Hi, We have a server room in our head office that has a typical lock and key, aircon etc that holds the core of our Meraki network. It holds 2 x mX100 in HA DR with a BT failover 1gb Leased line. 1 connection into each MX. We then have 2 core switches MS425 stacked and lots of fibre connections to various parts of the building to distribution cabs with MS250's serving users/AP's and other devices. We've now decided to look at splitting this across 2 locations in the building for DR. 1 MX in 2 physically separate locations, 1 of the core switches and then get BT to re-route the backup line to the new location. My only question is presently the MS425's are stacked with 2 mini stacking cables (about 10cm long)! Can we "stack" across a OM4 fibre run in a new location - dual runs? So no stacking cable anymore but about a 150m fibre run between comms cabs...?
... View more
Jun 10 2024
3:29 AM
Ah ok so I could use the range of AP IP's to route traffic over WAN2 as they have their own subnet. But then again I think it's be neater to use bridge mode with DHCP/Isolation.
... View more
Jun 10 2024
3:15 AM
Hi All, We have always had a fail over HSRP/HA MX with a BT leased lien failover circuit 1 in each device and it served us well. We have now introduced a cheap broadband line for our primary MX100 in WAN 2 and we are looking for all non-corporate and Guest traffic to be pushed out to that as opposed to thottling and having them use our primary leased line. I was about to do it but realised our Volutneer network is using NAT isolation and the default scope is 10.0.0.0/8 and all teh guests have random 10.x.x.x adresses with the 2nd octet changing. I was hoping to say guest network 10.10.10.x/24 source go over WAN2 but the issue is (even though it's isolated) that 10.0.0.0/8 actually overlaps our main corporate LAN which is 10.15.x.x (lots of vlans /24). Is there anyway to change the default Meraki scope of isolation from 10.0.0.0/8 or do we have to use a DHCP server and bridge it and secure with firewall rules? i.e should I re-do the guest network
... View more
Nov 27 2023
3:00 AM
Thankyou Ryan, these were the kind of pointers I was looking for. You've actually made me think that maybe I have focussed too much on roaming when actually the issues stem from people who are sat in office and conference rooms. They are the ones are having the issue because they are starting on a great signal and bandwidth - then for no real, quantifiable reason flipping to a weaker AP further away and subsequently ruining a Zoom/teams call in the process. Maybe I need to remove the client balancing as we're never likely to get much more that 40 people on 1 AP ever. I think I should have enough for dual/overlapping AP coverage in every placement. I just find it odd that I can be sat right underneath an AP yet sometimes my client will still connect to or pick up and inferior AP. May I add that my IPhone works perfectly anywhere in the building with max strength everywhere, all the time it's just Windows laptops and Andorid phones that the issue is with mostly!
... View more
Nov 24 2023
4:52 AM
1 Kudo
We did a wireless survey 5 years ago and unfortunately it's grown organically with AP's added to plug gaps
... View more
Nov 24 2023
12:41 AM
So after 5 years or so of our full stack Meraki implementation complaints in a particular area of our building are ever more increasing. We have users who are sat working happily on 5 bars of signal strength connected to their local AP and then for no apparent reason they will then Roam over to an AP on the floor above or one at the other end of the building and the speed/connection will be so bad they'll either have 1 bar shown or it will show the globe icon "no internet". So a bit of back ground - Office Building is 3 floors and about 50m x 20m We have 3 AP's on Ground floor, 6 AP's on 1t floor (as it's sectioned off in to wards) 3 AP's on top Floor The issues are with the people who work on the 1st floor (most AP's). I'm starting to consider we have too many AP's in that space but what is annoying most is why they are picking up AP's on the floor above or below when there is a thick concrete layer between them. Why would they do this? I almost wish i could tell certain clients they are only allowed to connect to certain AP's which you can't quite do albeit fudge some ssid availability and create a new SSID which i don't want to do. I'm using basic indoor radio profiles but I did turn on the Auto RF AI radio feature but i'm not sure it has helped. Does this override the RF profiles? See below a user that is having massive issues and is more or less sat in between 2 AP's (W4 & W3)
... View more
Sep 19 2023
7:05 AM
No we don't use concentrator mode and never have - we just used basic HUB mesh. I'm not sure I even understand the concentrator concept. Our network is quite simple - we have an MX 100 at each site and MS core switches. ALL sites were in a mesh topology but now I've removed them to hub spoke for branches but need to remove VPN connectivity between HQ and DC as we have P2P link.
... View more
Sep 19 2023
7:02 AM
I've changed our two branch office to Spoke only connecting to 2 exit hubs (DC and HQ) so this went well and I was thinking of just deleting the VPN between HQ and DC and essentially making all sites spokes and then putting the p2p circuit on a trunk VLAN on the core switch either end and switching/trunking traffic just like we do to a distribution switch. VLAN10 is the native VLAN and all VLANS are allowed. Essentially the L2/p2p link is basically just an ethernet cable.
... View more
Sep 14 2023
3:28 AM
Hi, We have a 4 site full Mesh. HQ - UK (server access) Data Center -UK (server access) Branch office Paris (no servers just clients) Branch office London (no servers just clients) All 4 are in a 4 site auto-VPN mesh. However we now have a Layer 2/Lan extension/p2p link between our data center and HQ so I want to remove the VPN participation of the Server VLAN (15) and route (well switch) traffic over that p2p link. The problem i'm guessing will happen is that if I remove the server VLAN from going over the VPN then our Paris and London branches will lose access to them. Is there anyway to just remove the VPN participation between HQ and DC and leave it in for the other sites? We are trying to stretch the Server VLAN 15 across HQ/DC via the p2p link for DR mainly but what i've found is if it is still participating over the VPN aswell you essentially have a loop and things stop working. Any idea? I think I also need to go from full mesh to a 2 site mesh (HQ/DC) and a Spoke London/Paris. Is that correct ? Cheers
... View more
Apr 26 2023
2:02 AM
Hi All, Just after some basic best practise and to see what everyone is doing out there. Switches and AP's....Do you..... Assign all devices with a static IP? Use Google DNS for each device? Or Use DHCP for each device with DNS registration locally so you can see your device MAC and name in DNS? or do you do a hybrid approach.... AP's on DHCP but switches on static? Does anyone use IP address reservations for devices (Based on MAC addresses)? Perhaps use 1 google address and one local for DNS? We've also have Umbrella UVA's so should we use them? OR doesn't it really matter?
... View more
Apr 17 2023
4:21 AM
Thanks - our GW for clients and servers is on the core switches at each site with a 0.0.0.0 route to the MX's for internet bound traffic. Logically I can see how and why we could move the solitary switch in our DC to the HQ but it scares me doing that. Never used the concentrator mode and not sure i fully understand it. We did use Meraki client VPN but now we use Cisco Anyconnect to an FTD NAT'd behind the MX's (which isn't the best setup).
... View more
Apr 17 2023
4:17 AM
Thanks Phillip, That's an interesting point about the dual circuits - we had an option for this but declined due to not properly thinking fully about it and cost. What I'm getting a little confused on is that we have things like Cisco ISE, DUO proxy's, Anyconnect FTD's at both sites in a failover capacity so if we stretch VLANs and trunks across both site are we going to end with routing issues? Without thinking fully about the cross site HA pairs and all that clever stuff, the real reason was to take backup and replication traffic out of the auto VPN and just shunt that stuff down the LAN Extn. It's typical though - now we have it it has opened up a whole can of worms as to what we can do. All our Switches are MS350's so fully routing switches and the LAN extension terminates into a port on each of the routing/gateway/core switches. I'm almost tempted to say i'm not worried about the MX's for now I just want to be able to move a VM from site A to B with the same IP address. I'd then like to move backup/rep traffic using Veeam over the LAN extn.
... View more
Apr 14 2023
6:53 AM
We are Meraki Full stack - MX, MS, MR, MV etc We have a HQ site with a production virtual server infrastructure. (Dell VXRail) We have an identical DR site in a data centre 30 miles away. We have a leased line and backup line at each site and a WARM spare HA pair of MX's We've got Auto VPN connecting all sites. We tried the NAt translation for DR and re-ip'ing etc and never really got it working for a few VM's that HAD to retain their IP address. So we bit the bullet and actually got a cheap Layer2 p2p QinQ link between HQ and our DC. Question now is how Meraki handles the layer 2 do we join all the meraki hardware in the DC to the HQ network in Meraki or do we trunk/route certain VLANs across the link or do we stretch the VLANs? Basically we want server A 10.10.10.1 to move from HQ to DR and stay on 10.10.10.1 (forget the gateway for now) At present the 10.10.10.x subnet at HQ is called VLAN10 'server vlan' In our DR site we also have a server VLAN but it's VLAN 20 and is on 10.10.20.x/24 I know that a layer 2 link is essentially no different now from the other distribution/Edge switches in HQ that hang off our core switches. e.g our Finance switch is connected with fibre in the to core switch in HQ and this is 100m away....in theory the DR switch and infrastructure is technically now just the same but is 30 miles away...? Normally everything between sites ran over the auto VPN for inter site traffic i.e backups, replication etc etc What's the best way to get this running over the Layer2 p2p link now and not over the auto VPN?
... View more
