Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About MerakiLife
MerakiLife
Here to help
Member since Jun 7, 2022
Nov 28 2023
Community Record
11
Posts
1
Kudos
0
Solutions
Badges
Nov 27 2023
3:00 AM
Thankyou Ryan, these were the kind of pointers I was looking for. You've actually made me think that maybe I have focussed too much on roaming when actually the issues stem from people who are sat in office and conference rooms. They are the ones are having the issue because they are starting on a great signal and bandwidth - then for no real, quantifiable reason flipping to a weaker AP further away and subsequently ruining a Zoom/teams call in the process. Maybe I need to remove the client balancing as we're never likely to get much more that 40 people on 1 AP ever. I think I should have enough for dual/overlapping AP coverage in every placement. I just find it odd that I can be sat right underneath an AP yet sometimes my client will still connect to or pick up and inferior AP. May I add that my IPhone works perfectly anywhere in the building with max strength everywhere, all the time it's just Windows laptops and Andorid phones that the issue is with mostly!
... View more
Nov 24 2023
4:52 AM
1 Kudo
We did a wireless survey 5 years ago and unfortunately it's grown organically with AP's added to plug gaps
... View more
Nov 24 2023
12:41 AM
So after 5 years or so of our full stack Meraki implementation complaints in a particular area of our building are ever more increasing. We have users who are sat working happily on 5 bars of signal strength connected to their local AP and then for no apparent reason they will then Roam over to an AP on the floor above or one at the other end of the building and the speed/connection will be so bad they'll either have 1 bar shown or it will show the globe icon "no internet". So a bit of back ground - Office Building is 3 floors and about 50m x 20m We have 3 AP's on Ground floor, 6 AP's on 1t floor (as it's sectioned off in to wards) 3 AP's on top Floor The issues are with the people who work on the 1st floor (most AP's). I'm starting to consider we have too many AP's in that space but what is annoying most is why they are picking up AP's on the floor above or below when there is a thick concrete layer between them. Why would they do this? I almost wish i could tell certain clients they are only allowed to connect to certain AP's which you can't quite do albeit fudge some ssid availability and create a new SSID which i don't want to do. I'm using basic indoor radio profiles but I did turn on the Auto RF AI radio feature but i'm not sure it has helped. Does this override the RF profiles? See below a user that is having massive issues and is more or less sat in between 2 AP's (W4 & W3)
... View more
Sep 19 2023
7:05 AM
No we don't use concentrator mode and never have - we just used basic HUB mesh. I'm not sure I even understand the concentrator concept. Our network is quite simple - we have an MX 100 at each site and MS core switches. ALL sites were in a mesh topology but now I've removed them to hub spoke for branches but need to remove VPN connectivity between HQ and DC as we have P2P link.
... View more
Sep 19 2023
7:02 AM
I've changed our two branch office to Spoke only connecting to 2 exit hubs (DC and HQ) so this went well and I was thinking of just deleting the VPN between HQ and DC and essentially making all sites spokes and then putting the p2p circuit on a trunk VLAN on the core switch either end and switching/trunking traffic just like we do to a distribution switch. VLAN10 is the native VLAN and all VLANS are allowed. Essentially the L2/p2p link is basically just an ethernet cable.
... View more
Sep 14 2023
3:28 AM
Hi, We have a 4 site full Mesh. HQ - UK (server access) Data Center -UK (server access) Branch office Paris (no servers just clients) Branch office London (no servers just clients) All 4 are in a 4 site auto-VPN mesh. However we now have a Layer 2/Lan extension/p2p link between our data center and HQ so I want to remove the VPN participation of the Server VLAN (15) and route (well switch) traffic over that p2p link. The problem i'm guessing will happen is that if I remove the server VLAN from going over the VPN then our Paris and London branches will lose access to them. Is there anyway to just remove the VPN participation between HQ and DC and leave it in for the other sites? We are trying to stretch the Server VLAN 15 across HQ/DC via the p2p link for DR mainly but what i've found is if it is still participating over the VPN aswell you essentially have a loop and things stop working. Any idea? I think I also need to go from full mesh to a 2 site mesh (HQ/DC) and a Spoke London/Paris. Is that correct ? Cheers
... View more
Apr 26 2023
2:02 AM
Hi All, Just after some basic best practise and to see what everyone is doing out there. Switches and AP's....Do you..... Assign all devices with a static IP? Use Google DNS for each device? Or Use DHCP for each device with DNS registration locally so you can see your device MAC and name in DNS? or do you do a hybrid approach.... AP's on DHCP but switches on static? Does anyone use IP address reservations for devices (Based on MAC addresses)? Perhaps use 1 google address and one local for DNS? We've also have Umbrella UVA's so should we use them? OR doesn't it really matter?
... View more
Apr 17 2023
4:21 AM
Thanks - our GW for clients and servers is on the core switches at each site with a 0.0.0.0 route to the MX's for internet bound traffic. Logically I can see how and why we could move the solitary switch in our DC to the HQ but it scares me doing that. Never used the concentrator mode and not sure i fully understand it. We did use Meraki client VPN but now we use Cisco Anyconnect to an FTD NAT'd behind the MX's (which isn't the best setup).
... View more
Apr 17 2023
4:17 AM
Thanks Phillip, That's an interesting point about the dual circuits - we had an option for this but declined due to not properly thinking fully about it and cost. What I'm getting a little confused on is that we have things like Cisco ISE, DUO proxy's, Anyconnect FTD's at both sites in a failover capacity so if we stretch VLANs and trunks across both site are we going to end with routing issues? Without thinking fully about the cross site HA pairs and all that clever stuff, the real reason was to take backup and replication traffic out of the auto VPN and just shunt that stuff down the LAN Extn. It's typical though - now we have it it has opened up a whole can of worms as to what we can do. All our Switches are MS350's so fully routing switches and the LAN extension terminates into a port on each of the routing/gateway/core switches. I'm almost tempted to say i'm not worried about the MX's for now I just want to be able to move a VM from site A to B with the same IP address. I'd then like to move backup/rep traffic using Veeam over the LAN extn.
... View more
Apr 14 2023
6:53 AM
We are Meraki Full stack - MX, MS, MR, MV etc We have a HQ site with a production virtual server infrastructure. (Dell VXRail) We have an identical DR site in a data centre 30 miles away. We have a leased line and backup line at each site and a WARM spare HA pair of MX's We've got Auto VPN connecting all sites. We tried the NAt translation for DR and re-ip'ing etc and never really got it working for a few VM's that HAD to retain their IP address. So we bit the bullet and actually got a cheap Layer2 p2p QinQ link between HQ and our DC. Question now is how Meraki handles the layer 2 do we join all the meraki hardware in the DC to the HQ network in Meraki or do we trunk/route certain VLANs across the link or do we stretch the VLANs? Basically we want server A 10.10.10.1 to move from HQ to DR and stay on 10.10.10.1 (forget the gateway for now) At present the 10.10.10.x subnet at HQ is called VLAN10 'server vlan' In our DR site we also have a server VLAN but it's VLAN 20 and is on 10.10.20.x/24 I know that a layer 2 link is essentially no different now from the other distribution/Edge switches in HQ that hang off our core switches. e.g our Finance switch is connected with fibre in the to core switch in HQ and this is 100m away....in theory the DR switch and infrastructure is technically now just the same but is 30 miles away...? Normally everything between sites ran over the auto VPN for inter site traffic i.e backups, replication etc etc What's the best way to get this running over the Layer2 p2p link now and not over the auto VPN?
... View more
Jul 20 2022
6:16 AM
Hi All, After a few tips for the next stages of our Meraki Journey and WAN topology. We started as a 200 user org with a Meraki Full Stack (MX, MS, MR, MV, MDM) We are now at 500 users and the MX100 is squeeling and hitting 100% utilization on CPU frequently! We have 3 sites, MX100 (HA pair) at HQ with Production virtual servers MX84 at DataCentre (DR/failover site) MX84 at remote branch (no servers just users) All 3 sites are connected via Auto VPN. This has served us well for 3 years. We used to use the MX100 as a client VPN server and then played with Meraki Anyconnect but had no luck so we were sold 2 vFTD (Virtual Cisco Firepowers) to do the Anyconnect piece in a more reliable manner than Meraki. The MX's now NAT VPN traffic to vFTD's. I'm looking to re-design this all as I think we need bigger hardware and more bandwidth. - Do I get a p2p (LAN extension between the HQ and DC) and leave the MX for Internet and VPN only - this will make DR better as no-re-ip'ing of VMs) - Do I get a MX 250 or 105 and add second leased line - Do i use the virtual firepowers and retire the MX's as let's face it the MX isn't the best Meraki product - DO I get a rebate on the vFTD's and buy a physical FTD appliance? - Do I do something completely different? - Ideally I'd also like the anyconnect VPN to flip between sites if a heart beat is lost or we have an outage - i've been looking at cloudflare for DNS failover. Anyone have any better solutions/ideas?
... View more
© 2024 Cisco Systems, Inc.
