- About Deviant
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Deviant
Here to help
Member since May 3, 2018
Monday
Community Record
18
Posts
5
Kudos
0
Solutions
Badges
10-14-2018
11:26 PM
2 Kudos
There is a support case open for this. See comment below from support dated June 22nd. Good news!
I broke our lab.
It took longer than in your network due to some validation checks that we do in our labs, but it looks like the switches are doing IPv6 DNS lookups (AAAA) as part of their connectivity tests.
Now that I have it in a broken state, I need to do a few more granular tests, but I wanted to let you know that we have some progress!
... View more
09-24-2018
11:08 PM
Hi @Kapil Great question, when I moved VLAN 120 to the Meraki side I disabled Multicast Routing on my integration vlan 1201. This was the RP vlan, I never changed it over to VLAN 120. So, I just did that and it seems to work. I feel kind of stupid with this oversight.
... View more
09-24-2018
03:43 AM
I do have a case open so support is looking at it. At this stage we moved the headend onto the Meraki directly, a client now on the same vlan streams perfectly well as expected. As soon as I move the client to vlan 63, the streams goes slow and bad. But the PIM table is fine and traffic is going through but it is almost like there is packet loss. Now on the same switch even so I suspect it will end up being a bug or something.
... View more
09-21-2018
12:59 AM
Another thing I thought of was MTU The HP runs MTU 1522, the Meraki default is 9578. So I do not think it should necessarily be an issue as the MTU will only be relevant if frames is received larger than the port MTU in which case the switch will buffer frames right? It is the only logic in my mind that could cause something like this but at the same time I am not sure as to why since the frames should be smaller than that.
... View more
09-21-2018
12:57 AM
So for this conversation we can cut the MS410 out of the picture at least for now as that is 1 hop away. So the IPTV Vendor is leaving today so I reverted to our initial setup. So on the MS250, I have vlan 1201 which links to HP on Vendor side. Vendor can see streams on vlan 1201 on HP no issues observed. Then I have a test laptop on vlan 1201 also on the Meraki side, streams seems ok for a little bit and then starts going bad. Then I move the laptop to an access vlan 63 for example for PIM to kick in, same issue seems to work a bit then starts going bad. So on the igmp querier. What I read is it should be as close to the source as possible. So do I then apply that on vlan 1201? Yesterday during testing the headend was on vlan 120 directly connected to meraki and when I did igmp querier on vlan 120 I had no entries in my PIM table. Vlan 120 was just testing it moved back to the vendor HP now. So currently I have multicast routing enabled on vlan 1201 and on vlan 63. Unknown unicast flooding and igmp snooping enabled.
... View more
09-20-2018
09:50 PM
Hi @PhilipDAth Thanks for the response. The IPTV system integrates on a MS250. I run a ring OSPF network, some areas MS250's and others MS410's. I was on 10.26, but upgraded to 10.37 yesterday to test. Still the same. So the idea is to have it routed, but the interesting thing here is even if I have the client on the same vlan of the headend it does the same as behind a vlan. So in essence it seems that the multicast is working. I think something is dropping some packets. For example, when I do a capture on the test laptop and on the switch port. The laptop's pcap file is 1.2MB and the Switchports is 4.1MB. Flood unknown multicast traffic is enabled, I have tried with various on off settings and for Snooping as well.
... View more
09-20-2018
10:50 AM
Hi Community I was wondering if anyone has managed to get Multicast routing working on Meraki MS? I seem to run into walls the whole time and I have an IPTV Vendor installing a system and ATM it seems that it is the Meraki keeping them back. So we have a headend appliance on an HP switch that the AV manages and supplies. They do PIM-SM and connect to the Meraki using vlan 1201. When they put a client on vlan 1201 on their switch the multicast works exactly as it should. So we connect vlan 1201 to Meraki and the PIM-SM relationship forms no issues. Then I retreive a stream lets say 239.1.2.1 and it works no issues. But as soon as I start a second stream the issues start, then nothing works. Have to start resetting the Meraki PIM settings to get it back up. So further to this I thought, ok let me put a laptop of my own in vlan 1201 as well. So in this case we have headend behind HP switch in VLAN 120 with PIM. AV Laptop on HP switch in vlan 1201 and my laptop in vlan 1201 on Meraki. Surely enough, the AV Laptop connected to the HP switch receives the stream no issue. My laptop on the Meraki does not but I am in the same VLAN now as the AV Laptop on the HP switch. So I started with disabling IGMP and then PIM all together. To have just a standard VLAN, still cant retrieve the streams. So I said, lets move the headend onto the Meraki to get rid of HP/Meraki interoperabilities. So now we have the headend spitting out Multicasts on the Meraki switch in VLAN 120, my client laptop on the same vlan also. Now I open the multicast but there is no content which is odd as I am now in the same VLAN. The same test done on the HP switch works perfectly fine. So now I enable PIM again for that VLAN and an access vlan 63. Now I have headend still on vlan 120 with PIM and laptop on same switch vlan 63. IP Address Subnet Flags Neighbors
10.0.1.110 10.0.1.96/28 DR PIM
1 neighbor Source Group Rendezvous Point Incoming Interface Outgoing Interfaces Flags
Any 239.1.2.1 10.0.1.110 PIM Register
1 interface
WC RP
192.168.120.2 239.1.2.1 10.0.1.110 192.168.120.1
1 interface
CACHE SG
192.168.120.2 239.1.2.2 10.0.1.110 192.168.120.1
-
CACHE SG
192.168.120.2 239.1.2.3 10.0.1.110 192.168.120.1
-
CACHE SG So now, I do the same test and it seems the stream opens I can see on a sniff also surely I am receiving the multicast streams but it simply does not have any content. I am so confused/frustrated by this. Hence the question, has anyone been able to successfully implement this yet?
... View more
09-11-2018
09:18 AM
Good Luck Meraki Supports within a limited frame of work. It is very hard to explain use cases and customization, had the same issue with the management VLAN for Layer 3 Switches to the cloud with no resolve for months. I was just curious about the VLAN tags, but you are right it would not be the reason. I agree to have it as an access port since this will be a routed link.
... View more
09-10-2018
09:12 AM
Hi @GavinMcMenemy I am sorry that you're change did not work out, but based on the configuration you supplied below. I agree with you it does not make any sense at all. I would wait for Support to respond with this. As for the switch management being lost, that is the tricky one as this is a challenge. The switch can route via it's own routing table. Therefore you need another IP just for management. So you could give it a static IP also on VLAN 18. If I could perhaps also ask, how did you interconnect to the ISP. Did you assign the switchport access vlan 18 or did you trunk some VLAN's and native vlan 18?
... View more
08-27-2018
06:54 AM
1 Kudo
Hi @GavinMcMenemy As long as you can access all servers and change the subnet mask it should be fine since the actual IP wont change. I guess there are two ways of doing it, the ISP creates all the VLAN's and tag them to you. In this case you dont care about any routing. But this would mean all traffic goes to ISP and back on 1 wire (Router on a Stick) which is not ideal. The best way to do it is like you described for VLAN 20, when you create the vlan with 10.120.20.254. This becomes the default gateway for you're client in that VLAN. Then you have a static route to the ISP and the ISP has a static route to you in the ISP_Link VLAN for example. When a client wants to communicate to any VLAN's hosted on the Meraki Switch it would do a lookup on its routing table. When you host a VLAN it will be a directly connected subnet therefore it will know to send it to the next VLAN. When a packet is destined for Internet or other branch the switch will see the static route and know how to send it to the ISP due to the static route you configured. Don't be to worried as I use OSPF in this example, just look at the VLAN's and the default route at the bottom. Once routing is in place the switch keeps a routing table which it refers to as per description above. A screenshot below to show the routing table on a switch, again ignore the OSPF for now. It will show interface when it is configured locally and static or default under route type. This will show you the next hop, notice there is no next hop for interface route types as they are local on the device. Hope this helps. Last thing I mean by receive DHCP for the switch, since the Meraki switch is cloud based it needs an IP from somewhere to get to the cloud. Unless of cause you do it statically in which case I guess that should be fine also, best bet might be to configure this in the so called internet vlan as you named it.
... View more
08-27-2018
05:59 AM
1 Kudo
Hi @GavinMcMenemy This should not be to difficult to do, the biggest thing is the downtime you will need to convert users onto new subnets as well as servers and the effect it might have on some unknown variables. The Internet VLAN seems confusing, I assume that that will be the VLAN between ISP and LAN. And when you refer to VLAN's allowed you mean to say VLAN X may Communicate with VLAN Y for example via the Routing Table of the switch. All you would need is to have an IP in a VLAN on the Distribution MS250 side and also give the ISP an IP to use. Then they must route the relevant subnets to you're IP and you have a default route up to the ISP's router. The key off cause is to get rid of the /20 subnet mask on the end devices first or they wont know how to get to the other VLAN's. You would also need to ensure that you create the IP's for each VLAN to make them routable. Also ensure that you only tag VLAN's to Users and Server switches that are required on those switches. Choose a management VLAN for the switches and ensure on the trunk links that they are untagged. Make sure you're switches receives DHCP in the management range VLAN and that it is permitted by the ISP's firewall. As for controlling the flow of traffic, this would have to be carefully planned with the Switch-->ACL's. You would have to specify what subnet ranges can communicate to what subnets and apply that to the correct VLAN's
... View more
08-27-2018
05:31 AM
Wow, is this the only way? This is very cumbersome, we just installed a network with 200+ SFP modules. We need to generate a report for the customer to show the SFP's installed with serial numbers for the As Built documentation so that can claim the funds with a payment certificate. This seems like a bit of an oversight on the dashboard side, specially with these hot swap-able items that can get lost over time.
... View more
06-15-2018
02:12 AM
Thanks for the response. First problem is there is no MX appliance so we cant do that. Even if there was an MX appliance, how would you know Guest A is in Room A for example, would the guest not just authenticate to the WLAN depending on when he/she feels like it and then just roam accordingly. What if the device then dis-associates and associates again to a wrong room. Walk around to their own room and roam in the wrong VLAN? Not sure this would work.
... View more
06-14-2018
07:59 AM
Good Day I have an interesting use case that I just cant get my head around. We have a customer that wants to have chromecast ability in each room, but also ensuring that each room can only cast to the room the client is connected to. So the setup is at the ICT Room we have 3x MS410-16 stacked switches to multiple buildings and rooms. There are 9 Villas and 2 Rooms per Villa. Each Room has Fiber Optic cable back to the ICT Room full Star Topology. Each room has MS225-24 (due to many UTP requirements as well as SFP requirements), also an MR33. So the requirement for Roaming is clear, they want seamless roaming without loss of connectivity across the premises, therefore I have a single guest VLAN which I bridge to a Guest SSID. Now comes the challenge of how do I let a Guest be one one VLAN and only see their room Chromecast when they are in their room. The first thing that was on the cards was Port Isolation on the MS410 switches, but this does wont work across stacked switches so that option is out. Then I thought of looking into the access control on the SSID and trying to isolate Layer 2 traffic or deny LAN traffic thinking that only AP Clients will be able to get to AP Clients. Tested and when I enable Layer 2 traffic isolation or deny Layer 3 lan traffic I lose comms to even my local clients on same AP. So would something like Bonjour forwarding work for this use case, the problem still is how to isolate the various rooms from each other. Another option might be to have an ACL deny traffic on the MS410 switches, but then I would have to split the network on the cloud since the ACL's is network wide not switch specific which also does not seem ideal. A perfect example of what I need is something like Private VLAN's. Not quite sure how to meet both requirements of Roaming as well as Chromecast room isolation. Anyone has some advise?
... View more
05-23-2018
08:46 AM
Thanks yeah I did log a case I also think the code is buggy. I was lucky as I saw in this article after 2 hours configuration reverts. https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Behavior_during_Connection_Loss_to_Cisco_Meraki_Cloud
... View more
05-22-2018
02:24 PM
I think it could be part of the Beta Firmware, we upgraded to Beta as we needed to facilitate Multicast Routing.
... View more
05-22-2018
01:54 PM
1 Kudo
I think I made a silly mistake but I do not quite understand it either. I dropped a whole Meraki Network of 40 odd switched by applying an ACL. The idea was to block all IPv6 traffic as I did not want security holes on the network and IPv6 is not a requirement yet. Anyhows as soon as I applied the IPv6 Deny Any Any it dropped everything from switch management to OSPF everything. Perhaps it was not the brightest moment, but I still ponder why though. Why would an IPv6 Deny any drop everything else. So I thought if I could at least get the management up to revert the change it might work, so I cycle the port from another Aggregation switch downlinking to this network, I do not even see a dhcp request which is a broadcast. I guess I am going to have a long day resetting switches tomorrow :( Just curious if anyone else has played with IPv6 ACL's and experienced the same thing? May 22 22:14 ipv6 deny all // Deny IPv6 May 22 22:15:12 105.247.201.14 logger: <134>1 1527020112.408011792 ESL_ML_AGS_M32_01_03_Service_Tunnel_ICT_Room_ events type=ospf_neighbor_down ip='10.0.1.81' router_id='10.4.0.1' vlan='1112'
May 22 22:15:13 105.247.201.14 logger: <134>1 1527020113.454672201 ESL_PL_AGS_P14_01_02_Chefs_Quarters_ events type=ospf_neighbor_init ip='10.0.1.94' router_id='10.5.0.1' vlan='1112'
May 22 22:15:14 105.247.201.14 logger: <134>1 1527020114.457921800 ESL_ML_AGS_M32_01_03_Service_Tunnel_ICT_Room_ events type=ospf_neighbor_down ip='10.0.1.110' router_id='10.6.0.1' vlan='1113'
May 22 22:15:23 105.247.201.14 logger: <134>1 1527020123.587479040 ESL_KP_AGS_ICT_01 events type=ospf_neighbor_init ip='10.0.1.97' router_id='10.5.0.1' vlan='1113'
... View more
05-03-2018
11:13 AM
@robby_barnes wrote: @Mr_IT_Guy wrote: Another feature I would like: The ability to run speedtests from the MX device. Meraki engineers have this capability so it's definitely possible. Currently the only speedtest available to us is our speedtest to a local MX device. I spoke to our sales engineer about running speed tests from the MX, particularly through the API. We are in a unique scenario where we are a retail chain with about 1500 stores across the country, and one of our partners requires that we do speed tests once a month to "validate" that we are compliant with their requirements. It would be amazing if we could just write a script that did a quick speedtest via the API in each location (even if it just did one at a time successively) and reported back. What they told me is 2 things. The built in speed test on the dashboard was built to estimate download times for the devices from the Meraki cloud. Once they had that feature in there, they decided to just make it exposed to the dashboard because there might be times where it's helpful, but it was never truly designed to be a full speed test. Second was that they are concerned about adding more speedtest options in to these devices due to how easily you could use that to DDOS something, whether intentionally or otherwise. A little frustrating, since it would be such a convenient solution for us to use, but to me it makes sense at least. Did you ever manage to get a solution to this problem. I also noticed the Meraki throughput test a bit useless and was hoping to do some API speed test.
... View more
My Top Kudoed Posts
