- About Pugmiester
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Pugmiester
Getting noticed
Member since May 9, 2018
a week ago
Community Record
49
Posts
9
Kudos
3
Solutions
Badges
09-09-2019
01:38 AM
Hi @PhilipDAth, I'll ask our server team to double check but there was nothing that jumped out last time. We do have the Symantec AV client installed on all of the DC's, all running the same policy but some happily respond and others don't, but not consistently. MX1 might get a response from DC1 but MX2 doesn't. I'm not 100% certain how to confirm the certificates but is one MX works and another doesn't, I would have thought the certificate was OK. I'm just finding it difficult to find a pattern to be able to poke something with a stick.
... View more
09-09-2019
01:29 AM
Hi @Happiman, I don't see any WMI errors. The server connection seems to be happy when I plug in the username/password details and we get the green check mark but then the LDAP refresh starts, shows the spinning circle then no results.
... View more
09-06-2019
03:27 AM
Hi all, We are trying to enable the AD connector on a number of MX appliances spread across our European offices but failing in what seems to be a completely random fashion. We've followed the setup process outlined in the following article on each of the DC's we are trying to work with and confirm all of the relevant settings are in place. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Directory_with_MX_Security_Appliances When we add the AD credentials (We're using the same service account with just the relevant permissions), we can get the status to report back as OK but getting the LDAP group list to populate is where we are falling over. It seems to be completely random whether it works or not. We appreciate that we need to point to the sites local DC to capture the login details but even that's not consistent. For example, our office in The Netherlands has been failing talking to its local DC but worked (for the first time today) when pointed at one in the UK. On the same UK site, their local MX refuses to talk to the same DC that is happily working for MX in The Netherlands. This seemingly random pattern repeats itself across half a dozen different sites and I cannot find any one link between them. Does anyone have a clue what could be causing this?
... View more
08-01-2019
12:39 AM
1 Kudo
That's the conclusion I was getting to as well. The good news is, we don't have to rip out the Checkpoint to get the MX's live so for a little extra breathing space I can leave the setup as it is initially so we can work out a solution with a little more breathing time.
... View more
07-31-2019
05:16 AM
Hi all, I'm working through the process of migrating one of our offices from a Checkpoint firewall to an MX but I've run up against an issue and I can't think of a sensible way around it. The site has a DMZ behind the Checkpoint firewall with a server that makes connections both to the internet (easy to reproduce) but also to a single server in a data centre across our global WAN. That connection has a policy on the Checkpoint that uses NAT so the connection looks to the data centre server as though it's the firewall making the request and as the local office LAN is a subnet the data centre knows about, it just routes the traffic back. The DMZ server in question is a third party black box so we are hoping to avoid having to connect it directly to the LAN in the office as we cannot be certain how up to date it is. Is there any way I can reproduce that DMZ <> NAT <> LAN functionality with an MX or do I need to starting thinking about having routes for the DMZ subnet advertised across the WAN?
... View more
07-11-2019
02:14 AM
2 Kudos
Congratulations to all. There's certainly a few familiar names on the list that have been really helpful in getting things fixed and helping me understand the transition to Meraki from other technologies.
... View more
06-17-2019
03:12 AM
Hi @PhilipDAth, the services are all NAT on the current firewall so we would be reproducing the same setup but it's just not very clear how you can create a 1:1 NAT for an IP address that's not in the WAN subnet. The MX has no idea what the gateway would be for that second subnet without some way to configure it on an interface somewhere.
... View more
06-17-2019
01:58 AM
Hi all, As we're deploying out MX's across our EU sites we have run up against a little issue with a site that has 4 different small subnets supplied from their ISP, one of the joys of the IPv4 exhaustion and a lot of locally hosted services. While we will likely end up moving the services across to the first 2 subnets, there's a lot of third party involvement which will inevitably lead to service outages, as they do when you don't have visibiity of both sides of a connection. Obviously we could assign a subnet to each WAN interface (We're running an MX-250) but is there any way we could make use of the additional subnets?
... View more
06-10-2019
12:44 AM
Thanks @PhilipDAth, I spotted the VLAN disabled but unfortunately suppers us right now as all of the larger sites have VLAN's enabled we'd need to router around. I was looking at OSPF because I have a little experience with it and only a passing understanding of BGP.
... View more
06-07-2019
05:29 AM
Hi @PhilipDAth, I'm just butting up against the OSPF restrictions myself. It would be a big help if OSPF was available on an MX in NAT mode to publish the Auto VPN routes to a local LAN gateway for the larger sites we have where the MX will not immediately replace the default router. Looks like a little manual work until we get things organised.
... View more
06-03-2019
04:53 AM
Thanks @PhilipDAth, not a bad idea at all, especially if there's not a big difference in cost to begin with.
... View more
06-03-2019
04:52 AM
Thanks @ali_abbass85, I really like the simple diagram idea. One of the many challenges we have is as part of our company reorganisation, we're now becoming centrally responsible for all of these remote sites without having any idea what's on the site yet.
... View more
06-03-2019
04:47 AM
Hi @ SoCalRacer t hat's the approach we've been considering as the best fit so far. It does involve an amount of cable swapping by the local guys but I think with a bit of Friday afternoon brainstorming we've found a process that should work.
... View more
05-31-2019
06:28 AM
Hi folks. We're starting our roll-out of around 25 sites across Europe who will all be receiving a HA pair of MX's (64, 100, 250 depending on site size). The hardware is being shipped directly to site by Meraki and we have a varying level of IT support on each site, from dedicated IT staff through to the guy who fills the coffee machine. We're configuring all the sites ready to support dual internet feeds for future expansion (a task you need the local status page for on an MX64/MX100) and then configuring them for HA. It's a relatively simple task if all the hardware's sat on your desk but a little trickier to achieve on a remote site. A quick Google this afternoon returns a selection of links but none that really walk through the process in enough detail to make it easy to explain to someone remote. Does anyone have a handy guide that we could use to help simplify the process and make it easy to follow?
... View more
05-29-2019
03:16 AM
I'm looking forward to a network that does a lot more to manage the client load and connections between the access points to better manage hotspots around the building.
... View more
05-28-2019
03:08 AM
It appears that Meraki has decided that I now speak Dutch so the latest email update from them has picked Dutch accordingly. As far as I can tell on the dashboard I'm set for English so I have no idea where this has been changed. Any clues folks?
... View more
04-17-2019
01:24 AM
Hi all. So, I logged a ticket with Meraki support and the upshot seems to be that the current mix of Meraki and Catalyst devices is preventing the network from being discovered correctly. I can understand that but I don't get why replacing Catalyst with Meraki hardware has made this particular area less visible to the topology view. Most odd. However, there's mention of LLDP which we don't currently run on the Catalyst devices so I think I'm going to enable it and see if that helps get a better picture of what's connected to what and I'll report back.
... View more
04-16-2019
08:03 AM
Hi @BrechtSchamp, that's great. Sounds like this shouldn't be a big a headache, just plenty of warning for the affected users and some hand holding to make sure the less technical staff (guest ambassadors) have an authentication app ready to go.
... View more
04-16-2019
07:59 AM
Hi @Cmiller, that's what I was hoping for. We have a reasonable number of guest ambassadors as we have 25+ networks with local ambassadors managing the guests so it's a decent sized update for them all but if it's a guided process it will make things a bit simpler.
... View more
04-16-2019
06:30 AM
Hi all, We are looking to tighten up the security on our existing Meraki organisation by enforcing all admins to have multifactor authentication enabled on their account. What we're not sure about is the impact of enforcing it after the accounts have been created. We have a number of full organisation admin accounts and all of those with any sort of write permissions have MFA enabled but there are accounts with either organisational read-only or guest ambassador roles that currently don't. If we throw the switch and enforce MFA under Organization > Settings > Security, does anyone know if that would effectively lock all of the non-MFA enabled users out completely or is there an automated process that relays those users to the MFA setup the first time they try to log back in? We're just trying to avoid a bunch of help desk calls if we can and an automated process would make that a lot simpler.
... View more
04-02-2019
12:33 AM
1 Kudo
Hi @BrechtSchamp, based on @PhilipDAth comment about the 24 hour timing, it'll roll over to that around 10:00 this morning so I'll see what it looks like later in the day and failing that I'll raise a ticket with support. Thanks all.
... View more
04-02-2019
12:31 AM
Hi @PhilipDAth, we made the changes on Friday afternoon so there should have been plenty of time but I didn't realise that I hadn't added VLAN1 to the trunk until I noticed the missing hardware yesterday morning so I'll see how things look later in the day.
... View more
04-01-2019
06:57 AM
Hi @ww, yes all of the hardware is in the same combined network. I'm unsure if LLDP was enabled on the old Catalyst switch, I would guess not as I don't recall enabling it but I'm puzzled by why the Meraki switches seem to not be seeing their Meraki neighbours in the end to end path.
... View more
04-01-2019
06:34 AM
Hi all, this has me puzzled. We have replaced an older model Cisco Catalyst switch with a Meraki MS210-24P but it's not visible on the topology, neither is the MR32 on the other side of it. Before we started, our topology looked like this :- MX-100 <> Catalyst 4500 (Our core) <> SFP fibre <> Catalyst <> MR32 The new setup looks like this :- MX-100 <> Catalyst 4500 (Our core) <> New MS225-48FP <> SFP fibre <> New MS210-24P <> MR32 None of the new hardware appears on the topology view, nor does the MR32. I must say I'm not 100% certain the MR32 was visible before the move but if I use the search on the topology view it lists 1 device found but it's not visible. We moved the fibre connection to the MS225 because we were burning up a 10Gbps SFP+ port on the core switch for a generally 10Mbps throughput connection. The links between all of the switches are trunks carrying native VLAN1 plus a couple of others in use on site. Could it simply be that the topology view isn't updated in realtime or maybe only after a switch restarts (VLAN1 was filtered off the trunk initially)?
... View more
03-01-2019
12:25 AM
When we quickly swapped in the boxes last night in place of the existing router, the master picked up the previous internet facing IP so as long as the working device does that I think we will be OK. It's clumsy but if it'll work for us then it will ave to do for now. As I mentioned in my reply to @PhilipDArh above, we should be able to get a secondary connection running for LAN4 so at least the spare MX has a permanent dashboard connection to pickup configuration changes.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 591 | 11-13-2018 07:35 AM | |
| 1834 | 10-31-2018 07:05 AM | |
| 697 | 07-06-2018 05:23 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 2495 | |
| 2 | 2565 | |
| 1 | 118 | |
| 1 | 560 | |
| 1 | 1828 |
