The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About JonathanDixon
JonathanDixon

JonathanDixon

Here to help

Member since Sep 5, 2017

‎10-16-2020
Kudos from
User Count
jdsilva
Kind of a big deal jdsilva
1
View All
Kudos given to
User Count
HitoshiH
Meraki Employee HitoshiH
1
MerakiDave
Meraki Employee MerakiDave
1
Neshi
Neshi
1
Dashboard_DJ
Meraki Employee Dashboard_DJ
1
View All

Community Record

8
Posts
1
Kudos
0
Solutions

Badges

CMNA
1st Birthday
First 5 Posts
Lift-Off View All
Latest Contributions by JonathanDixon
  • Topics JonathanDixon has Participated In
  • Latest Contributions by JonathanDixon

Selectively disabling threat protection (AMP & IDS/IPS) with group policy

by JonathanDixon in Security / SD-WAN
‎09-16-2019 08:14 PM
‎09-16-2019 08:14 PM
Hi All,   It looks like it's possible to disable Advanced Malware Protection (ie. HTTP file download inspection) at a group policy level, but not Intrusion detection and prevention (SNORT) - does anyone know if it's possible to do this somehow?   Use case is a firewall with lots of guest internet users connected to one subnet that we're not interested in protecting, but we are interested in protecting admin users on a separate subnet.     Thanks,   Jonathan ... View more

Re: MX64 Internet port link drops at 100/full (okay on auto / auto)

by JonathanDixon in Security / SD-WAN
‎06-13-2019 03:20 AM
1 Kudo
‎06-13-2019 03:20 AM
1 Kudo
Thanks @jdsilva and @PhilipDAth - a crossover cable did the trick! ... View more

Re: MX64 Internet port link drops at 100/full (okay on auto / auto)

by JonathanDixon in Security / SD-WAN
‎05-17-2019 07:21 PM
‎05-17-2019 07:21 PM
I haven't tried a crossover cable yet - good suggestion, I will give that a try.   Thanks guys. ... View more

MX64 Internet port link drops at 100/full (okay on auto / auto)

by JonathanDixon in Security / SD-WAN
‎05-17-2019 04:25 AM
‎05-17-2019 04:25 AM
Hi All,   Long, scattered post, I'll start by saying I think this will end up being an ISP issue, I'm wondering if anyone has seen anything similar.   I have a client with an Ethernet delivered Internet service, (layer 2 radio link back to ISP) terminated into a Cisco switch at the ISP.  I know it's a Cisco switch at the ISP because until recently they were sending us CDP... The service was plugged into a Cisco 1941 at the client end and working fine (no vlan, though the ISP switch has native vlan xyz configured - I could see from the CDP).  The ISP enforces 100/full rather than auto/auto. I'm trying to replace the 1941 with a MX64, so I configured the MX with the same IP / mask etc. and set the Internet port to 100/full, no VLAN tags, just as it is on the 1941.  I was surprised when it got to site and didn't work.  The link LED on the Meraki Internet port was off, as was the link light on the ISP's CPE.  I got the client to connect to the Meraki's admin page and set the Internet port to auto/auto.  The link came up (at 100/half, to be expected as the ISP end is 100/full).  Changing the Meraki to Internet port to 100/full, the link drops again.   The ISP can't / won't change their equipment to auto / auto, so i'm a bit stuck.  They have disabled CDP on their port facing us, I assume it's still configured link 'switchport trunk native vlan xyz' - not that it should matter.   Not sure where to go from here, except leaving the 1941 and putting the MX behind it, double NAT, or using a couple of switch ports to 'bridge' between the Meraki's internet port and ISP's CPE.  I can't really do much troubleshooting on the MX and can't do a packet capture as i'm not on site.  I've had the client grab the support .dat file from the local status page and I've sent that to support.    Any theories?  The ISP haven't been able to assist very much and there is a bit of a language barrier.  I'm wondering if the ISP or Meraki is reacting to BPDUs and shutting the port down, though I think it would just go into blocking rather than shutting the port down.  But this seems like more of a speed / duplex negotiation issue.  We've tried a two-pair ethernet cable in case gigabit negotiation is happening, made no difference, as well as new patch leads.  I will also try using LAN4 instead of the Internet port.   We occasionally see no settings on the MX's Ethernet page as well, I think I've seen that once or twice in the past but also a bit odd.     I'll be pushing the ISP to assist more next week but welcome any suggestions!       Jonathan ... View more

Re: MX with IPoE Internet connection drops out

by JonathanDixon in Security / SD-WAN
‎11-17-2018 06:16 PM
‎11-17-2018 06:16 PM
Hi Nolan, All the logs show is the site to site VPN connectivity issues, then Primary uplink status change uplink: 1, then some time later Primary uplink status change uplink: 0. I don't have e-mail alerts setup for this one but the Appliance Status / Uplink tab shows 100% packet loss on uplink 0 during the outage. Here's a sample log showing an outage for a couple of hours: Nov 17 10:29:03 Route connection change peer_type: l3_vpn, peer: E0:C8:8C:24:33:CB, connection_status: connected Nov 17 10:29:03 Route connection change peer_type: l3_vpn, peer: E0:C8:8C:23:0B:4F, connection_status: connected Nov 17 10:29:03 VPN tunnel connectivity change vpn_type: site-to-site, peer_contact: 4.5.6.7:47227, connectivity: true Nov 17 10:29:03 Primary uplink status change uplink: 0 Nov 17 10:29:02 Non-Meraki / Client VPN negotiation msg: notification INVALID-COOKIE received in unencrypted informational exchange. Nov 17 10:28:57 VPN tunnel connectivity change vpn_type: site-to-site, peer_contact: 8.7.6.5:53890, connectivity: true Nov 17 10:28:52 Non-Meraki / Client VPN negotiation msg: notification INVALID-COOKIE received in unencrypted informational exchange. Nov 17 10:28:50 VPN registry connectivity change vpn_type: site-to-site, connectivity: true ***MX has switched to backup link Nov 17 09:12:05 Non-Meraki / Client VPN negotiation msg: initiate new phase 1 negotiation: 192.168.15.2[500]<=>19.20.21.22[500] Nov 17 09:12:04 Route connection change peer_type: l3_vpn, peer: E0:C8:8C:24:33:CB, connection_status: connected Nov 17 09:12:04 Primary uplink status change uplink: 1 ... Nov 17 09:08:42 Non-Meraki / Client VPN negotiation msg: initiate new phase 1 negotiation: 12.13.14.15[500]<=>19.20.21.22[500] Nov 17 09:08:37 VPN registry connectivity change vpn_type: site-to-site, connectivity: false Nov 17 09:08:18 VPN tunnel connectivity change vpn_type: site-to-site, peer_contact: 8.7.6.5:53890, connectivity: false Nov 17 09:08:17 Route connection change peer_type: l3_vpn, peer: E0:C8:8C:23:0B:4F, connection_status: disconnected Nov 17 09:08:13 VPN tunnel connectivity change vpn_type: site-to-site, peer_contact: 4.5.6.7:47227, connectivity: false Regards, Jonathan ... View more

MX with IPoE Internet connection drops out

by JonathanDixon in Security / SD-WAN
‎11-16-2018 06:39 PM
‎11-16-2018 06:39 PM
Hi All,   Some of our ISPs deliver services using IPoE (instead of PPPoE), it's similar to DHCP in its appearance to the CPE.  With the MX WAN side configured for DHCP the connection does come up and work for a while (hours to days) but then drops out for a period (tens of minutes to two hours) then comes back on its own.   This only seems to happen with the MX, a Cisco router in place of the MX works fine (as does a Netgear etc.)   I've had a couple of cases open on this but haven't yet found a solution (apart from another router in-between and double NAT).  I suspect it's something with DHCP negotiation - curious to know if anyone has had similar issues?     Thanks,   Jonathan ... View more

Routing a public subnet through MX

by JonathanDixon in Security / SD-WAN
‎11-20-2017 05:39 PM
‎11-20-2017 05:39 PM
Hi All,   It has been asked before - and I think it may be in or near beta - but where are we at with routing a public subnet through a MX, to allow us to put public IPs directly on devices (rather than 1:1 NAT)?   We have a few clients where we're having to use ASAs where a MX would do, just because certain systems can't work with 1:1 NAT.     Thanks,   Jonathan ... View more

Re: Routing public traffic through an MX

by JonathanDixon in Dashboard & Administration
‎11-16-2017 12:40 AM
‎11-16-2017 12:40 AM
Just bumping this one - any news on this feature?  We have a few clients where we're having to use ASAs where a MX would do, just because we can't have a public routed subnet with no NAT... ... View more
Kudos from
User Count
jdsilva
Kind of a big deal jdsilva
1
View All
Kudos given to
User Count
HitoshiH
Meraki Employee HitoshiH
1
MerakiDave
Meraki Employee MerakiDave
1
Neshi
Neshi
1
Dashboard_DJ
Meraki Employee Dashboard_DJ
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: MX64 Internet port link drops at 100/full (okay on auto / auto)

Security / SD-WAN
1 2300
View All
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2021 Meraki