Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About RH6379
RH6379
Getting noticed
Member since May 30, 2018
12-20-2018
Community Record
21
Posts
2
Kudos
2
Solutions
Badges
We swapped out our MX84's for MX100's and it happened with 2 MX100's in an HA configuration. Meraki does not recommend a direct connection for heartbeats between the 2 MX devices any longer. We now have 2 MX100 devices with the HA one powered off. This is ridiculous.
... View more
11-20-2018
10:01 AM
We weren't able to ping the DNS servers or run an nslookup against them. After further investigating, the CheckPoint firewall wasn't seeing communications from that IP coming over the tunnel so the rules dropped that. Also, there was a high number of dns queries coming in so it got flagged by the checkpoint as suspicious activity. The CheckPoint sees the new IP of the laptop as coming over the tunnel so it's being allowed. @mat1458 wrote: If the MX is the DHCP server the incomplete ARP is not likely to be the issue since the traffic is routed and ARP is only necessary for the default gateway IP address in the local VLAN. It looks to me as if something in the DHCP processing on the client side as gone wrong. Did you do an ipconfig /all (or whatever the OS of the client might need to display the IP config) to see if the DNS servers and the Default Gateway were present in the PC? If everything is/was ok, could/can you ping the DNS server? Are you able to able to ping devices in proximity to the DNS server?
... View more
11-20-2018
08:23 AM
We had an issue yesterday where a PC at a remote site could not communicate with the DNS servers at our HQ over the VPN tunnel we established between the MX84 at the Remote Site and the CheckPoint Firewall at HQ. The MX84 is the DHCP server and we manually entered the IP Addresses for the DNS servers to assign to the clients. All clients except for this one worked. I ended up resolving the issue by assigning the workstation a different IP Address in the Workstation VLAN through a Reservation on the MX84 DHCP Settings. Then, it worked just like the others. Could the issue with the original IP communications not being sent across the VPN tunnel be an incomplete arp entry or something else? I've only seen this a handful of times in my 20+ year career, but never really resolved it other than changing the IP Address. We rebooted the MX84, but that didn't help either.
... View more
10-12-2018
10:53 AM
Meraki support told me today that they don't support site-to-site VPN inbound firewall rules even though it's there on the dashboard under Security appliance>Site-to-site VPN. They suggested I submit a feature request. When I asked why I should have to submit a feature request for an option that's on their dashboard, their response was: "It was an engineering team's decision and sorry about the confusion. If you need further assistance, please let me know or call Support Hotline at 415-937-6671."
... View more
10-12-2018
08:18 AM
We set up a VPN tunnel from our MX84 in our Phoenix office to a checkpoint firewall in our HQ. On the MX84, I have outbound vpn firewall rules that allow a PC in phoenix to communicate to 4 individual servers at HQ over any protocol. I have a 5th rule that is a deny any any. I disabled the default outbound rule that is a allow any any. On the inbound VPN firewall rules, I created rules to permit the 4 servers we're allowing outbound access to to talk to the pc. I also disabled the default inbound rule that is allow any any. If I navigate away from that page and then go back to it, all the rules I created in the inbound VPN firewall are gone. I'd like to know why this is happening and if it's a normal function of the MX84 or if have run into a bug. I opened a ticket with Meraki Support.
... View more
I tried replicating the issue this morning following the steps Meraki Support suggested, but I couldn't replicate it. I noticed that the uplinks from Switch 1 and 7 were both in forwarding mode so I connected a patch cable from switch 7 to switch 1. This caused switch 7 to put its connection to the MX84 in blocking mode since switch 1 is the root. I ran a test to ensure STP "failover" between Switch 1 and Switch 7 and back by doing the following: Connected laptop to Switch 3 in Stack 1. Started ping -t to 8.8.8.8 Started ping -t to 192.168.1.10 (Switch 9 in Stack 2) Started ping -t to 192.168.1.6 (Switch 5 in Stack 1) Pulled power from Switch 1 Lost 1 ping to the 3 IP’s as Switch 7 became the root and put its uplink to MX84 in forwarding mode. Reconnected power to Switch 1 Lost 1 ping when Switch 1 became the root again. Checked switch 7 ports on Meraki portal and port 24 (Uplink to MX84) is in blocking mode. Switch 7 shows the root being Switch 1 via port 23 (inter-switch) link. Switch 1 has port 24 (Uplink to MX84) in forwarding mode. Switch 1 shows itself as root. I don't know if this will prevent that broadcast storm that Meraki said happened, but it will ensure that both switch 1 and switch 7 don't have their uplinks to the MX84 in forwarding mode at the same time.
... View more
09-24-2018
12:12 PM
@PhilipDAth wrote: I have had issues like this with 9.x firmware, multiple times, but not with the 10.x firmware. This is probably cold comfort, but I always strive for a design as loop free as possible. In this case if you used MS210 switches you could stack them together. You could then use LACP to all the down stream switches. Then the only loop that would be left in the network would be the MX84 itself. This is likely to be a lotmore solid. I have been suggesting stackable switches for some time. Here in our HQ, we use stackable 3850's for our access switches going to 2 Catalyst 6807 switches via 10Gb links. someone else here supports the remote offices that we're putting this Meraki gear in and he had the initial design discussion with them. We even had the same discussion as to what you're recommending with the 2 stacked switches as the distribution layer and 120's for Access.
... View more
09-24-2018
12:06 PM
@NSGuru wrote: The MX/s do not participate in spanning tree so it may be possible it was the cause of your issue. Just an idea as ive had issues with multiple uplinks going from MX to LAN if spanning tree isnt working properly. Meraki Support told me they don't support multiple links from one switch to the MX84. They said a single uplink from multiple switches is fine. Having just 1 switch with a connection to the MX84 creates a SPOF, right?
... View more
09-24-2018
11:15 AM
I have 1 MX84 and 12 MS120-24P switches that I'm setting up for a new install. MX84 is doing the L3 Routing and has 7 VLANs defined on it. Switches 1-6 are in one rack and Switches 7-12 are in a second rack. Switches 1 and 7 are used as "Distribution Switches". Switches 1 and 7 Trunk Ports to Access Switches do not have any STP Guard enabled. Switches 2-6 and 8-12 Are "Access Switches". Switches 2-6 and 8-12 have uplinks to both Switches 1 & 7 which are configured as TRUNK ports on Native VLAN 1. Switches 1 & 7 each have a single uplink to a single MX84 which are configured as TRUNK ports on Native VLAN 1. Switch 1 has a root value of 0 and Switch 7 has a root value of 4096. Switches 2-6 & 8-12 have a value of 32768. On September 22nd, our DSL Internet Link went down. On September 24th, the DSL router was rebooted. Once the MX84 came online, Switch 1 flooded the network with broadcast traffic to all the switches, creating a broadcast storm. All the switches went offline and didn't come back up until I rebooted Switch 1. (Meraki Support is stating this is what happened.) Has anyone run into this before? We're running 10.35 on the switches. Meraki had me do port mirrors from all the uplink ports on switches 1 & 7 to an access port on those same switches. They asked me to disconnect the WAN link to the MX84 for 24 hours and then connect it back to see if we can replicate this issue.
... View more
09-24-2018
09:03 AM
Can I create a template for switches and not have to include MX devices? I have 2 networks bound to a template and I recently was asked to create a vlan specific to one of those networks on the MX84 which is where all of our VLANs are defined. If I create the VLAN for the one network, it'll be created on the other and we don't want that. I've been asked to change a few settings on the MX84 so I wanted to keep those individually configured and just have a profile for the switches and APs since that one-off VLAN would not be configured on or used by the switches.
... View more
09-21-2018
07:54 AM
Is it possible to create a switch profile that I can bind switches to without having to create a template? I understand that cloning a switch is possible, but I like the switch profile feature and the switch binding.
... View more
09-14-2018
06:26 AM
One of our guys that's in charge of setting up our small offices reported that when they tried to scan from an OCE printer and send it to an SMB share, it doesn't work if the printer is on a different VLAN than the NAS device it's trying to send it to. If they put the printers on the same VLAN as the NAS device, it works. The are able to print to those printers when they're on a different VLAN though. All the VLANs are configured on the MX65W we have there. We have a single MS120-24P that has a trunk port up to the MX65W with all VLANs allowed on the trunk. Printers were on VLAN 120 and NAS/Workstations were on VLAN 16. The workstations on VLAN 16 could print to the printers on VLAN 120, but the scan from printers on VLAN 120 to SMB share on the NAS in VLAN 16 didn't work. Once the printers were moved to VLAN 16, the scan function worked. I have no ACL's between VLANs. Any ideas?
... View more
We're debating whether to purchase SFP modules for our Meraki MS120-24's and use those as uplinks or just use one of the copper ports. My boss mentioned that the SFP ports might have a larger buffer. Does anyone know if that's true? Also, is there any documentation that talks about that and how/if the ports are split up into ASICs?
... View more
07-16-2018
11:59 AM
I have a Netgear Nighthawk R8000 wireless router on the first floor of my house. I don't get a strong signal on the top floor and opposite end of the house. I am getting a free MR33 AP. I'd like to use that MR33 on the top floor so that it provides stronger WiFi on that end of the house. Can I set up the MR33 as a bridge and connect a switch to it for the PCs on that side or Can I set it up as a wireless range extender so the laptops can connect to it over Wifi and get access to the internet?
... View more
I'm sorry, but I'm still not finding what you're referring to. Was it this?
... View more
So are they recommending to run VRRP via the switch port links?
... View more
I didn't think the MS120's support Physical or flexible stacking. Was that what you were referring to when you said to cluster the switches?
... View more
06-04-2018
08:19 AM
We have 12 MS120's in a remote office and a single MX84. This was a new install last week and the MX84 stopped connecting to the Meraki Cloud. We did t-shooting with Meraki Support and they determined it's a faulty MX84. I'm going to suggest to the higher ups to purchase a 2nd MX84 to be used as a warm spare. We have the following set up Switches 1-6 in Rack 1 Switches 7-12 in Rack 2 MX84 in Rack 2 I want to do the following: Uplink Switches 2-6 to both switch 1 and 7 with 1Gb connections Uplink Switches 8-12 to both switch 1 and 7 with 1Gb connections Connect Switch 1 to Switch 7 with 1Gb connection Connect 2 MX84's to both Switch 1 and 7 Connect MX84's to each other for VRRP Connect Comcast Router to both MX84's Switch 7 will be the primary path out to the internet and Switch 1 will be the secondary path out. Switch 7 root bridge value is 4096 Switch 1 root bridge value is 8192 Will I have to disable ports from MX84's to Switch 1 for this to work properly or will this work as shown below?
... View more
We're installing 12 MS-120 switches in a remote office and the switches are showing a DNS misconfigured error when we use the IP of the mgmt vlan as the DNS Server. That is configured on an MX84. If I enter a secondary DNS Server IP of 75.75.75.75, they go from Yellow to Green on the portal. What does having a public DNS IP on each switch buy me? I can still get to the switches without it.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 1642 | 11-20-2018 10:01 AM | |
| 3455 | 10-12-2018 10:53 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 1 | 5700 | |
| 1 | 6216 |
