- About AndreasE
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
AndreasE
Getting noticed
Member since Jun 8, 2018
Friday
Community Record
35
Posts
7
Kudos
0
Solutions
Badges
Friday
...and by the way: this rule section would not accept a "FQDN support" type of firewall rule -- neither by GUI nor by API!
... View more
Thursday
Look here (this screenshot is not taken from the docu, but from the very original page where you configure the rules): To me, this now very much looks like the "Cellular failover rules" shall simply substitute the native outbound rules! This would make sense in some respect -- and of course render my last Message obsolete...
... View more
Thursday
Thanks a lot for making this clear to me. But I would have another very interesting (and at the moment theoretical) question: The documentation says " These firewall rules are appended to the existing outbound rules". My current ruleset has the following structure: {"protocol" udp "srcPort" Any "srcCidr" Any "destPort" 53 "destCidr" Any "policy" allow "syslogEnabled" false "comment" DNS for FQDN support} {"protocol" tcp "srcPort" Any "srcCidr" Any "destPort" 80,443 "destCidr" *.microsoft.com "policy" allow "syslogEnabled" false "comment" HTTP[S] to MS} {"protocol" any "srcPort" Any "srcCidr" Any "destPort" Any "destCidr" Any "policy" deny "syslogEnabled" false "comment" Default catch-all other traffic} {"protocol" Any "srcPort" Any "srcCidr" Any "destPort" Any "destCidr" Any "policy" allow "syslogEnabled" false "comment" Default rule} (rule #2 has been capped for demo purposes) That said my question would be: Where are the Cellular Failover Rules "appended"? Before or after rule #4 (which is the default rule that cannot be changed)? Before or after rule #3 (which I had to insert in order to block unwanted outgoing traffic: I'm not very happy with the default rule #4 -- this is NOT the best practice for firewalls)? How can I control this? How can the Cellular Failover Rules do what they're supposed to do (e.g. deny traffic to microsoft.com, because you don't want to update your device using an expensive cellular service billed by volume)? Rgds, Andreas
... View more
07-29-2019
02:35 AM
Hi Philip, hi all, I think you can change the admin's name using the Dashboard API. At least, I've successfully done this on one of my Customers this morning using this Windows batch command: .\curl --max-time 3 --proxy proxy.intra.company.com:8090 -L -H "X-Cisco-Meraki-API-Key:***mykey***" -H "Content-Type:application/json" -X PUT --data-binary "{\"name\":\"Michael Fox (newco)\"}" "https://n213.meraki.com/api/v0/organizations/<orgID>/admins/<adminID>" Of course, you need to install curl and all required certs first and insert some details (name of proxy server, your API key, orgID, adminID), but it worked for me! Regards, AE
... View more
06-11-2019
02:10 AM
Hiya, is there a complete list of all MQTT "topics" that any MV sense can/will publish to its broker? I found all other interesting articles in "documentation", "create.io", and this community referring to that space, but no topics description. Who can help? Rgds, AndreasE
... View more
05-09-2019
04:44 AM
so it's worth opening a case?
... View more
05-09-2019
02:45 AM
Yes, I'm pretty sure, checked twice. (I just removed the hyperlinks from the post)
... View more
05-09-2019
02:40 AM
Hi all, a few mins ago I've received the following mail from Meraki: ----- The security appliance in the <xyz> network has detected an IP conflict with two or more devices. The IP 10.23.180.69 is claimed by clients with the following MAC addresses: 00:0D:AC:10:F6:7D ----- Any idea how that may happen? Regards, AE
... View more
05-07-2019
11:33 PM
Hi Brecht, tx for your list, this is very helpful. Although I need to admit that the only model I'm missing in this list is just the one I was asking for... Z3C! Regards, Andreas.
... View more
05-07-2019
05:26 AM
Hi all, I know that all serial numbers of Z3 model devices start with "Q2TN". But what prefix is used for Z3C model devices? Is there a "tool" or other thing that maps such prefixes with models? Rgds, AndreasE
... View more
04-04-2019
04:35 AM
Ha, I would be so glad if I could configure it manually at all -- not to dream of a template...
... View more
04-03-2019
12:26 AM
Hi, I'm working for a big MSP and we're delivering services based on Meraki to several Customers. After I logged in into Dashboard, I'm presented with a list of Organisations (= Customer names) where my mail address is linked to (as an admin). But that means if I'm presenting the 2FA login procedure to one specific Customer, he could see the names of the other Customers as well -- which is privacy-sensitive information. Is there a specific type of URL (augmented with Organisation name etc.) which would directly select this Organisation and don't present the list of all Organisations I'm bound to? Kind Regards, Andreas
... View more
03-22-2019
05:48 AM
Hi, can I create a certain "Port tag" and then customize the "Summary Report" in such a way that it will report any traffic on ports tagged like these (e.g. as Anomalies)? Rgds, Andreas.
... View more
03-15-2019
03:52 AM
Hi all, if an MX device needs to be replaced (RMA case), would the replacement device get the same MTU size setting that the broken one had configured (by Meraki Support)? Or do we have to open a new case right after the device has actually been replaced? Rgds, Andreas
... View more
03-14-2019
03:40 AM
1 Kudo
Hi Ajit, I think you can only make "LAN4" to be "WAN2". Your screenshot suggested that "LAN1" could be "WAN2" which IMHO can not be configured on the local status page. Btw: Would be great if Dashboard would reflect that configuration change in the "Status" picture, like 1 2 3 WAN2 WAN1 Rgds, Andreas. PS: The page "Security & SD-WAN"->"Monitor"->"Appliance status" shows "WAN2" IP address as "Not connected" even in the case you have NOT done the local status page config change -- as soon as the Configuration Template's Traffic Shaping setting implies this!
... View more
03-14-2019
03:31 AM
how? example?
... View more
03-14-2019
12:47 AM
Hi BrechtSchamp, tx for your quick reply. And yes, you seem to be absolutely right. Meanwhile I'm receiving such mails (it didn't happen yesterday when I switched it on, but by magic it works now), but detected some software bugs in this feature quickly: I'm receiving a mail that tells me "The following 1 Bluetooth client on the xyz- wireless <https://n146.meraki.com/xyz-wireless/n/qw0j9abc/manage/bluetooth_clients/> network has gone out of range. <https://n146.meraki.com/xyz-wireless/n/qw0j9abc/manage/bluetooth_clients/1234> - Cisco Meraki" -- none of the clients seen in the list is called "Cisco Meraki", and it wouldn't make sense to use that very name for a client (!), wouldn't it? When I open any "Bluetooth client" details page ("Bluetooth Device" window title) and tried to hop to the original configuration template the wireless network is bound to (e.g. in order to change the Alert settings), I always receive a "Server Error" message. My company phone is a "Microsoft Lumia 640 LTE" with Windows 10 Mobile Enterprise. I'm generally able to use Bluetooth, but the Meraki Wireless Bluetooth Scanning seems to not recognize it. Seems the functionality is not very mature? Rgds, Andreas
... View more
03-14-2019
12:01 AM
Hi all, I have found this feature yesterday and tried it. But regrettably, I'm not seeing any mail alert coming through. The mask doesn't allow me to configure a recipient, you can just switch on or off 2 types of alerts, that's all. What mail address is it using? Rgds, Andreas
... View more
02-22-2019
12:01 AM
https://documentation.meraki.com/zGeneral_Administration/Templates_and_Config_Sync/Managing_Multiple_Networks_with_Configuration_Templates#Creating_a_Configuration_Template https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Cloning_Networks_and_Organizations_in_Dashboard#Creating_New_Networks both pages don't tell you the following: Site-to-site VPN cannot be enabled for a security appliance template unless VLANs are enabled, and at least one VLAN emits unique subnets. By default cloning templates sets VPN to off to prevent subnet overlap within the Organisation. Config sync doesn't work for "network tags" or "Template networks" (containing an MX appliance and a MS switch)
... View more
02-21-2019
11:25 PM
Hi Philip, tx for your confirmation. What I don't like about Meraki products and support: 1. "known issues": they never tell you, but just keep it under the blanket 2. software bugs: no bug bounty program, instead you get silly reply questions about settings they should better know about than we do (why are they asking for a device ref when they never look into the device whilst working on a case?) 3. really bad or aged documentation on the web 4. instead of an error message or at least a warning, the dashboard falls back into a default setting and doesn't tell you about the risks Rgds, Andreas
... View more
02-21-2019
05:08 AM
1 Kudo
See the replies from Meraki Support: 1. "Site-to-site VPN cannot be enabled for a security appliance template unless VLANs are enabled, and at least one VLAN emits unique subnets. Are you running unique subnets in your template VLAN settings?" Because my answer was "sure", I received a 2nd reply: 2. "By default cloning templates sets VPN to off to prevent subnet overlap within the Organisation." And see Meraki webpages: https://documentation.meraki.com/zGeneral_Administration/Templates_and_Config_Sync/Managing_Multiple_Networks_with_Configuration_Templates#Creating_a_Configuration_Template https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Cloning_Networks_and_Organizations_in_Dashboard#Creating_New_Networks
... View more
02-20-2019
11:41 PM
1 Kudo
Yesterday, we cloned our Config Template called "Father" into a new Template called "Son" (they both differ in just one network mask of a VLAN-ID). Everything worked well apart from the fact that the newly cloned Template called "Son" did not carry the same Site-to-Site VPN settings (specifically "Type" = "Spoke" as well as the "Hub" setting) than the old parent Template called "Father". We recognized too late that the newly cloned Template "Son" was set back to the default value which seemed to be "Type" = "Off" which -- as a "knock-on effect" -- did cause serious routing issues to two networks that have been bound to "Son" .
... View more
02-13-2019
05:00 AM
Hi BrechtSchamp, no, I'm not, I just tried it myself. When I click on the link, I'm taken to the last organization and network that was active during my last logout. But independently from that: Didn't your mother tell you that you should never click on hyperlinks that have been sent to you via email? Eh? Rgds, Andreas.
... View more
02-13-2019
04:57 AM
Hi BrechtSchamp, sorry, I had been a bit short here: This time, the vMX100 license is a trial license. I can imagine that in case of a trial license, Meraki is in the "driver seat", i.e. forces this site to be upgraded ("first shoot, then ask"). For licenses and devices that the Customer really bought, the Customer is in the driver seat for firmware upgrades. This means he could switch off automatic firmware upgrades and schedule them to a off-peak day or weekend or even postpone them until the firmware has reached a kind of maturity. Rgds, Andreas
... View more
02-13-2019
04:14 AM
1 Kudo
Hi, we (the Meraki admins working for MSP BT (British Telecom)) received an email which announces that a vMX100 instance of one of our Customers will receive an automatic upgrade (which obviously cannot be prevented for trial licenses), see down. This mail contained the network name, but not the organization name: But if you are an MSP, it could be a hard time to identify the Customer just from the network name (this time "azure") and such network names could even be non-unique! I "made a wish", but I'd like to tell others in the community to have that in mind when creating network names.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 679 | |
| 1 | 6469 | |
| 1 | 624 | |
| 1 | 636 | |
| 1 | 583 |
