- About AndreasE
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
AndreasE
Getting noticed
Member since Jun 8, 2018
Friday
Community Record
23
Posts
6
Kudos
0
Solutions
Badges
Friday
Hi, can I create a certain "Port tag" and then customize the "Summary Report" in such a way that it will report any traffic on ports tagged like these (e.g. as Anomalies)? Rgds, Andreas.
... View more
2 weeks ago
Hi all, if an MX device needs to be replaced (RMA case), would the replacement device get the same MTU size setting that the broken one had configured (by Meraki Support)? Or do we have to open a new case right after the device has actually been replaced? Rgds, Andreas
... View more
2 weeks ago
Hi Ajit, I think you can only make "LAN4" to be "WAN2". Your screenshot suggested that "LAN1" could be "WAN2" which IMHO can not be configured on the local status page. Btw: Would be great if Dashboard would reflect that configuration change in the "Status" picture, like 1 2 3 WAN2 WAN1 Rgds, Andreas. PS: The page "Security & SD-WAN"->"Monitor"->"Appliance status" shows "WAN2" IP address as "Not connected" even in the case you have NOT done the local status page config change -- as soon as the Configuration Template's Traffic Shaping setting implies this!
... View more
2 weeks ago
Hi BrechtSchamp, tx for your quick reply. And yes, you seem to be absolutely right. Meanwhile I'm receiving such mails (it didn't happen yesterday when I switched it on, but by magic it works now), but detected some software bugs in this feature quickly: I'm receiving a mail that tells me "The following 1 Bluetooth client on the xyz- wireless <https://n146.meraki.com/xyz-wireless/n/qw0j9abc/manage/bluetooth_clients/> network has gone out of range. <https://n146.meraki.com/xyz-wireless/n/qw0j9abc/manage/bluetooth_clients/1234> - Cisco Meraki" -- none of the clients seen in the list is called "Cisco Meraki", and it wouldn't make sense to use that very name for a client (!), wouldn't it? When I open any "Bluetooth client" details page ("Bluetooth Device" window title) and tried to hop to the original configuration template the wireless network is bound to (e.g. in order to change the Alert settings), I always receive a "Server Error" message. My company phone is a "Microsoft Lumia 640 LTE" with Windows 10 Mobile Enterprise. I'm generally able to use Bluetooth, but the Meraki Wireless Bluetooth Scanning seems to not recognize it. Seems the functionality is not very mature? Rgds, Andreas
... View more
2 weeks ago
Hi all, I have found this feature yesterday and tried it. But regrettably, I'm not seeing any mail alert coming through. The mask doesn't allow me to configure a recipient, you can just switch on or off 2 types of alerts, that's all. What mail address is it using? Rgds, Andreas
... View more
02-22-2019
12:01 AM
https://documentation.meraki.com/zGeneral_Administration/Templates_and_Config_Sync/Managing_Multiple_Networks_with_Configuration_Templates#Creating_a_Configuration_Template https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Cloning_Networks_and_Organizations_in_Dashboard#Creating_New_Networks both pages don't tell you the following: Site-to-site VPN cannot be enabled for a security appliance template unless VLANs are enabled, and at least one VLAN emits unique subnets. By default cloning templates sets VPN to off to prevent subnet overlap within the Organisation. Config sync doesn't work for "network tags" or "Template networks" (containing an MX appliance and a MS switch)
... View more
02-21-2019
11:25 PM
Hi Philip, tx for your confirmation. What I don't like about Meraki products and support: 1. "known issues": they never tell you, but just keep it under the blanket 2. software bugs: no bug bounty program, instead you get silly reply questions about settings they should better know about than we do (why are they asking for a device ref when they never look into the device whilst working on a case?) 3. really bad or aged documentation on the web 4. instead of an error message or at least a warning, the dashboard falls back into a default setting and doesn't tell you about the risks Rgds, Andreas
... View more
02-21-2019
05:08 AM
1 Kudo
See the replies from Meraki Support: 1. "Site-to-site VPN cannot be enabled for a security appliance template unless VLANs are enabled, and at least one VLAN emits unique subnets. Are you running unique subnets in your template VLAN settings?" Because my answer was "sure", I received a 2nd reply: 2. "By default cloning templates sets VPN to off to prevent subnet overlap within the Organisation." And see Meraki webpages: https://documentation.meraki.com/zGeneral_Administration/Templates_and_Config_Sync/Managing_Multiple_Networks_with_Configuration_Templates#Creating_a_Configuration_Template https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Cloning_Networks_and_Organizations_in_Dashboard#Creating_New_Networks
... View more
02-20-2019
11:41 PM
1 Kudo
Yesterday, we cloned our Config Template called "Father" into a new Template called "Son" (they both differ in just one network mask of a VLAN-ID). Everything worked well apart from the fact that the newly cloned Template called "Son" did not carry the same Site-to-Site VPN settings (specifically "Type" = "Spoke" as well as the "Hub" setting) than the old parent Template called "Father". We recognized too late that the newly cloned Template "Son" was set back to the default value which seemed to be "Type" = "Off" which -- as a "knock-on effect" -- did cause serious routing issues to two networks that have been bound to "Son" .
... View more
02-13-2019
05:00 AM
Hi BrechtSchamp, no, I'm not, I just tried it myself. When I click on the link, I'm taken to the last organization and network that was active during my last logout. But independently from that: Didn't your mother tell you that you should never click on hyperlinks that have been sent to you via email? Eh? Rgds, Andreas.
... View more
02-13-2019
04:57 AM
Hi BrechtSchamp, sorry, I had been a bit short here: This time, the vMX100 license is a trial license. I can imagine that in case of a trial license, Meraki is in the "driver seat", i.e. forces this site to be upgraded ("first shoot, then ask"). For licenses and devices that the Customer really bought, the Customer is in the driver seat for firmware upgrades. This means he could switch off automatic firmware upgrades and schedule them to a off-peak day or weekend or even postpone them until the firmware has reached a kind of maturity. Rgds, Andreas
... View more
02-13-2019
04:14 AM
1 Kudo
Hi, we (the Meraki admins working for MSP BT (British Telecom)) received an email which announces that a vMX100 instance of one of our Customers will receive an automatic upgrade (which obviously cannot be prevented for trial licenses), see down. This mail contained the network name, but not the organization name: But if you are an MSP, it could be a hard time to identify the Customer just from the network name (this time "azure") and such network names could even be non-unique! I "made a wish", but I'd like to tell others in the community to have that in mind when creating network names.
... View more
11-21-2018
07:45 AM
Hi Nolan, I got the message (i.e. "Cisco or Meraki perspective first"). But as I mentioned, an MSP/ISP sometimes buys gear and/or licenses for stock. You simply cannot bill a Customer for gear/licenses on your stock which he cannot use before "ready for use" date. Do you know by chance what kind of API has been implemented in the Connectwise solution? With Kind Regards, AndreasE
... View more
11-21-2018
07:42 AM
Hi Tyler, you mentioned that " Connectwise Unite product uses the Meraki API". I would appreciate if you could tell me which of the three APIs (https://create.meraki.io) you were thinking of. And especially if you've meant the "Dashboard API" (https://create.meraki.io/guides/dashboard-api/), which API function is used. Kind Regards, AndreasE
... View more
11-21-2018
12:59 AM
Hi, I'm working for a MSP (specifically, an ISP). That means we're selling Managed Services based on MX appliances and other Meraki devices to our Customers. One internal task is billing, of course: That means once the service is ready for use, we need to charge it to the Customer on a monthly basis. But in order to get this done as accurate as possible, we need to know exactly the very first day when a Meraki device was "ready for use", e.g. first seen in the Meraki Dashboard or first contact to the Meraki controller. (The day after that date is usually referred to as the "Billing Start Date".) Until now, I did not find any play in the Meraki Dashboard nor any command within the Dashboard API that I could use to create a report for my billing department. Who can help with any kind of advice, idea, whatsoever? Rgds, Andreas E.
... View more
10-25-2018
12:55 AM
Hi Blake, tx for your interesting reply. I will copy it to our BT-internal OneNote Notebook where we always try to keep such "tipps&tricks" for other team mates. I myself have always used a very restrictive set of characters for Meraki tags, i.e. "[a-z][a-z_]*" (if you're fine with a "regexp"). That said, UPPERCASE vs lowercase didn't play a role for me when searching for tags. Rgds, Andreas.
... View more
10-22-2018
02:24 AM
3 Kudos
My Customer and I have had the idea to copy the MAC address of the VDSL router of a given site into the "NOTES" field of the MX appliance. But MAC addresses do contain UPPERCASE hex letters "A" to "F" sometimes. And funny enough you cannot search for these in the "Search Dashboard" function! After an hour of trial and error, I have found the following that I'd like to share witch the community: DO NOT USE ANY UPPERCASE LETTER IN THE SEARCH DASHBOARD FUNCTION! You will not get a single match when searching... I have reproduced this behavior on two different organizations and with a dozen of systematic test case, it's clearly a bug in my eyes. Therefore, I have both opened a case plus used "Make a Wish" in order to get rid of this. (Try yourself or ask me for a set of screenshots in a PDF.)
... View more
07-05-2018
12:10 AM
Hi Philip, I'm not sure if we're that far away from each other. I still like the concept of "Templates" which should include both inheritance (keep identical methods identical and have the same number and type of attributes) as well as deviation. If you're looking at "Add a Local VLAN", you can see both: "same" vs "unique". And I was just wondering why on earth Meraki didn't "translate" that brilliant idea to Static Routes. Anway. My last resort workaround is "Configuration Sync", i.e. I still maintain my templates, but insert a new layer of "typical network" which is the only network that will be bound to the template. Whenever I make a change to the template, this is inherited into the "typical network" and as an additional step I can "config sync" from that "typical network" into any real network which cares a certain network tag (e.g. the name of the Template). Hopefully this works and is a long-term way forward, let's see.
... View more
07-03-2018
11:06 PM
Hi Philip, tx for your quick reply. But if you're looking at "Add a Local VLAN" functionality, this behaves quite similar as I would have hoped here, too: You can create a kind of "Super-VLAN" in the template and then use Dashboard API "Update VLAN" Scripting [not "Add VLAN", of course!] in order to refine to a subset (i.e. partition the Super-VLAN into "real" local VLANs). It is in the same mask of the Dashboard and the Dashboard Rest API functionality reflects that similarity, too. Therefore, I have hoped to "Add Static LAN Super-routes" with Dashboard and then use the API to partition these again. No chance right now, I understood. But even worse, you can only "Add Static LAN route" at all if your network is NOT currently bound to any template, and if you already have added a static LAN route to your network, it will loose it once bound to any template! And this is really crazy and renders the whole "template" functionality quite inconfigurable or unusable for large-scale networks. Rgds, Andreas.
... View more
07-03-2018
07:00 AM
I have created two static routes (as per https://n213.meraki.com/CT-Bronze/n/sqKFBbvd/manage/support?utf8=%E2%9C%93&support_magic_search_box=&kb_article=&search_term=4171) in one of my templates for a live Customer called "CT-Silver". But these static routes are still a superset of the network address (and mask), i.e. every site (= small network) needs its own subset of that static route. Neither the Dashboard itself (settings can be viewed but not changed) nor the Dashboard API {"errors":["Static routes do not support template overrides"]} allow me to override the CT's static route with a more specific one or to create an individual static route at all. PS: This is the kind of curl command I'm trying to use via Dashboard API: .\curl -L -H "X-Cisco-Meraki-API-Key:6f3***73f7" -H "Content-Type:application/json" -X PUT --data-binary "{\"subnet\":\"10.235.33.0/24\"}"
"https://api.meraki.com/api/v0/networks/N_682~~~331/staticRoutes/0e4~~~1ce4"
... View more
06-11-2018
12:01 AM
Hi HodyCrouch, tx for your reply. The first recommendation indeed solved my issue. (The second probably wouold do so as well, but then I would need to create 80 short files which makes it much more effort.) Tx again, AndreasE
... View more
06-08-2018
08:29 AM
I tried to use the following command from both .bat and .ps1 types of batch files (Windows CMD and Powershell), but they always throw error "Bad request: There was a problem in the JSON you submitted": \bin>.\curl.exe --verbose -H "X-Cisco-Meraki-API-Key:~~~ed4c95773f7" -H "Content-Type:application/json" -X PUT --data-binary '{"applianceIp":"172.25.240.49","subnet":"172.25.240.48/29"}' "https://api.meraki.com/api/v0/networks/N_682~~~86331/vlans/801"
* Trying 209.206.57.36...
* TCP_NODELAY set
* Connected to api.meraki.com (209.206.57.36) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: ~~~\bin\curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Next protocol (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.meraki.com
* start date: Aug 16 20:21:40 2016 GMT
* expire date: Sep 16 20:57:39 2019 GMT
* subjectAltName: host "api.meraki.com" matched cert's "*.meraki.com"
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
* SSL certificate verify ok.
> PUT /api/v0/networks/N_682~~~86331/vlans/801 HTTP/1.1
> Host: api.meraki.com
> User-Agent: curl/7.60.0
> Accept: */*
> X-Cisco-Meraki-API-Key:~~~ed4c95773f7
> Content-Type:application/json
> Content-Length: 53
>
* upload completely sent off: 53 out of 53 bytes
< HTTP/1.1 400 Bad Request
< Server: nginx
< Date: Fri, 08 Jun 2018 14:54:34 GMT
< Content-Type: */*; charset=utf-8
< Content-Length: 58
< Connection: keep-alive
< X-Request-Id: f209630c73f04174371cabe2f2d4ed74
< X-Runtime: 0.001298
< X-Rack-Cache: invalidate, pass
<
Bad request: There was a problem in the JSON you submitted
* Connection #0 to host api.meraki.com left intact When using from Postman, everything works fine, so I cannot deduct the error reason from there. With Kind Regards Andreas Englisch
... View more
Labels:
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 464 | |
| 1 | 222 | |
| 1 | 234 | |
| 1 | 239 |
