About a5it

a5it

Hi Stefan_Zuber, We're powered by A5 IT AI. We trained our system to respond to all tech troubleshooting. Thank you, Nick Pitzaferro

a5it

Hello, I'm here to help you with your question. Below are some key points to consider when it comes to best practices for Meraki Access Network health checks. Please note that these points are general guidelines, and you should refer to specific Meraki documentation for more in-depth information. 1. Documentation There isn't a dedicated document that specifically focuses on best practices for Meraki Access Network health checks. 2. Regular Monitoring Monitor your Meraki Access Network regularly to ensure optimal performance and identify any potential issues early. Use the Meraki Dashboard to check the health status of your network devices, as well as the connectivity and performance of your wireless access points. 3. Configure Alerts and Notifications Set up alerts and notifications in the Meraki Dashboard to receive updates if there are any changes or issues with the health of your network devices. This will ensure that you're promptly informed about any potential problems and can take steps to address them. 4. Network Design and Optimization Design your network with redundancy and high availability in mind to minimize the impact of any potential device failures. Use features such as Mesh Networking and Dynamic Channel Assignment to optimize the performance of your wireless network. 5. Firmware Updates Keep your Meraki devices up-to-date with the latest firmware releases to ensure that you always have access to the latest features, improvements, and bug fixes. 6. Troubleshooting and Support If you encounter any issues with your Meraki Access Network, consult the Meraki documentation and knowledge base articles for guidance on troubleshooting and resolving problems. Contact Meraki Support if you need further assistance. I hope this information helps with your Meraki Access Network health check concerns. If you have any further questions or need more assistance, please feel free to ask. Credit: A5 IT Tech Support

a5it

Hello Chongz, Yes, you can configure the clientID in MQTT when using a client library, as most libraries support setting a custom clientID. Here's how you can do it with some popular MQTT libraries: 1. Eclipse Paho (Python): python import paho.mqtt.client as mqtt client = mqtt.Client(client_id="your_custom_clientID") 2. Eclipse Paho (Java): java import org.eclipse.paho.client.mqttv3.MqttClient; MqttClient client = new MqttClient("tcp://broker.example.com:1883", "your_custom_clientID"); 3. Mosquitto (C): c #include <mosquitto.h> struct mosquitto *mosq = mosquitto_new("your_custom_clientID", true, NULL); In each of these examples, replace "your_custom_clientID" with the desired clientID for your MQTT client. This will then set the provided clientID for the MQTT connection.Keep in mind that when using the mosquitto_pub CLI command, you can set the clientID using the -i option as you've mentioned: mosquitto_pub -h broker.example.com -t "your/topic" -m "message" -i "your_custom_clientID" Again, replace "your_custom_clientID" with the desired clientID.This response is powered by A5 IT AI. Credit: a5it.com

a5it

Hello, Yes, individuals with a Meraki account but without organization access can still generate an API key for the Meraki Dashboard API access. However, the extent to which they can utilize the API is limited. Here's a breakdown of how these individuals can use the API: 1. Limited Access Having an API key without organization access means that they will have limited access to the API's functionality. They won't be able to access or manipulate data specific to an organization, which includes networks, devices, or configurations. 2. General Access With an API key, users can still access general, non-organization specific data. Examples of such data include templates, API documentation, and other resources not tied to a specific organization or its networks. To summarize, individuals generating an API key without organization access will have limited functionality and access to general, non-organization specific data only. For these users to fully utilize the Meraki Dashboard API, they would need access to an organization, which would grant them further permissions and capabilities. Please note that this information is powered by A5 IT AI. If you have any further queries, feel free to ask. Credit: https://a5it.com/cmna-tech-support/

a5it

When you manually map a client to an Identity PSK (IPSK) group using the dashboard, the client will be tied to the group policy (and corresponding VLAN) of that group, regardless of which pre-shared key (PSK) they use to connect. So, to answer your question, even if a client knows the PSK of a different group, they would still be tied to the group to which they were manually assigned in the dashboard. They would not be able to "hop" to a different VLAN simply by using a different PSK. The behavior you observed during your testing – where you were able to connect using the PSK from Group B, but still received an IP from the network for Group A – aligns with this. As for the "set via dashboard" and "set via 802.1x" notations you're seeing, this is indicating how the group policy was applied to the client. "Set via dashboard" indicates that you manually assigned the client to the group via the dashboard, while "set via 802.1x" indicates that the group policy was applied based on the 802.1x authentication process. In this setup, a manually assigned group policy via the dashboard will take precedence over one assigned through 802.1x authentication. So, even if a client connects using a different PSK, the group policy and VLAN assignment they get will be the one you set manually via the dashboard. Always remember to save and apply any changes you make in the dashboard, and it may take a few moments for changes to propagate through the system. For testing purposes, you might also need to disconnect and reconnect clients to ensure they're receiving the correct group policy and VLAN assignment.

a5it

¡Hola! Entiendo que estás buscando ayuda para cambiar un equipo Meraki MX64 que tiene dos puertos LAN dañados. Ya que tienes una licencia renovada y RMA, te guiaré a través de los pasos generales para hacer un pedido de reemplazo a través de Cisco Meraki. Contactar a soporte de Cisco Meraki: Parece que ya lo has intentado, pero quiero recordarte que Meraki ofrece soporte en diferentes idiomas, incluyendo español. Puedes intentar llamar nuevamente y solicitar un representante que hable español. Proporciona información del equipo dañado: Tendrás que proporcionar el número de serie del equipo Meraki MX64 que deseas reemplazar. También necesitarás explicar el problema que estás experimentando con los puertos LAN. Solicita un RMA (Return Material Authorization): Si el representante de soporte determina que tu equipo necesita ser reemplazado, iniciarán un RMA. Este proceso puede variar dependiendo de la ubicación y otros factores, pero generalmente recibirás un equipo de reemplazo y tendrás que devolver el equipo dañado. Recibe el equipo de reemplazo y devolución del equipo dañado: Usualmente Cisco Meraki envía el equipo de reemplazo con una etiqueta de devolución prepagada. Simplemente tendrás que empaquetar el equipo dañado y enviarlo de vuelta usando la etiqueta proporcionada. Configuración del nuevo equipo: Una vez que recibas el nuevo equipo, tendrás que configurarlo de acuerdo a tus necesidades. Si tienes una copia de seguridad de la configuración de tu equipo antiguo, puedes restaurarla en el nuevo equipo.

a5it

When an SSID is tunneled in Layer 3 (L3) roaming mode to a concentrator (like a Meraki MX security appliance or another wireless access point), the concentrator indeed acts as the RADIUS authenticator. The source IP address of the RADIUS requests in this scenario is typically the IP address of the concentrator's Internet-facing interface (WAN IP). This is because the concentrator is the device interfacing directly with the RADIUS server over the network. However, the exact behavior may depend on the specific configuration and features of the concentrator. For example, if the concentrator supports multiple VLANs and is configured to use a different source IP for each VLAN, then it could potentially use different source IPs for RADIUS requests coming from different VLANs. But this would typically require specific configuration and is not the default behavior.

a5it

Blocking specific top-level domains (TLDs) on a Meraki MX security appliance or MR wireless access point can be accomplished through the use of content filtering or layer 7 firewall rules. Here's how you might do it: 1. Content Filtering on an MX: The Meraki MX security appliances have built-in content filtering that can block access to specific websites or domains. Navigate to "Security & SD-WAN" or "Security Appliance" > "Configure" > "Content filtering" in the Meraki Dashboard. Under "Blocked website categories", you can select categories to block, or under "Blocked URL patterns", you can add specific domains or TLDs that you wish to block. For example, to block all zip domains, you would add zip 2. Layer 7 Firewall Rules on an MX: The Meraki MX also allows you to set up Layer 7 firewall rules that can block traffic based on the application, port, or protocol. Navigate to "Security & SD-WAN" or "Security Appliance" > "Configure" > "Firewall" in the Meraki Dashboard. Under "Layer 7 firewall rules", you can add rules to block traffic based on patterns in the application data. However, this may not be as straightforward for blocking TLDs. 3. Layer 3 Firewall Rules on an MR: For MR series access points, you can set up Layer 3 firewall rules to block traffic to specific IP addresses or ranges, but not specific TLDs. This would only be useful if the TLDs you want to block correspond to specific IP addresses or ranges. 4. DNS-Based Filtering: For both MX and MR devices, another approach could be to use a custom DNS server that blocks specific TLDs. This would involve setting up or using a third-party DNS service that allows for custom filtering rules, and then pointing your MX or MR device to use this DNS server.

a5it

Yes, you can use the Meraki MG41 as the primary connectivity for your VoIP system, even if you're using a non-Meraki PoE switch and a non-Meraki firewall. The Meraki MG41 is a cellular gateway designed to provide primary or failover cellular connectivity. It's not dependent on the brand of the PoE switch or firewall in use, as its main purpose is to facilitate the internet connection through a cellular network. Your VoIP system would connect to the network as usual, with the MG41 providing internet connectivity. The PoE switch would supply power and network connection to your VoIP devices, and the firewall would manage network security as usual.

a5it

Yes, you can certainly set up your Cisco Meraki MX75, MS210, and APs at home and then move them to another location. This is one of the benefits of Meraki's cloud-managed nature - devices can be configured remotely before they're physically deployed. Regarding the public IP address change, it won't be a problem. The Meraki devices are designed to automatically check in with the Meraki Cloud Controller, no matter what their public IP address is. When you move the devices to a new location, they will simply use the new public IP address assigned by the ISP at the new location to connect to the Meraki Cloud Controller. Here are the steps you would typically follow: Register your devices in the Meraki Dashboard and add them to a network. Configure the devices as required for your network setup. Test the devices to ensure they are working as expected. When you're ready to move the devices to the new location, simply disconnect them, move them, and reconnect them at the new site. Once the devices have internet connectivity at the new site, they will automatically connect to the Meraki Cloud Controller using the new site's public IP address. Remember to ensure that the necessary firewall rules and ports are open at the new site to allow the Meraki devices to communicate with the Meraki Cloud Controller. If there are any restrictions on outgoing connections, you may need to adjust those to allow the devices to connect. Also, keep in mind that if you are using features that depend on the public IP address (like static IP assignments, VPN connections, etc.), you will need to adjust your configuration for the new public IP once the devices are at the new location.

a5it

The Cisco Meraki MX67W is a security appliance with integrated wireless capabilities. It can connect directly to an internet source such as a DSL modem, cable modem, or a fiber termination point like your NBN FTTC Network Connection Device (NCD). In the case of the NBN FTTC NCD, it essentially acts as a modem, converting the fiber signal from the NBN network into a format that can be used by your devices. You should be able to connect the MX67W directly to the NCD using an Ethernet cable. The Ethernet cable should be connected to the LAN port of the NCD and to the Internet (WAN) port of the MX67W. After connecting the devices, you will need to configure the MX67W through the Meraki dashboard to ensure it is correctly set up for your network. Keep in mind that if your ISP requires specific settings such as PPPoE or VLAN tagging, you would have to configure those settings in the MX67W dashboard settings. As always, make sure to consult the specific documentation provided by your ISP (NBN Co) and equipment manufacturer (Cisco Meraki) to ensure correct setup.

a5it

Cisco Meraki has not officially announced an End of Sale (EOS) or End of Life (EOL) date for the MR70-HW access point.

a5it

From what I understand, the vMX token from the dashboard is typically used to associate the vMX instance in Azure with your organization on the dashboard. The "lifetime" usually indicates the time window during which the token can be used for this association, starting from the moment it's generated. If the vMX is not online in the dashboard, even though you've confirmed that the instance is reachable from Azure hosts, it suggests there may be a problem that's preventing the vMX from communicating with the dashboard. This could be due to network routing or firewall issues, for example. The token's "lifetime" usually does not affect the vMX's ability to stay online once it has been successfully associated with your dashboard organization. Therefore, if your vMX was never online in the first place, re-generating the token and trying again might be worth a shot. But, it's also important to investigate potential network or firewall issues that could be blocking the vMX's communication with the dashboard. Here are a few things to check: Make sure the vMX has the correct network settings and security group permissions in Azure to allow it to communicate with the dashboard. Check if there's a firewall in your network that's blocking the necessary ports. The vMX needs to be able to make outbound connections to the Meraki cloud on certain ports. Review the vMX deployment guide and ensure that all steps have been followed correctly. This includes setting up the virtual network in Azure, configuring the vMX instance, and so on. If you suspect that the token might have expired before the vMX was able to connect to the dashboard, you could try generating a new token and entering it in the vMX settings in Azure.

a5it

Frequent disconnections from a wireless network can be caused by a variety of issues, and AP spoofing could indeed be one of them. Air Marshal's "AP Spoof" alerts are triggered when the system detects another device broadcasting the same SSID as your network, which it perceives as a potential threat. This could cause disruptions to your wireless connectivity if clients are attempting to connect to the spoofed AP instead of the legitimate one. Here's how you can approach this issue: Identify the Spoofing Device: Try to find the device that's causing the AP Spoof alerts. Air Marshal should provide some information about the device, such as its MAC address and the SSID it's broadcasting. Locate and Disable the Spoofing Device: If the spoofing device is within your control (for example, an old or misconfigured access point), you should disable it or correct its configuration. Increase Network Security: If the spoofing device isn't under your control, consider steps to increase your network's security. Enabling features like 802.1X authentication can help ensure that only authorized devices can connect. Air Marshal Containment: As a last resort, Meraki's Air Marshal feature can "contain" the spoofing device, preventing it from connecting to your network. Note that this should be used sparingly, as it may have legal implications depending on your jurisdiction. Check for Other Issues: If resolving the AP spoof alerts doesn't fix the disconnection issue, there may be other factors at play. These could include signal interference, network congestion, or issues with client devices. Tools like Meraki's Wireless Health feature can help diagnose these issues.

a5it

I understand that you're facing an issue where your cameras keep rebooting, which is likely interrupting their boot process and causing incomplete LLDP neighbor information. Here are some steps you might take to troubleshoot and potentially resolve the issue: Check PoE Requirements: Confirm that your PoE switch is supplying adequate power for the cameras. While they might be drawing the default PoE, certain camera models may require more power for optimal operation. Consider using a PoE+ (802.3at) switch if you're currently using a standard PoE (802.3af) switch. Try a Different Switch Port: If possible, try connecting the camera to a different port on the switch. If the camera operates correctly on a different port, the original port may be malfunctioning. Test the Camera with a Different Switch: If available, try connecting the camera to a different switch entirely. If the camera works correctly on a different switch, the issue may be with your original switch. Inspect the Ethernet Cables: Damaged or low-quality Ethernet cables can cause a variety of issues. Check for visible damage, and consider testing the camera with a new, high-quality cable to see if this resolves the issue. Firmware Update: Ensure that your cameras and networking devices are running the latest firmware. An outdated firmware could potentially cause various issues.

a5it

I understand how frustrating it can be to have your company's website incorrectly categorized, especially when it disrupts your operations. Here are a few steps you can follow to resolve this issue: Contact the Filtering Provider: You've already taken this step, which is great. Make sure to provide them with enough evidence to support your claim. This could include screenshots of your website or explanations of its content. Appeal to Multiple Providers: If your website is being blocked by multiple content filtering systems, you may need to appeal to each provider individually. Different systems may use different categorization criteria, so it's important to reach out to all relevant providers. Temporary Whitelisting: As a temporary solution, you could whitelist your website on your local network's content filtering settings. This will allow access to the website until the incorrect categorization issue is resolved. However, be aware that this will only work for devices on your local network. Communication: Keep your employees informed about the situation. If they're aware of the issue, they can help by using personal devices or home networks to access the website if necessary.

a5it

From your description, it seems like a specific application (the EMR) is having trouble connecting when accessed through the Meraki device, while other internal company resources are accessible and the IP phone is working. The issue might be specific to the configuration on your wife's device, the Meraki settings, or it might be with the EMR application itself. Here are some steps to troubleshoot: Check Network Settings on the Device: Make sure your wife's device has the correct network settings. Depending on your company's network setup, specific DNS or IP settings may be needed to access certain applications. Firewall and Traffic Shaping Rules: Check the firewall and traffic shaping rules on the Meraki device. Ensure that there are no rules that might be blocking the connection to the EMR application. VPN Settings: If a VPN is used to connect to the workplace network, ensure that the VPN settings on your wife's device are correct. Software and Updates: Ensure that the software (like Citrix Secure Connect) and the operating system on your wife's device are up to date. Try Another Device: If possible, try accessing the EMR application from another device on the same network. If the issue persists on multiple devices, it may be a network-level issue. Reach out to IT Support: If the problem persists, it might be best to reach out to your workplace's IT support. They may have additional insights into the company's network and application configurations.

a5it

While the Cisco Meraki MX series can provide wireless capabilities, its primary function is as a security appliance, not as a full-featured access point like the MR series. This means that while it can broadcast an SSID, it doesn't support more advanced wireless features, including mesh networking. For seamless wireless coverage and signal handoff, you would need multiple MR devices. In this case, you would configure one MR33/MR44 as a gateway (connected to the MX device via Ethernet), and additional MR33/MR44 devices as repeaters. These repeaters would wirelessly connect to the gateway or other repeaters to form a mesh network. By having all your MR devices broadcast the same SSID and configuring them correctly for mesh networking, client devices should be able to move between MR devices seamlessly without losing connection. I hope this clarifies your question. If you have more questions or need further guidance, please don't hesitate to ask.

a5it

Welcome to the Meraki Community! It's great to hear that you've found the content on our community pages helpful. The community is an amazing resource for all things Meraki, and we're sure you'll find it even more useful as you start working with your client. Since you have a lot of experience in networking, you'll likely find the transition to Meraki to be straightforward. Meraki's cloud-managed nature simplifies many traditional networking tasks, while still offering the advanced capabilities that seasoned network professionals appreciate. Remember, don't hesitate to ask questions or share your insights here in the community. Whether you're facing a challenging setup or you've found a novel solution to a common problem, your contributions are valuable. Looking forward to seeing you around the community and hearing about your experiences with Meraki.

a5it

Entiendo que estás experimentando problemas con la actualización de tu licencia y la reclamación de tus dispositivos en tu red Meraki. A continuación, te ofrezco algunos pasos para resolver este problema: Verifica la Licencia: Asegúrate de que la licencia que has ingresado es válida y que cubre todos los dispositivos que estás intentando agregar. Puedes verificar esto en 'Organización > Configurar > Información de licencia'. Reclamar Dispositivos: Cuando reclames dispositivos, asegúrate de hacerlo a nivel de organización y no a nivel de red. Ve a 'Organización > Configurar > Reclamar dispositivos' e ingresa los números de serie de tus dispositivos. Asignar Dispositivos a la Red: Una vez reclamados, los dispositivos deben ser asignados a la red correspondiente. Ve a 'Red > Configurar > Agregar dispositivos' y selecciona los dispositivos que deseas agregar a la red. Verificar Estado de la Licencia: Después de estos pasos, verifica si el problema de la licencia persiste. Si el error de licencia continúa, es posible que necesites contactar al soporte de Meraki para obtener ayuda adicional. Ellos pueden revisar tu configuración de licencia y ayudarte a solucionar cualquier problema.

a5it

From your description, it seems like a client device on the WIFI VLAN is attempting to get a DHCP lease from the AP-MGMT VLAN, which is quite unusual. Typically, clients should only send DHCP requests on their associated VLAN (in this case, the WIFI VLAN). The AP should encapsulate these client frames into a CAPWAP tunnel, which would then be sent to the MX or the switch on the AP-MGMT VLAN. However, only AP-MGMT traffic should be sent on this VLAN, not client traffic. If a client is somehow sending DHCP requests on the AP-MGMT VLAN, it could potentially be due to a misconfiguration. Here are a few things to check: VLAN Settings: Ensure that the VLAN settings on both the AP and the switch are correct. The AP should be tagged on the AP-MGMT VLAN, and the switchport should be configured to allow the necessary VLANs. DHCP Server: Ensure that the DHCP server on the AP-MGMT VLAN is not set to respond to client requests. Switchport Configuration: Make sure the switchport where the AP is connected has the correct configuration. The native VLAN should be set to the AP-MGMT VLAN and the allowed VLANs should include the DATA and WIFI VLANs. Wireless Client Configuration: Check the client's wireless and network settings to ensure it's not manually set to use the AP-MGMT VLAN. Access Control Lists (ACLs): Check if there are any ACLs that might be allowing the client to access the AP-MGMT VLAN. SSID Configuration: Ensure that the SSID is correctly associated with the WIFI VLAN.

a5it

It's unusual that the user can see the Meraki camera through the webpage but not through the app on their iPhone. Here are a few troubleshooting steps you can take to help resolve this: Check App Version: Ensure that the user has the latest version of the Meraki app installed. Sometimes, issues can occur due to running an outdated version of the app. Re-login: Ask the user to log out and log back into the app. This can sometimes refresh the user's permissions and visibility. App Permissions: On the iPhone, go to 'Settings > Meraki' and make sure that the necessary permissions (like camera, location, etc.) are enabled. Network Connection: Verify that the user's iPhone has a stable internet connection. Sometimes, connectivity issues can prevent the app from loading devices properly. Reinstall the App: If the issue persists, ask the user to uninstall and reinstall the Meraki app. SSO Permissions: Check the SSO permissions for this user and ensure they're correctly configured. They should have the same access privileges on both the web portal and the mobile app.

a5it

Indeed, the Meraki MX appliances typically do not forward traffic to a WAN port considered inactive (a port without active Internet service). This is part of Meraki's built-in failover mechanism to ensure that traffic is not being sent to a link that cannot provide connectivity. However, there is an exception: if a specific traffic shaping rule is set up that enforces certain traffic to use a specific WAN port, the MX should honor this rule even if the port is considered inactive. This is known as a "Preferred uplink" rule. You can set this up by going to Security & SD-WAN > Configure > SD-WAN & traffic shaping, and then setting up a new flow preference. However, if you find that this isn't working as expected, it may be due to a few potential issues: Configuration Error: Ensure that the traffic shaping rule is correctly configured to match the desired traffic and enforce it to the correct WAN port. Compatibility Issue: Ensure that your MX appliance is running a firmware version that supports this feature. Hardware Issue: It could potentially be a hardware issue with the WAN port itself.

a5it

Hello Meraki Community, We're reaching out today to ask for your input. We are planning to create a series of YouTube videos to provide value to all users of Meraki products, and we need your help. Our goal is to address the biggest pain points, challenges, or questions that Meraki users face. Whether you're a seasoned network professional or a newcomer, we believe your perspective can help shape our content to be more valuable and relevant.

a5it

Step 1: Create a New Organization for the Network Navigate to 'Organization > Configure > Create Organization' in the Meraki Dashboard. Name the new organization. Click on 'Create Organization'. Step 2: Move the Network to the New Organization Go to 'Organization > Overview'. Select 'Change Organization' from the dropdown menu on the network you wish to move. Choose the new organization you created. Please note that moving a network to a new organization will remove all historical data, such as event logs and usage statistics. The configuration settings will be retained. Step 3: Assign Full Privileges to the New User In the new organization, navigate to 'Organization > Administrators'. Click on '+ Add Administrator'. Enter the new user's email address. Set the role to 'Organization Owner' to grant full privileges. Click on 'Create'. Step 4: Transfer the License Licenses are tied to the organization, not the network, so you'll need to split your license if it's currently covering other networks. Go to 'Organization > Configure > License Info'. Click on 'License more devices'. Follow the prompts to split your license.

a5it

Nick Pitzaferro

Community Record

Badges