Good luck. This sounds like a losing battle. I'm assuming you are in government because I don't understand the point of these kind of tasks in the corporate world.
On a positive note you can implement this which feels like a best effort attempt on Meraki's part. Probably not 100% but easy to implement at least.
You can use this to get the "WAN/Internet" port of your meraki to connect to your own wifi:
I would stay far away from powerline.
I would suggest using a syslog server that can trigger alerts to you.
I use https://papertrailapp.com and it works well and is easy to configure. Not necessarily very secure to use a cloud syslog server, but you can build your own too.
Yes, it will check to make sure the secondary IP is responding before failing over to it. It will then switch back to the primary IP when it's healthy again.
There are options on the MS (and MX I think) to detect and alert on rogue DHCP servers. Do you have that active since you suspect rogue DHCPD? Are you seeing IP conflicts? Are you seeing anything in the logs to give you a clue?
https://papertrailapp.com might help. You can forward syslogs there and create email/SMS/slack alerts easily. I also use https://uptimerobot.com for some simple monitoring.
Meraki has a community that also an be a good place to ask questions for python and APIs
This one webinar can be good for beginners
There’s a few books I would recommend. This does not get into API, but it’s a good book for learning python. There’s still API and json to learn about.
I'm actually running a Hitron CODA-4582 -- but eerily similar indeed.
So -- there's multiple ways I can answer this. The most problematic site (the one I referenced in this scenario) started largely having these issues after a power failure/APC battery depletion/failure. I went back on my e-mail chain with APC about it, and it looks like it was back in March of 2022.
Before then, once in a blue moon there would be issues -- but largely stable. After, it was a complete crapshoot. Some days/weeks -- it'd be perfectly fine, others not.
Oddly enough, it (and the other office) have been stable since I posted this issue.
Just based on experience, I would say the following items are what seem to have "fixed" it:
The MX67W has a USB port, so I used that for the power. The one site annoyed me, so I left the RGB on, just because.
Is your modem static IP and WAN interface IP staying up though? When I first had Rogers install the lines -- the Hitrons were complete trash. I ended up having to have them downgrade me to a specific version that seemed most stable.
The Z3 will need to be plugged into a device that will provide a DHCP address on the WAN side. If you have a SIM card with a data plan, you could use something like this device to do that. We have a fleet of Z3's that we use for tiny sales offices in the field and usually have to open these offices prior to broadband being in place, and with Meraki's list of supported USB air cards dwindling, this has been an economical stop-gap solution.
If you do wind up going with that Netgear device, its out-of-the-box configuration requires you plugging a computer into it and hardcoding it to an IP on the 192.168.5.0/24 network to access the configuration page to change its operation mode from bridge to router.
Thank you! Looking for a router solution. On a social security budget, lol, so as I like to say, “good enough for who its for”. Found this TP-Link available overnight at amazon: https://www.amazon.com/TP-Link-Integrated-Lightening-Protection-TL-R605/dp/B08QTXNWZ1/ref=sr_1_3?crid=Y222U89QUZZK&keywords=ethernet%2Brouter&qid=1644604881&refinements=p_n_feature_four_browse-bin%3A5662321011&rnid=5662319011&s...
I would try to sell them on the open market. That is how you will find out if they have real value or not. ebay or one of the used/gray market Cisco outfits that you must have emails from in your spam folder somewhere ;)
It also seems they can be flashed with WRT, but I could never imagine wasting my time with that.. https://openwrt.org/toh/meraki/z1
We use Meraki for our dorm network and just ran into this issue as well! I looked at Netflix traffic and it dropped to nothing today and I had students complaining. When I'd run a speed test at fast.com it would run for a moment then it would error out. I turned off phishing in content filtering, but I'll whitelist the netflix url that it thinks is phishing instead.
AWS Licensing is a seconday charge: for example, have a look here: https://aws.amazon.com/marketplace/pp/B00JL3UCQ4?qid=1494405204276&sr=0-6&ref_=brs_res_product_title
the AWS charge is one part, the license is a second part. For the Meraki, it the license is a BYOB (like this one: https://aws.amazon.com/marketplace/pp/B01E00PU50?qid=1494405204276&sr=0-7&ref_=brs_res_product_title). The hardware is the only thing you are charged for...
I didn't see papertrailapp.com mentioned here so just mentioning it as a cloud syslog option so that OP is aware as well as anyone else interested. It is owned by Solar Winds so that may go against them, but they also have a clean design and several easy ways to alert on search terms (email, web hook, Slack, etc.)
It can. Works just fine. Use the set of headers furthest from the RF shield. The white arrow points to VCC -- do not connect to that pin.
The pinout is: VCC / TX / RX / GND
Please see https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=55d2db0e8cebca5aa9739c4db875ef57c4643f6d for instructions on flashing. The OpenWrt MR16 flashing guide goes into more detail and as of the ath79 port is basically identical to the MR12 flashing process.
Forgot to post the link for what I was talking about. https://openwrt.org/toh/meraki/mr33
As for Ubiquiti I got the unifi pro and one of the newer designed in wall AP with ethernet ports units. Cannot remember the name. Use a unifi POE switch and a Unifi dream machine pro. Good setup, plus they hold their value very well.
This not working with HTTPS is expected behavior. Captive Portal's are hijacking web requests and seamlessly redirecting them so that the user still things they are going to their original URL. It's like a MITM.. When your source page is HTTPS and you get redirected to the Captive Portal, you either get a certificate mismatch (assuming your captive portal supports HTTPS) or you get absolutely nothing (if your portal doesn't allow HTTPS) See here for more detail: http://serverfault.com/questions/596844/ssl-certificate-errors-in-captive-portals
There is no fix for this, other than your users first page will need to be HTTP.
As a way to address this, Apple uses WISPr for captive portal detection (on both iOS and OSX) to know if they need to then fire the Captive Network Assistant. This check occurs when you first join the WiFi network and within a second or two, you should be getting the Captive Network Assistant pop-up. This requires access to apple.com, but there's also up to 200 other URL's that can be tested. If you allow apple.com, you should be fine 99.9% of the time for this check, as it seems to always try an apple.com URL before moving to other URL's on different domains.
All that being said, the Captive Network Assistant isn't perfect, and it can/will occur that a user will connect to WiFi and then hit a web page in their browser before the Captive Network Assistant fires, and the user will subsequently get nowhere if those pages they try to access are HTTPS. If they try an HTTP URL, they will see the Captive Portal.
content filtering is your best bet also block the IP addresses.
https://ipinfo.io/AS32934 more detail on addresses.
126.96.36.199 - 188.8.131.52 184.108.40.206 - 220.127.116.11 18.104.22.168 - 22.214.171.124
So, this seems to be resolved by making sure the connection they are using is not "public". Below is a good link for changing them.
I generally nuke the entire HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles reg key and recreate it to make it easier, but generally when that kind of ticket gets to me the above resolution has already been tried.
Hopefully one day meraki will have a client vpn
Not sure if you can make a capapble Linux device out of it. But OpenWrt supports some Meraki devices.
That's a bit difficult to believe. If we start with an assumption that WAPs that can support 802.11n are worth redeploying, then the 802.11n Meraki MR18 and the 802.11ac Meraki MR33 seem more than worthwhile.
In fact, I'm intrigued enough to see if I can go source them in quantity for scrap prices.
I've been using papertrailapp.com for Meraki, various PBX logs and other things for a couple years. It is cloud based and owned by Solarwinds and has occasional reliability issues, but it is dirt cheap (even has free tier, I think) and easy to setup filters and custom alerts so I live with it quite happily.
If you are not set on configuring your own syslog server I suggest sending logs to https://papertrailapp.com/. It has a free tier and is pretty nice. Note that Meraki does not support any type of encrypted syslog.
Like Spankym pointed out https://uptimerobot.com would work for you. You could also look at https://www.statuscake.com/ have been using them for a couple of years and the pricing is great. And you can set up tons of locals. uptime is also free.
But meraki dashboard will give you most of the alerts you need. some times no in the best format via email to figure out which Org its coming from.
I'd setup a quick instance of Lansweeper to inventory your machines and show you what software is installed on them, should be able to uninstall their software using lansweeper as well.
If you can't afford someone to come out, doing your own survey is not hard with something like https://www.netspotapp.com/netspotpro.html?gclid=CjwKCAjwlbr8BRA0EiwAnt4MTinNCDfN5g5yB-0UEq8lgXpqITEnz9MjCBPHCYurs0Czh7YxYI3RexoCqEkQAvD_BwE
If you send it to meraki they will help you plan as well (at least they did in the past)
1) Download fiddler https://www.telerik.com/fiddler 2) Run Fiddler 3) Click Tools-->Options--> and Select Capture HTTPS Connects, Decrypt HTTPS traffic 4) ensure ...from all processes is selected 5) Select Actions button 6) Install Fiddler Root & Intermediate certs (this may invoke UAC prompt depending on your setup) 7)Select Protocols, make it tls1.0;tls1.1;tls1.2 8)Ok 9)Validate you can see HTTPS traffic 10) Open Steam 11) Get URLs
Easy-peasy lemon squeezy as my six year old says
Or get ARD (Apple Remote Desktop) , and turn on Remote Management and edit the ACLs for you account to give you the rights. , cool thing is you can push files and install packages using it.
Also if you use Slack, you need to use the one downloaded from the slack.com page ignorer to get the control feature, if you get it from the App Store you can only observe, due to App Store regulations.
I uploaded to the meraki cloud. Both downloads are on the slack website.
You have two options.
AC Infinity Vented Cantilever 1U Universal Rack Shelf, 10" Deep, for 19” equipment racks. Heavy-Duty 2.4mm Cold Rolled Steel, 60lbs Capacity https://www.amazon.com/dp/B01C9KYUG8/ref=cm_sw_r_cp_api_glt_fabc_D94H7WRM714DW0E0T0W3?_encoding=UTF8&psc=1
And use the slots to tie down the MX.
Cisco Meraki MX68 Cloud Managed Security Appliance 5YR Advanced Security License Bundle with Rackmount Kit (MX68-HW+RM-CI-T6) https://www.amazon.com/dp/B0881X5V41/ref=cm_sw_r_cp_api_glt_fabc_ZJ5G8QH2PXM86RN42BWX
Their website doesn’t list an MX75 yet but the 68 may work.
Would any RP-SMA antenna work? I think I have some for Cisco enterprise WAPs I can get from a buddy. Also was looking at this low cost 8db gain Amazon model: https://www.amazon.com/Antenna-Pigtail-Wireless-Routers-Repeater/dp/B07R21LN5P/ref=sr_1_5?dchild=1&keywords=RP-SMA+antennas&qid=1631898786&sr=8-5
- would it work?
Anyone know if the MX75's rubber feet are in the same position as the MX68? It'd be nice if I could drop it in the MX68 rack mount kit I just bought when I'm ready to upgrade. Dimensions are identical (except the MX75 is 1mm smaller width wise).
Edit: link to the rack mount kit I bought. https://www.amazon.com/dp/B07PLNBFVV
I have these working in the switches without any issues at 10g over rj45. Dont have a mx250, so i cant confirm they work in it.
Would this work for your scenario? I've used this to mount a patch panel to a wall with the ports facing up.
One of these connected to the MR74 (or any Meraki AP) will allow you to connect multiple ethernet clients
Free delivery will get you this by Friday: https://www.amazon.com/Cisco-Meraki-Branch-Security-Appliance/dp/B01JMG0SDG/ref=sr_1_4?keywords=mx64&qid=1568231038&s=gateway&sr=8-4
You could probably pay for expedited shipping as well
Use a pair of Mikrotik WAP60G. They operate in the 60GHz spectrum and will provide Gigabit speed at that range. A pair is $164 on Amazon right now.
Bang for buck, these things are unbeatable. I've used them as temporary links backhaul links for events for over a year, became first choice over Ubiquiti.
I had attempted the Draytek SmartVPN client, and it failed, but that was prior to the Xbox Network service revelation.
This is very embarrassing from Meraki to be honest, and its really feeding into us reconsidering selling Meraki MX devices at all. And it is 100% down to AnyConnect being a rival product. It is really quite silly
10 Gigabit SFP+ LC Multi-Mode Transceiver, 10GBASE-SR Module for Cisco SFP-10G-SR, Meraki MA-SFP-10GB-SR, Ubiquiti UF-MM-10G, Mikrotik, D-Link, Supermicro, (850nm, DDM, 300m) https://www.amazon.com/dp/B00U8Q7946/ref=cm_sw_r_sms_apa_i_fDi3Db0N3SF3M
I've had really good luck with these for my Cisco Catalyst and Brocade gear, but never tried one in a Meraki Switch: https://www.amazon.com/10Gtek-SFP-10G-SR-Transceiver-10GBASE-SR-300-meter/dp/B00U8Q7946/ref=sr_1_3?s=electronics&ie=UTF8&qid=1542040616&sr=1-3&keywords=10G+SFP%2B
I believe its the Killer WiFi card in the 15. We had the same issue with a 15 that we bought for a user in my company. After digging into it over the last few weeks it seems likely due to the wireless card. We just did a replacement today with this card and all the issues went away.
i've deployed several pairs of these in the field w/ no issues:
not sure how they compare to meraki transceivers - i've never used them.
I would certainly blow it out periodically. As everyone should do with equipment in a non filtered air environment.
I have these lined up for MR18 deployment. Went with POE+ just so we can upgrade to the higher tier APs, if needed, in the future. Supports 802.3at and 802.3af.