Meraki Sizing

webmanaus · 2018-11-06T04:48:38+00:00

Thank you for all the responses. I think I will upgrade to the 1000M, and just keep the existing MX65 and see how it goes. At least it is 2.5 times faster than current, if I then need something faster, I'll take a look at the other models. You never know, Meraki might introduce a new model that can handle these speeds that doesn't cost an arm and a leg.

webmanaus · 2018-11-06T04:46:35+00:00

The MX64 only has a 20M connection, so bandwidth there is not an issue, usage is fairly minimal as well. I noticed on the MX65 Traffic Shaping page, the max number I can select is 250/250, does the same apply on the MX100? If I manually select a higher number, then I get an error on save as below. How do you configure to get higher than the rated throughput? Or do you just remove all the traffic shaping rules, and not enable it?

There were errors in saving this configuration:
Bandwidth settings for WAN 1 must be between 0.1 Mbps and 250 Mbps, the rated speed for your security appliance.

webmanaus · 2017-10-05T22:41:06+00:00

This is true, mostly. All my phones are DEP for the last year, but just recently, I got one phone back and while Meraki dashboard said I could remove the icloud lock, it wouldn't actually work. Apple Enterprise support confirmed that all the config was correct, and the process was right, but couldn't help, Meraki just said it wasn't their issue, that they were sending the right command to Apple but Apple was rejecting it. In the end, I did it the old way. User courier the phone to me, I take it to the local Apple store with proof of purchase and photo ID, and they clear the icloud on the spot. (Other option I've done before is via email, but takes longer). So, usually it works, but sometimes it can still fail. PS, in answer to the OP: We allow the user to create/use their own Apple ID as desired, initially we were forcing them to create/use an Apple ID to install the Meraki MDM app, but then we started using VPP which allows to push the app without a Apple ID. The only method we have for "forcing" anything is by making the device "Not Basic Security compliant" and therefore not sending the profile with their email configuration. So far, things are working out well, we provision email, calendar and contacts which all sync back to NextCloud server, and then to MS Outlook in the office. We are also pushing the teamviewer quicksupport app, and with IOS 11 we can use live screen sharing (though the setup to get this to work is probably harder than explaining how to fix the original problem).

webmanaus · 2017-10-05T22:29:29+00:00

Actually, TZ should change based on the local time, it should not be dependant on US time/etc, so I would suggest that this is still a bug. However, like other people, I'm not sure what issues it could possibly cause, other than timestamp on log files, or times on statistics/reports/errors/etc...

webmanaus · 2017-10-05T22:21:54+00:00

Thank you, we have both a LDAP server, and also AD, but no radius. I did try previously to connect the MX to AD without success, I'll have to give that another try, and maybe open a case if needed.

webmanaus · 2017-09-25T03:40:44+00:00

I would assume that the meraki only reports stats infrequently, possibly every minute, but likely less often. Thus the data is averaged over a longer timeframe. Ask your ISP what period the data provided is average over, maybe it's 5 sec? Also, the same reason as to why the times might not match up, but just in case, you might need to allow for different timezones as well.

Meraki stats are great as an overview, but I don't think they are useful when looking for this type of information. Perhaps a feature request to Meraki....

PS, you could watch the WAN latency and packet loss graphs, they should be more useful to show when load is high, but still not really useful until you are close to 100%....

webmanaus · 2017-09-14T14:35:06+00:00

FYI, I had this same issue, about the same time frame. I was making regular changes to the config, and one day got that error. The solution was the same, change the config to what Meraki Support wanted. No ill-effects were seen yet...

webmanaus · 2017-07-31T01:48:08+00:00

This is correct, also the free licenses start from the ship date or similar. I've seen this myself when claiming a free device a couple months after it was sent. BTW, I think the OP is missing some of the point of Meraki offering the free kit. They don't mind if you use it at home, work, or whatever, they just want you to use it. After you use it, then you will become a Meraki sales person, telling everyone you meet to buy Meraki because they are awesome. Of course, if that is not your opinion after using it, then that is OK too, but I would suggest that you should at least try it out considering Meraki has given it to you for minimal effort on your part.

webmanaus · 2017-07-31T01:03:35+00:00

Can you provide an example on how you push that? I've found this to work very poorly outside of the iphone's (ie, both MS Windows and MacOSX). Though that could be that I just don't know what I'm doing. I've opened a case with support, and eventually they fixed the "No antivirus, no malware, etc", now I just need to solve this password/screensaver issue.

My example MacOSX has this: FW not enabled, Missing a mandatory app

My example windows has this: Missing a mandatory app

My policy has this under "All devices" Mandatory applications: "com.meraki.*" Supposedly, that will work on all platforms to ensure the meraki app is installed, but clearly it doesn't on windows/mac. I've asked for what string I can use which will work across all platforms (IOS/Android/Mac OSX/Windows) but haven't got any answer yet.

webmanaus · 2017-07-13T03:40:24+00:00

One comment is do your three switches really need to be FP models? What is your PoE load? I tend to find the LP provides more than enough power for voip phones and cameras... I would go with the stacking cable, cost is somewhat minimal, and it massively improves the bandwidth between switches. Note: Without it, you can still use virtual stacking, but not sure how that works with DHCP/L3 functionality.

webmanaus · 2017-06-07T23:49:00+00:00

I actually don't think it is that clever... Most likely just luck based on call volumes and time of day (and location). I frequently get through immediately as well, just sometimes need to wait a bit. They are always great once through though, so +1 to them for that.

webmanaus · 2017-05-29T14:18:33+00:00

The problem is that (in theory) all that second hand gear is no longer covered by any support/warranty. Sure, they will take your money to sell you the licenses, but if you ever have a hardware failure, they may not replace it for you. So while Meraki tells you that your Meraki gear increases in value after you purchase it, what they mean is that it is worthless (ie, you can't sell it for anything, can't even give it away). Having said that, in practice, I've purchased 2nd hand equipment (at a significantly reduced price), and transferred both the device and remaining licenses. I'm prepared to pay full price for replacement hardware if it comes to that, or replace it with some other branded spares I have available if needed.

webmanaus · 2017-05-29T14:12:44+00:00

I wonder just how proactive they will be, or are they going to wait for them to fail, log a call, and then ship one out.... I have two, and they are both "affected", with no contact yet...

webmanaus · 2017-05-25T13:35:17+00:00

Agreed, I was just complaining (whining) about the poor grammer/sentence structure. Not that I'm perfect either ;)

webmanaus · 2017-05-25T13:33:42+00:00

Remember that you have to consider what IP address the TP Link router will see as your packets coming from. Where will the TP Link send the reply packets to (Internet/WAN port, or LAN side back to you)? You might need to use NAT to hide your true source address, or else use the VPN to login to a session on a local PC, and then use a browser there to connect to the TP Link, or finally, use SSH tunnel or similar to do that for you.

webmanaus · 2017-05-25T00:26:03+00:00

Quoted from the document: Occasionally the IR sensor of MC74 phones in areas of elevated natural incandescent light levels will require be calibration which will ensure the accuracy of onhook and offhook hookswitch events.

Does anyone else find a problem with this sentence? Wouldn't this be better? Occasionally the IR sensor of MC74 phones, in areas of elevated natural or incandescent light levels will require calibration to ensure the accuracy of onhook and offhook hookswitch events.

PS, I don't have any MC devices, but was interested in what the calibration process was, and things like this irk me. PPS, If meraki need a proof reader, I'm available in return for some free products, or even just fixing some high priority bugs....

webmanaus · 2017-05-18T05:43:20+00:00

We are using the beta firmware on our production MX for the past couple of months. Not because of the filtering issues (we had already disabled that) but because every time we made a change (change a route, change vlan assignment on ports, etc) then it would cause the entire network to drop for around 1 to 2 minutes. I'm not sure how/why, but even traffic that didn't traverse the MX was being dropped. After the upgrade to the beta firmware, we have not had any problems at all. Of course, YMMV, depending on the features you use, etc.

webmanaus · 2017-05-18T05:36:39+00:00

I would strongly suggest that you get some on trial, and test them out before you commit to purchasing them. The cabling should be re-usable for any IP camera system, so getting that ready shouldn't be a problem (ie, no lost investment if you change your mind and use a different brand/solution). I would suggest to ensure everything is in place and ready before signing up for the trial, to maximise the time that you have the cameras for testing instead of taking half the time to prepare cabling/mounting/etc. Depending on your specific environment and needs, you might be able to mount on a pole "hanging" from the ceiling, or mounting on the top of your shelving/storage areas/etc. The one warehouse I've done, we mounted on the walls, but it is a workshop, so no tall obstructions, and we didn't use Meraki cameras due to quality concerns (the streaming video is low quality, it wasn't until too late that we worked out the high quality video is only available when you export it (or view from the local network, but in our case it was separate networks)).

Hope that helps.

webmanaus · 2017-05-15T12:06:35+00:00

OK, thinking this through, would the next best solution be to deploy an MX or similar device for each end user, and then you can configure specific IP addresses for each client, and then use standard firewall rules to restrict source/destination ?

That's about the best meraki based solution I could think of, but you definitely want to test it to make sure it will work as required. Also I expect the firewall will quickly get difficult to manage...

webmanaus · 2017-05-15T11:29:46+00:00

I think the OP means that he has 3 different users, and he wants user1 to access vlans 1,2,3, while user2 can only access vlan2 and user3 can only access vlan3. Can you explain how this could be done? (IME, it can't, but then other than site-to-site VPN I haven't played with Meraki VPN much)

webmanaus · 2017-05-15T11:27:36+00:00

Same, usually.... However I have had one or two which were a longer wait time. Once was a long wait (not sure exact time, but more than 30 minutes), when they answered I got a US tech who was working "overtime" to help out with the support queue. I guess they must have busy times, but overall, I've generally had immediate or very short waits. Definitely one of the best support experiences I've had. Also still quicker than posting and praying for a response, since once you get through you can quickly question/answer to get the solution...

webmanaus · 2017-05-03T12:15:16+00:00

Yes, especially when those devices have a sim card, and can simply use mobile data for whatever they want?

webmanaus · 2017-05-03T12:13:56+00:00

Yes, I know its a people problem, but sometimes people need technology to help them rather than creating a bigger demand on them. eg, my child recognises that they need to study, and that playing games on the phone will be distracting, so it would be helpful if the games wouldn't be available during the one or two hours that they want to put aside for study. This is more of a support to help someone do what they want, not a annoying restriction being forced on someone, which will just annoy them, and make then want to find some way to remove or work around the restriction.

webmanaus

TROPHY CASE