JANUARY MONTHLY MISSION
PRIZES
January 15: Phillips Smart Bulb Kit
January 22: CORSAIR Gaming Keyboard & Mouse
January 29: Hyper X Gaming Head Set
Grand Prize
MISSION SHORTCUT
MISSION RULES
Correctly answer all 20 questions by February 4 and get entered to win the Grand Prize! Nest Cam Indoor Security Camera
Monthly Mission Terms and Conditions: US, UK, and Canada | Germany | Australia
Mission Shortcut Terms and Conditions: US, UK, and Canada | Germany | Australia
Yeah, it's pretty awesome ... until I have to license it all again in 3 years. Then? Well, it's expensive (cuz I doubt I'll be able to pull in the free gear again).
If you've got a similarly inclined management team you could always look into it. Meraki gives stuff away all the time since they're a license-based model. Listen to a cool webinar for an hour, contact a sales rep and they'll send you some gear. The AP alone is worth it and has cloud based management, guest capability and a built in firewall (configurable). I really like Meraki stuff and wish I could use it where I work. Alas, they say the cost is too high. Too bad for me - the automated firmware updates and automatic config download on replacement gear is so, so what I really need. Plus then I could set up SD WAN cuz ... fun (and bandwidth). Oh well.
We recently put in Meraki AP's in some of our locations. We needed a guest wireless network for customers and wanted to provide our employees with wireless capability for their phones as well. We have a social media presence for the bank however we restrict access to social media to just the small marketing department for security, bandwidth and productivity issues. The wireless allows employees to access the sites without impacting our bandwidth and keeping our network secure. The wireless uses a separate internet connection than our production network. As for productivity, that is up to the managers to monitor.
With Software Defined Networking & SaaS on the horizon (and steadily getting closer) we were able to move forward with a pair of resilient Meraki 250's in our two data centers, which will form the basis of retiring our Cisco ASA 5505's (about 80 of them), which will be replaced with Meraki Z3's.
It was the ASA's that tipped the scale in Meraki's favor. With the ASA's on the EOS list, we have a couple of years to get the last of them off the network.
We'd hoped the ASA 5506's would be a perfect replacement for the 5505's, but that's not the case. VLAN restrictions, cost increases, no POE, and a LOT more trouble setting them up for our home users' needs means the 5506's are coming out of homes, to be replaced by Z3's.
The 5506's are fine for a small neighborhood or regional site's BGP MPLS WAN connectivity.
But that left us with a large need for home connectivity that's secure and flexible. The up-front cost of the Meraki 250's isn't free, but the labor saved and their flexibility and portability made all the difference.
One BIG area that Merakis are reducing down time and expense is their ability to create a secure remote connection without requiring a reserved address. We've experienced MANY occasions where ISP's say they are reserving IP addresses for our ASA's at homes, and then they charge us extra for them, and we discover that if the user goes on vacation and powers off their ASA for a number of days, their "Reserved" Internet address is handed off to a different customer of the ISP. When they come back home and power up their ASA, it won't establish a VPN tunnel to us, and we have to drive there and reconfigure it or bring it back to troubleshoot it, and possibly replace it.
The Meraki Z3 doesn't care whether it has a static or reserved external address. It just powers up and connects to our data centers, and the user is online just as if they were at work.
These offer the best part of DM-VPN, and the only problems I have with them are:
On the other hand, the Meraki's are:
One more thing in Meraki's favor: If a unit fails in someone's home you can have Meraki ship a replacement and all the end user needs to do is plug it in. I really appreciate that aspect as our current hardware replacement model is ... wanting in comparison. Old gear and remote sites makes that part of the gig pretty unfun. I just can't justify replacing our old Cisco switches with new Meraki stuff - I ran the numbers myself. No way they'll buy into it (especially in our current financial state, lol). I'm just happy I have it for my home and, for now at least, that'll have to do.
I do really like it, though. That said, I find myself thirsting for some CLI action every now and again. Just feels better (and faster). The cloud model has some real advantages but it doesn't win the fight on all fronts.
I hear you there. In-person CLI management, whether remote via SSH, or local via USB console cable, takes others out of the Management equation. I seriously don't feel comfortable with invisible third parties approving & connecting my remote users.
ugh... again with the demo questions...
For our DoD friends:
Just a note...todays hint says to use the top 20 applications module and the referred to page only has a top 10 applications module.
The correct answer was obtained using the top 10 application module so the module name was probably a typo....
Mostly love Meraki except for one really quite large thing to watch out for - never ( really, NEVER EVER) let your subscription expire.
If a single, solitary device subscription drops, Meraki will kill every single device in your management cloud.
I've seen an entire site cease to work when all the Meraki switches, security devices and AP's all drop dead when that happens
forward the link to your phone and open it there
One would think our DoD friends wouldn't see this type of graph in their normal workday, but who knows?
There's a ton of training on YouTube these days (it's why we have a Sophos policy specifically for it) so I imagine they may see one or two of those. That said, I wouldn't be surprised at all to find they saw none.
No winner chosen for last weeks prize?
And I really need this system for my network. But I cant have it dang pre-chosen systems.
Winner has been posted!
Congrats datsde
Be very, VERY careful with Q13! "Exactness" is the key word for today. And, you have to do some digging. Told you wabbott would be sending a heater down the middle of the plate! Well played, Ms. Abbott! ;-)
lol. This has never happened to any of us...(read in sarcastic tone)
So yeah, I selected the ones that specifically say they include the dashboard and got it wrong.
Active heat map sounds good, by you forgot to say that it's only for Cisco. My Aruba WLAN is out of Solarwinds scope of monitoring (((
I found these active maps don't take into account signal strength from APs on other floors either. Manual measurement of signal strength on a middle floor was always way different than these maps would show. The client location wasn't accurate for us either as it was only updated on intervals. In our case, we had to slow that down so as not to drag down our smaller NPM instance at my last job.
Link to Amazon site for Hyper X gaming head set is broken. Missing a ":" in URL.
brett.holzhauer
Netpath really is some awesome stuff cobrien!
Question 15, January 26: The embedded video in the Clue seems to have problems--I'm not able to get it to play:
Worked for me on:
Glad you like it!
yup, it was blocked for me so I had to guess, got it wrong... there goes my perfect streak
I'm working on question 11
I included the list of Rogue devices that I'm seeing. I can't roll the clock back to the 22nd.
Any suggestions for filtering back to that day? I'm not asking for the answer, but I know when you look at the time-sensitive questions you have to modify the date range.
For my fellow DoD friends like cabarnes
Today's question #16 (January 29, 2018) highlights a shortcoming in Solarwinds' ability to tell us quickly and easily which ports have not been used in X Days, Weeks, Months, or Years.
The example test lab's open ports may have been down for a few minutes, or a few years. That's not so critical to know in a test lab, but in the real world, how long each specific port has been down IS important.
My switch port count exceeds 50,000 physical Ethernet ports, and my IT Department has over 400 members. Some of them do a great job unpatching unused network cables when a client moves cubes, and frees up an unused switch port.
Some Techs do NOT do a good job at this.
The result is no ports are open when a tech needs to patch a new computer into a switch. They call the Network Team and we can quickly and easily tell them which, if any, ports have not been used in the preceding weeks and months--up to the point where the switch last rebooted--by following this procedure:
How to create a report displaying the Last Time Data was Transmitted or Received on a Switch Port
Solarwinds, I have UDT, and it does show unused ports. But not in this detailed and granular manner. Here's hoping you can add the details of this report into UDT--and better yet, into NCM or NPM, for folks who don't own UDT.
Alert Cleared.htmlHello, I would like to share the HTML template details we have prepared so that Solarwinds alarms can become more meaningful. It can list alarm object details and connected device details separately in HTML template. Except for object and device details, you can easily add custom property information…
Cisco ASR Devices.pollerCisco ASR Devices
SWQL is built on the framework of SQL and as such supports most of the standard clauses as part of a query. A very simple example query is: SELECT Caption, IPAddress, Vendor, ResponseTime FROM Orion.Nodes Dissecting this query is relatively straightforward: show some fields (Caption, IP address, Vendor, and Response Time)…
Active SSL Tunnels-ASA.UnDPThis poller *should* display the number of Active SSL VPN (Anyconnect) Tunnels currently connected to your box. However, I tried it with my 5520 running 8.0.4 and for some reason I get a OID Not Supported. Here's my post in the forum: *EDIT* This is confirmed working with at least Interm release…
