This is an old revision of the document!
- BSSID ( Basic Service Set Identifier ): MAC physical address of the AP or wireless router that is used to connect to the WiFi
- STA (Station): Is the end station. The wifi client.
WIFI TROUBLESHOOTING
- Radio settings: https://documentation.meraki.com/MR/Radio_Settings
- Maximum power - wifi > radio settings
- Channel width: 20/40MHz
- More width means more noise (i'm listening to wider channel) but better throughput
- Less width means more stable but 54mb max
- 2.4GHz 5GHz - wifi > conf > access ctrl
- Enabling Band Steering: Configure > Access control > Wireless options
- Exclude DFS channels (see explanation below) External Link
- DFS 'events' are radar interference events (from weather radar frequencies)
- Check the following tools while the event happens or starting likely sources of interference like microwave ovens:
Channel_Utilization_Live_Tool - 4g: usually 4,6,11,14 (22MHz width) 4g-chann – 5G: ch 36-64
WIFI TYPES:
- 2GHz
- non-overlapping channels: 3
- 802.11b 11Mbps obsolete (1999)
- 802.11g 54Mbps 30m (2003)
- 802.11n 300Mbps 50m (2009)
- MCS: Modulation and Coding Scheme. The higher the better but sometimes a lower one is good as allows for fading . See this External Link
- 2G is MCS
- 5G ia VHT-MCS
GI: Guard Interval . intended to avoid signal loss from multipath effect. Short GI (~400ns)
- 5GHz
- 802.11ac 1.3Gbps (2013)
- * non-overlapping channels: 32
- 2.4/5/6GHz
- Wifi-6E (freed spectrum in 6GHz)
- * non-overlapping channels: 64
- Wifi-6: 802.11ax - this is both 2.4 and 5 GHz . 1024 quadrature amplitude modulation (QAM). eight spatial stream access points (APs)
- spatial reuse External Link
- RSSI is just signal strengh respect 1mW (diff from SNR). See link
- Multiplexing type:
- 802.11g : orthogonal frequency-division multiplexing (OFDM)
- 802.11n : orthogonal frequency-division multiplexing (OFDM)
- 802.11ac: Space-division multiple access (SDMA) + Channel bonding
- Downlink MU-MIMO
- 802.11ax: orthogonal frequency-division multiple access (OFDMA) - which is equivalent to cellular technology applied into Wi-Fi
- Down+uplink MU-MIMO
dB and dBm
- dB is multiplied by 10. For example, 30 is 3 exponent (ie: over 1000)
- dBm is not really magnitud-less. Ie is over 1 mW
PROBE AND BEACON FRAMES
- Both used for discovery. Probe and Beacon go network > client
- Probe: network to possible clients. https://blog.spacehuhn.com/probe-requestExternal Link
- But the clients can also send a
probe request
- Beacon is used by the AP so the STAs get power and time synced
DFS EVENTS:
- The AP's radar interference avoidance mechanism is a requirement in your country and the channel changes are due to the legal requirement for AP to back off of these channels. DFS events are typically triggered by aircrafts or ports emitting satellite or radar signals.
- You can see the number of occurrences by searching 'DFS events' in the dashboard event logs under Network-wide Event log. When these events occur all clients connected on a DFS channel will be disassociated from the AP, the AP will then search for a non DFS channel to operate on. The change of channel will cause some disruption to the client experience until the client associates again on the proper channel.
- To turn DFS off. To disable DFS from the dashboard go to Wireless > Radio settings and choose 'Exclude DFS channels' from the Auto Channel dropdown menu.
- Unordered List Itemsee the following for further information about DFS events: External Link
WMM (WIFI Multimedia, wireless QoS) LINK
- 802.1P. Works by tweaking the Interframe Space (IFS) and Random Backoff Timer
Event-Driven RRM. EDRRM allows an access point in distress to bypass normal RRM intervals and immediately change channels.
CLIENT WIFI ANALYSIS
iwlist wlp2s0 scan
Then to infer the mode we are : Link1
- If we see VHT we are in 802.11ac but sometimes we are in 802.11ac but cli doesn't show it
- MCS:
- By itself : 802.11bng
- HT or VHT : 802.11nac Is a transmitter parameter. Evaluates the quality of the RF environment. The higher the most sophisticated modulation we can use. Link
- NSS: 802.11ac - Number_Spatial_Streams
REST-API:
Use postman.
To ADD a static route:
curl -L -H 'X-Cisco-Meraki-API-Key: <my Key>' -H 'Content-Type: application/json' -X POST --data-binary '{"name":"test-route2","subnet":"99.99.98.0/24","gatewayIp":"10.5.0.99", "enabled": false}' 'https://dashboard.meraki.com/api/v0/networks/L_644577696667403593/staticRoutes'
To DELETE a static route:
curl -L -H 'X-Cisco-Meraki-API-Key: <my Key>' -X DELETE -H 'Content-Type: application/json' 'https://dashboard.meraki.com/api/v0/network/L_644577696667403593/staticRoutes/51a49428-b4f3-46d2-9b8b-3d5e719fbd59'
SNMP
For one network
Network-wide > General > SNMP
For the whole organization:
Organization > Settings > SNMP
BLUETOOTH:
- Search Results
Featured snippet from the web Bluetooth utilizes frequency-hopping spread spectrum technology to avoid interference problems. The ISM 2.4 GHz band is 2400 to 2483.5 MHz, and Bluetooth uses 79 radio frequency channels in this band, starting at 2402 MHz and continuing every 1 MHz
MAIN CISCO WIFI LINE
- AireOS (8540/5520/3504/vWLC) - OOL
- Aironet
- 9800 WLC
- Clean Air technology (RRM driven events)
MERAKI SECTION
CONFIGURE WIFI (quick and dirty):
- Claim AP device in inventory with its SN ('claim' link)
- Wireless > Configure > SSIDs . Set new SSID
- Wireless > Configure > Access Control . For the SSID.
CLIENT VPN TROUBLESHOOTING:
- Network-wide → clients page, you can put in the search box “is:client-vpn” or “is:client_vpn”
TROUBLESHOOTING
- Packet capture: note that we can capture in all the devices not just in the security appliance. In the packet capture page there's a transparent dropdown menu right to the 'Packet capture' heading
- To search for power cycles, check its consequences, for instance, an AP reboot will be seen in the port it is connected to flapping.
- To schedule upgrades, check this Link.
- HA a MX cluster might look GREEN and right but be careful, if, for whatever reason, vrrp is not working fine both of them will show as ACTIVE in the console and the vpn tunnel will flap no stop. Recommended albeit not documented is not to connect them back to back but via a lan firewall.
TOPOLOGY INFO:
Switch > Monitor-Switches > (Select a switch) > Topology
To see where the LAN interfaces are connection to (besides Topology option):
Network > Monitor > packet capture # not really what is connected to, just what is being learnt
Connect to the local console:
Sec. appl > Addressing & VLANs > MX IP
LICENSING ADDING DEVICE
- Claim the device with the serial number (or with the order number in the shipping email)
- licence email has subject “Your Meraki order has shipped -” sender: ship-notification@meraki.com
- Add the license. Note that license doesn't need to be bound to the device
PROCEDURE TO BUILD A RACK OF MS SWITCHES
MX NAT warm-spare deployment
VRRP heartbeats are sent across the LAN interfaces=on each VLAN every second. If no VRRP keepalives are heard by the secondary MX=on any VLAN after three seconds, the dead timer will expire triggering a failover event.
https://www.willette.works/mx-warm-spare/
PROCEDURE TO BUILD A RACK OF MS SWITCHES
- Shut down all the switches
- Connect 1 uplink from the MX to a dumb switch and each of the other 5 ports in the dumb switch to each of the MS meraki switches.
- Wait for the MS to cope up fully online (connected to meraki cloud white light)
- Shut down all the MS
- Configure the stack in the dashboard.
- Connect the stack cable (typical daisy chain)
- Do not remove the dumb switch based uplinks and Power on the all MS switches (keep the dumb switch with the uplink to the MX and the 5 patches to each of the MS)
- Once the MS download the configuration from Meraki cloud, all switches except one (master) will block their uplink ports.
- At this point, we can remove the dump switch and leave connected as an uplink the port that was not blocked (MS to MX)
PROCEDURE TO REPLACE SWITCH MEMBER
- Connect dumb switch between internet and stack. Check everything online.
- Power off new member
- Claim new-member in GUI
- Add new-member Network. Not to the stack yet.
- Power on and connect new-switch to another port of the dumb swicth, so it has internet access.
- Wait until new-switch is detected, updated and upgraded. Final state will be solid white light.
- Power off new-switch
- Clone configuration from old switch to new switch
- Switch > switch stacks > select stack > clone and replace m.
- Power off old-switch, new switch still off.
- If you have static dhcp assigment, change it now.
- Once done, we swap stack switch cables from old to new
if one of the switches not coming up in ther stack:
- disconnect the stack cables.
- power it off
- remove it from the stack logically
- connect it to internet (separatelly)
PROCEDURE TO REPLACE STANDALONE SWITCH
- Claim switch
- Add it to the network
- Select new swicth
- Choose clone and select as source the old switch
- Select everything.
- Replace physically the switch
LOG ANALYSIS
- To detect MX failover: 'You will need to look for “VRRP transition” messages for the MX failing over to the spare. As you only have 1 WAN uplink you should not see the Primary uplink status change.'
MERAKI MX UPLINK OPTIONS:
LINKS OF INTEREST
Authentication
- WPA2-Personal (PSK): Can be WPA-AES (secure) or others
- WPA2-Enterprise (ENT): Can be WPA-AES (secure) or others
- WPA-3-Personal: wpa-3 SAE Simultaneous Authentication of Equals
- WPA-3-enterprise wpa-3 SAE Simultaneous Authentication of Equals
uses a Remote Authentication Dial-In User Service (RADIUS) server to authenticate devices, while WPA Personal uses a single password for all devices.
