A company I'm working with is using a Neat Bar[A] and Neat Pad[A] for Zoom calling. They also use Meraki network devices for wireless (MR 42) and switching (MS 250).
As explained in the Neat documentation[A], the Neat Pad and Bar cannot continue through the setup screen when using Meraki devices with default options for DHCP.
In our environment, we have a wireless SSID that is set to bridge clients to a Wireless VLAN subnet. This SID is using a Pre-Shared Key (PSK), it's not hidden, and is using both 2.4ghz and 5ghz bands with band steering. The DHCP server is running on the Switch Virtual Interface (SVI) configured on the Wireless VLAN subnet.
When trying to connect the Neat Pad and Bar to this SSID, the setup screen allows them to connect, but it say that it's not connected to the internet. The workaround for this is to configure the DHCP options in the SVI to include an NTP time server IP.
The steps are as follows:
Open the Meraki dashboard in a browser.
Navigate to Switch > Routing & DHCP:
Click on the row to open up the Switch Interface config:
In the section “DHCP options”, click the “Add a DHCP option” button. Select “NTP Server (42)”. Copy/paste in one of the direct IPs from the NIST Internet Time Servers page: https://tf.nist.gov/tf-cgi/servers.cgi
After that, you might need to reboot the Neat devices, but the Neat Pad screen should say that the wireless connection has internet access and allow you to continue the setup.
I just upgraded to Google Fiber 2Gig and there doesn't seem to be much documentation about what each of the ports mean on the two devices that they provided:
I contacted Google Support and got as much info as I could.
Google Multi-Gig Router ports
I have the model number GFRG300. There are 1 RJ-11 port, 5 RJ-45 ports, 1 USB port, and one SFP+ port. Starting from the top:
Green RJ-11 port with phone handset icon: Line for VOIP phone
3 yellow RJ-45 ports with arrow icons: 1 gbps LAN ports. (Ports intended for devices connected to LAN, e.g. PCs, NASes)
Red RJ-45 port with globe icon: Secondary copper WAN connection. Unknown speed. Google Support stated that Router does not support dual WAN uplinks. (Port intended for setups where direct ONT fiber connection is not available and requires a modem and copper RJ-45 for uplink. Not intended for LAN connections. )
Bronze/copper RJ-45 port with the text “10” and arrow icons: 10gbps LAN port. (Port intended for a multi-gig switch or the Wifi Mesh Tri-Band Extender.)
Blue USB port: Intended for tech-support/troubleshooting service. Google Support stated there is no network connectivity supported over USB.
Silver SFP+ port with globe icon: 10gbps SFP port for WAN uplink. Google Support could not provide if this was an SFP or SFP+ port, but it's probably SFP+. (Port intended as uplink using fiber SFP module for connection to ONT.)
Google Wifi Tri-Band Mesh Extender with Wifi 6
I have the model number GFEX310. There are two RJ-45 ports and one USB port on the back of this device.
Going from left to right:
Black USB port: Intended for tech-support/troubleshooting service. Google Support stated there is no network connectivity supported over USB.
Yellow RJ-45 port with arrow icons: 1gbps LAN port (intended for LAN pass thru for wired devices)
Blue RJ-45 port with arrow icons and globe icon: 1gbps LAN port (intended for wired connection to upstream router or switch)
If you've deployed an Azure VM and did not enable the “Login with AAD credentials”, option, you can enable sign in using Azure Active Directory credentials later using Cloud Shell with this command in Azure CLI:
az vm extension set \
--publisher Microsoft.Azure.ActiveDirectory \
--name AADLoginForWindows \
--resource-group ResourceGroup \
--vm-name VMName
After running that command, you'll need to add an entry to the local group to allow interactive sign in using RDP. The extension doesn't add this permission and you will need to do it manually, running this command in a remote Powershell:
net localgroup "remote desktop users" /add "AzureAD\user@domain.com"
You will also need to add 2 lines the RDP file downloaded from the “Connect” tab so that you can connect without issues:
enablecredsspsupport:i:0
authentication level:i:2
After connecting to the VM using RDP, you will also need to disable network-level authentication from Control Panel.
In the background, the extension will change the Join Type of the VM to “Azure AD Joined” and your Devices blade will update with that information after a couple of minutes.
I wrote up a quick and dirty Powershell script today that adds a split-tunnel VPN connection, asks the user for connection info, dials the connection, then configures static routes.
# Add-MerakiVPN.ps1
# Creates a split-tunnel VPN connection and adds static routes.
# Tim D'Annecy 2021-09-08
function Add-MerakiVPN {
$ServerAddress = 'blahblahblah.dynamic-m.com' # Change this value to match your Meraki hostname
$ConnectionName = 'Meraki VPN'
$PresharedKey = 'blah' # Change this value
Add-VpnConnection `
-Name $ConnectionName `
-ServerAddress $ServerAddress `
-TunnelType L2tp `
-EncryptionLevel Optional `
-SplitTunneling `
-AllUserConnection `
-L2tpPsk $PresharedKey `
-AuthenticationMethod Pap, MSChapv2 `
-Force
$StaticRoutes = @(
'10.0.13.0/24', # Change these to match your internal subnets
'10.0.12.0/24',
'172.16.0.0/16'
)
try {
rasphone.exe -d $ConnectionName
Start-Sleep -Seconds 30
$StaticRoutes | foreach {
New-NetRoute -DestinationPrefix $_ -InterfaceAlias $ConnectionName
}
}
catch {
Write-Error 'There was an error adding the VPN connection'
exit
}
}
Add-MerakiVPN
This one-liner imports a CSV formatted with at least the header Name and a list of user names. It outputs to a CSV with the SamAccountName and Enabled properties.
I found this post on Reddit and wanted to save the command for my notes.
Running this command in Powershell will give you the PC's currently connected SSID. This is handy for troubleshooting network issues when connected remotely through a PSSession.
If you're using Microsoft Exchange Online, there's no way to currently see when a Mail Contact was created on the web dashboard.
I wanted to know when an address was added as a Mail Contact in one of our tenants, but I also wasn't able to get an audit trail using the Microsoft Compliance center.
As a workaround, this Powershell command will give the basic info for “WhenCreated”.
