Sponsors
Sponsor Products
Meraki. Why I'll never use them again.
posted by Greg Whynott  on July 26, 2018, 12:25 p.m. (2 months, 20 days ago)
9 Responses     0 Plus One's     0 Comments  
If you are not in the market for a firewall, APs or switch bail now. If you are and considering Meraki, might want to read the below and do some googling. Its a bit long, sorry...



Back many moons ago I posted about a Meraki device I acquired. At first I was impressed with them, but that was before I started actually using them in a production environment.


Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____. The hardware itself may be ok but everything beyond that has been a horrible experience.

For a small shop without the resources or skill set, I could see why someone might want to consider them. Even in that situation I would highly encourage someone to look elsewhere, such as Ubiquiti Network's offerings, which I have deployed for some side contract clients and they have been problem free and happy ever since.

I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again. Buyt me a beer and I'll entertain you more. ;)


1. Licensing. This model is setup to extort, blackmail and be as clear as mud to the customer. Look at this and tell me how it makes sense. Its almost amusing listening to them try and explain it as if it was perfectly legit.

- we bought an MX100 for our VPN requirements. 1 year license- acquired a MX65 with 3 year license for the wifi fw.
For about a year these were under the same 'network' on their dashboard. I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard. When I applied the license it said it would expire in about 7 months. Scratching my head, I give them a call. In my mind we have over a year left on the MX65 and I just added another year of support to the MX100, why less than a year?
After talking to them and listening at length about 'co termination' BS and how they are shared, which still didn't add up in my mind, I asked "if we spit them so they are not sharing licenses, will this fix things?" The answer was similar to "yes, then each license will reflect the full amount"..

So I split the networks.. After that was done I applied the 1 year license, in my mind with about 30 days remaining on the support for the MX100, adding a MX100 1 year support license should give me about 390 days of support. Instead it was 309 days!!! WTF, how does that work?
Then I look at my MX64 dashboard and see it says it'll expire NEXT month! Wait, we should still have about a year on that one....

So I ask "whats up here, please explain"...

The answer I get back is they are "sharing their time". The optics suggest they straight up ripped us off for about 2 years of support.

I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low. I've never seen a more cantankerous licensing model in my life. Talk about smoke and mirrors and making it as complex as possible. The internet is full of people complaining about this, for a while I thought I was the only one who didn't "get it"...

How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely? So odd...
One guy got a free "life time license" but after he started using it and added more Meraki devices, his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"... ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice )


2. No insight. I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself. But because they offer no access to the device, you can't view debug logs or any other problem solving / investigation yourself without involving them.


3. Support. its a bunch of kids it appears. I noticed the Meraki was literately scanning our internal networks. Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines. I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7, that's the window size of the packet") A network support team who doesn't understand basic networking or able to decode a simple packet trace.. great. They claim the Meraki is connecting to my internal machines because we are using AD to authenticate.. ???? ok....

Then they ask me "I see the account ads_proxy is used by a lot of machines, can you tell us about that account?". ads_proxy is the account we use to bind to the AD. How do they know all our internal machines are using that account to bind to the AD? This is a VPN device, there are no default routes to it. It concerns me they have such insight to our internal network. Were they doing unauthorized queries to our AD of some sort? It seems dirty and bad. I can't even add a rule to prevent this.

tldr. :)

-g
























Thread Tags:
  discuss-at-studiosysadmins 

Response from Ken Spickler @ Aug. 9, 2018, 11:35 a.m.
This thread is going in the direction where this would be appropriate.
https://youtu.be/Ac7G7xOG2Ag

Ken SpicklerSent from iPhone. Srry for tpos.
On Aug 9, 2018, at 8:02 AM, Dan Young <dan.robert.young@gmail.com> wrote:

Of course, without blockchain how will we expect quorum on the AI-cloud-based licensing? 
On Thu, Aug 9, 2018 at 10:34 AM, Matt Plec <mplec@mplec.com> wrote:
I refuse to even consider it until it has blockchain.
On Wed, Aug 8, 2018 at 10:34 PM, Greg Dickie <greg@justaguy.ca> wrote:
AI Cloud based licensing. One more buzz word so better

--Greg Dickiejust a guy514-983-5400
On Aug 8, 2018, at 16:56, Jean-Francois Panisset <panisset@gmail.com> wrote:

Clearly someone needs to market "AI based licensing".
JF

On Wed, Aug 8, 2018 at 12:00 AM, julian firminger <justdigitalfilm@gmail.com> wrote:
I was going to say something quippy about MS licensing but I clicked on the Science Behind Licensing link.  Was not dissapointed.  


Julian Firminger

Senior Systems AdministratorUnited Broadcast FacilitiesAmsterdam, The Netherlands

On Tue, Aug 7, 2018 at 9:39 PM, greg whynott <greg.whynott@gmail.com> wrote:


Classic.  Need a degree...
-g



On Thu, Jul 26, 2018 at 12:32 PM, Shawn Wallbridge <swallbridge@gmail.com> wrote:
When I got the quote to add a single Meraki access point, I was
floored. I replaced our two existing Meraki units with Unifi and saved
money. I hadn't even seen the renewal quote at that time. When that
came in I sure was glad I had already replaced them.

Unifi did bite me in the ass when they EOL'ed my older AP's. They gave
us plenty of warning, but stated they would continue to work, just no
longer get config updates. I was fine with that, but what they didn't
tell me is our default user policies would apply to all users, which
meant everyone got caped at 2Mbps, so I had to replace the older AP's
pretty quickly.

shawn


On Thu, Jul 26, 2018 at 12:23 PM greg whynott <greg.whynott@gmail.com> wrote:
>
> If you are not in the market for a firewall,  APs or switch bail now.  If you are and considering Meraki,  might want to read the below and do some googling.   Its a bit long,  sorry...
>
>
>
> Back many moons ago I posted about a Meraki device I acquired.  At first I was impressed with them,  but that was before I started actually using them in a production environment.
>
>
> Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____.    The hardware itself may be ok but everything beyond that has been a horrible experience.
>
>
> For a small shop without the resources or skill set,  I could see why someone might want to consider them.  Even in that situation I would highly encourage someone to look elsewhere,  such as Ubiquiti Network's offerings,  which I have deployed for some side contract clients and they have been problem free and happy ever since.
>
>
> I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again.  Buyt me a beer and I'll entertain you more.  ;)
>
>
> 1. Licensing.  This model is setup to extort, blackmail and be as clear as mud to the customer.   Look at this and tell me how it makes sense.  Its almost amusing listening to them try and explain it as if it was perfectly legit.
>
> - we bought an MX100 for our VPN requirements.   1 year license
> - acquired a MX65 with 3 year license for the wifi fw.
>
> For about a year these were under the same 'network' on their dashboard.   I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard.    When I applied the license it said it would expire in about 7 months.   Scratching my head,  I give them a call.   In my mind we have over a year left on the MX65 and I just added another year of support to the MX100,  why less than a year?
>
> After talking to them and listening at length about 'co termination' BS and how they are shared,  which still didn't add up in my mind,  I asked "if we spit them so they are not sharing licenses,  will this fix things?"   The answer was similar to "yes,  then each license will reflect the full amount"..
>
>
> So I split the networks..     After that was done I applied the 1 year license,   in my mind with about 30 days remaining on the support for the MX100,  adding a MX100 1 year support license should give me about 390 days of support.  Instead it was 309 days!!!  WTF,  how does that work?
>
> Then I look at my MX64 dashboard and see it says it'll expire NEXT month!    Wait,  we should still have about a year on that one....
>
>
> So I ask "whats up here,  please explain"...
>
> The answer I get back is they are "sharing their time".    The optics suggest they straight up ripped us off for about 2 years of support.
>
>   I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low.    I've never seen a more cantankerous licensing model in my life.  Talk about smoke and mirrors and making it as complex as possible.  The internet is full of people complaining about this,  for a while I thought I was the only one who didn't "get it"...
>
> How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely?    So odd...
>
> One guy got a free "life time license" but after he started using it and added more Meraki devices,  his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"...  ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice )
>
>
> 2.  No insight.    I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself.  But because they offer no access to the device,  you can't view debug logs or any other problem solving / investigation yourself without involving them.
>
>
> 3. Support.   its a bunch of kids it appears.   I noticed the Meraki was literately scanning our internal networks.  Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines.    I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7,  that's the window size of the packet")   A network support team who doesn't understand basic networking or able to decode a simple packet trace..  great.      They claim the Meraki is connecting to my internal machines because we are using AD to authenticate..  ????  ok....
>
> Then they ask me "I see the account ads_proxy is used by a lot of machines,  can you tell us about that account?".   ads_proxy is the account we use to bind to the AD.   How do they know all our internal machines are using that account to bind to the AD?    This is a VPN device,  there are no default routes to it.    It concerns me they have such insight to our internal network.    Were they doing unauthorized queries to our AD of some sort?    It seems dirty and bad.    I can't even add a rule to prevent this.
>
>
> tldr.  :)
>
>
> -g
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

0 Plus One's     0 Comments  
   

Response from Anonymous @ Aug. 9, 2018, 11:10 a.m.
Dan young. No vendors please. Do one! On Aug 9, 2018, 07:35 -0700, Matt Plec <mplec@mplec.com>, wrote:
I refuse to even consider it until it has blockchain.
On Wed, Aug 8, 2018 at 10:34 PM, Greg Dickie <greg@justaguy.ca> wrote:
AI Cloud based licensing. One more buzz word so better

-- Greg Dickie just a guy 514-983-5400
On Aug 8, 2018, at 16:56, Jean-Francois Panisset <panisset@gmail.com> wrote:

Clearly someone needs to market "AI based licensing".
JF

On Wed, Aug 8, 2018 at 12:00 AM, julian firminger <justdigitalfilm@gmail.com> wrote:
I was going to say something quippy about MS licensing but I clicked on the Science Behind Licensing link.  Was not dissapointed.  


Julian Firminger

Senior Systems Administrator United Broadcast Facilities Amsterdam, The Netherlands

On Tue, Aug 7, 2018 at 9:39 PM, greg whynott <greg.whynott@gmail.com> wrote:


Classic.  Need a degree...
-g



On Thu, Jul 26, 2018 at 12:32 PM, Shawn Wallbridge <swallbridge@gmail.com> wrote:
When I got the quote to add a single Meraki access point, I was
floored. I replaced our two existing Meraki units with Unifi and saved
money. I hadn't even seen the renewal quote at that time. When that
came in I sure was glad I had already replaced them.

Unifi did bite me in the ass when they EOL'ed my older AP's. They gave
us plenty of warning, but stated they would continue to work, just no
longer get config updates. I was fine with that, but what they didn't
tell me is our default user policies would apply to all users, which
meant everyone got caped at 2Mbps, so I had to replace the older AP's
pretty quickly.

shawn


On Thu, Jul 26, 2018 at 12:23 PM greg whynott <greg.whynott@gmail.com> wrote:
>
> If you are not in the market for a firewall,  APs or switch bail now.  If you are and considering Meraki,  might want to read the below and do some googling.   Its a bit long,  sorry...
>
>
>
> Back many moons ago I posted about a Meraki device I acquired.  At first I was impressed with them,  but that was before I started actually using them in a production environment.
>
>
> Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____.    The hardware itself may be ok but everything beyond that has been a horrible experience.
>
>
> For a small shop without the resources or skill set,  I could see why someone might want to consider them.  Even in that situation I would highly encourage someone to look elsewhere,  such as Ubiquiti Network's offerings,  which I have deployed for some side contract clients and they have been problem free and happy ever since.
>
>
> I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again.  Buyt me a beer and I'll entertain you more.  ;)
>
>
> 1. Licensing.  This model is setup to extort, blackmail and be as clear as mud to the customer.   Look at this and tell me how it makes sense.  Its almost amusing listening to them try and explain it as if it was perfectly legit.
>
> - we bought an MX100 for our VPN requirements.   1 year license
> - acquired a MX65 with 3 year license for the wifi fw.
>
> For about a year these were under the same 'network' on their dashboard.   I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard.    When I applied the license it said it would expire in about 7 months.   Scratching my head,  I give them a call.   In my mind we have over a year left on the MX65 and I just added another year of support to the MX100,  why less than a year?
>
> After talking to them and listening at length about 'co termination' BS and how they are shared,  which still didn't add up in my mind,  I asked "if we spit them so they are not sharing licenses,  will this fix things?"   The answer was similar to "yes,  then each license will reflect the full amount"..
>
>
> So I split the networks..     After that was done I applied the 1 year license,   in my mind with about 30 days remaining on the support for the MX100,  adding a MX100 1 year support license should give me about 390 days of support.  Instead it was 309 days!!!  WTF,  how does that work?
>
> Then I look at my MX64 dashboard and see it says it'll expire NEXT month!    Wait,  we should still have about a year on that one....
>
>
> So I ask "whats up here,  please explain"...
>
> The answer I get back is they are "sharing their time".    The optics suggest they straight up ripped us off for about 2 years of support.
>
>   I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low.    I've never seen a more cantankerous licensing model in my life.  Talk about smoke and mirrors and making it as complex as possible.  The internet is full of people complaining about this,  for a while I thought I was the only one who didn't "get it"...
>
> How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely?    So odd...
>
> One guy got a free "life time license" but after he started using it and added more Meraki devices,  his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"...  ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice )
>
>
> 2.  No insight.    I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself.  But because they offer no access to the device,  you can't view debug logs or any other problem solving / investigation yourself without involving them.
>
>
> 3. Support.   its a bunch of kids it appears.   I noticed the Meraki was literately scanning our internal networks.  Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines.    I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7,  that's the window size of the packet")   A network support team who doesn't understand basic networking or able to decode a simple packet trace..  great.      They claim the Meraki is connecting to my internal machines because we are using AD to authenticate..  ????  ok....
>
> Then they ask me "I see the account ads_proxy is used by a lot of machines,  can you tell us about that account?".   ads_proxy is the account we use to bind to the AD.   How do they know all our internal machines are using that account to bind to the AD?    This is a VPN device,  there are no default routes to it.    It concerns me they have such insight to our internal network.    Were they doing unauthorized queries to our AD of some sort?    It seems dirty and bad.    I can't even add a rule to prevent this.
>
>
> tldr.  :)
>
>
> -g
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

0 Plus One's     0 Comments  
   

Response from Dan Young @ Aug. 9, 2018, 11:05 a.m.
Of course, without blockchain how will we expect quorum on the AI-cloud-based licensing?
On Thu, Aug 9, 2018 at 10:34 AM, Matt Plec <mplec@mplec.com> wrote:
I refuse to even consider it until it has blockchain.
On Wed, Aug 8, 2018 at 10:34 PM, Greg Dickie <greg@justaguy.ca> wrote:
AI Cloud based licensing. One more buzz word so better

--Greg Dickiejust a guy514-983-5400
On Aug 8, 2018, at 16:56, Jean-Francois Panisset <panisset@gmail.com> wrote:

Clearly someone needs to market "AI based licensing".
JF

On Wed, Aug 8, 2018 at 12:00 AM, julian firminger <justdigitalfilm@gmail.com> wrote:
I was going to say something quippy about MS licensing but I clicked on the Science Behind Licensing link. Was not dissapointed.


Julian Firminger

Senior Systems AdministratorUnited Broadcast FacilitiesAmsterdam, The Netherlands

On Tue, Aug 7, 2018 at 9:39 PM, greg whynott <greg.whynott@gmail.com> wrote:


Classic. Need a degree...
-g



On Thu, Jul 26, 2018 at 12:32 PM, Shawn Wallbridge <swallbridge@gmail.com> wrote:
When I got the quote to add a single Meraki access point, I was
floored. I replaced our two existing Meraki units with Unifi and saved
money. I hadn't even seen the renewal quote at that time. When that
came in I sure was glad I had already replaced them.

Unifi did bite me in the ass when they EOL'ed my older AP's. They gave
us plenty of warning, but stated they would continue to work, just no
longer get config updates. I was fine with that, but what they didn't
tell me is our default user policies would apply to all users, which
meant everyone got caped at 2Mbps, so I had to replace the older AP's
pretty quickly.

shawn


On Thu, Jul 26, 2018 at 12:23 PM greg whynott <greg.whynott@gmail.com> wrote:
>
> If you are not in the market for a firewall, APs or switch bail now. If you are and considering Meraki, might want to read the below and do some googling. Its a bit long, sorry...
>
>
>
> Back many moons ago I posted about a Meraki device I acquired. At first I was impressed with them, but that was before I started actually using them in a production environment.
>
>
> Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____. The hardware itself may be ok but everything beyond that has been a horrible experience.
>
>
> For a small shop without the resources or skill set, I could see why someone might want to consider them. Even in that situation I would highly encourage someone to look elsewhere, such as Ubiquiti Network's offerings, which I have deployed for some side contract clients and they have been problem free and happy ever since.
>
>
> I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again. Buyt me a beer and I'll entertain you more. ;)
>
>
> 1. Licensing. This model is setup to extort, blackmail and be as clear as mud to the customer. Look at this and tell me how it makes sense. Its almost amusing listening to them try and explain it as if it was perfectly legit.
>
> - we bought an MX100 for our VPN requirements. 1 year license
> - acquired a MX65 with 3 year license for the wifi fw.
>
> For about a year these were under the same 'network' on their dashboard. I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard. When I applied the license it said it would expire in about 7 months. Scratching my head, I give them a call. In my mind we have over a year left on the MX65 and I just added another year of support to the MX100, why less than a year?
>
> After talking to them and listening at length about 'co termination' BS and how they are shared, which still didn't add up in my mind, I asked "if we spit them so they are not sharing licenses, will this fix things?" The answer was similar to "yes, then each license will reflect the full amount"..
>
>
> So I split the networks.. After that was done I applied the 1 year license, in my mind with about 30 days remaining on the support for the MX100, adding a MX100 1 year support license should give me about 390 days of support. Instead it was 309 days!!! WTF, how does that work?
>
> Then I look at my MX64 dashboard and see it says it'll expire NEXT month! Wait, we should still have about a year on that one....
>
>
> So I ask "whats up here, please explain"...
>
> The answer I get back is they are "sharing their time". The optics suggest they straight up ripped us off for about 2 years of support.
>
> I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low. I've never seen a more cantankerous licensing model in my life. Talk about smoke and mirrors and making it as complex as possible. The internet is full of people complaining about this, for a while I thought I was the only one who didn't "get it"...
>
> How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely? So odd...
>
> One guy got a free "life time license" but after he started using it and added more Meraki devices, his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"... ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice )
>
>
> 2. No insight. I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself. But because they offer no access to the device, you can't view debug logs or any other problem solving / investigation yourself without involving them.
>
>
> 3. Support. its a bunch of kids it appears. I noticed the Meraki was literately scanning our internal networks. Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines. I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7, that's the window size of the packet") A network support team who doesn't understand basic networking or able to decode a simple packet trace.. great. They claim the Meraki is connecting to my internal machines because we are using AD to authenticate.. ???? ok....
>
> Then they ask me "I see the account ads_proxy is used by a lot of machines, can you tell us about that account?". ads_proxy is the account we use to bind to the AD. How do they know all our internal machines are using that account to bind to the AD? This is a VPN device, there are no default routes to it. It concerns me they have such insight to our internal network. Were they doing unauthorized queries to our AD of some sort? It seems dirty and bad. I can't even add a rule to prevent this.
>
>
> tldr. :)
>
>
> -g
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


0 Plus One's     0 Comments  
   

Response from Matt Plec @ Aug. 9, 2018, 10:40 a.m.
I refuse to even consider it until it has blockchain.
On Wed, Aug 8, 2018 at 10:34 PM, Greg Dickie <greg@justaguy.ca> wrote:
AI Cloud based licensing. One more buzz word so better

--Greg Dickiejust a guy514-983-5400
On Aug 8, 2018, at 16:56, Jean-Francois Panisset <panisset@gmail.com> wrote:

Clearly someone needs to market "AI based licensing".
JF

On Wed, Aug 8, 2018 at 12:00 AM, julian firminger <justdigitalfilm@gmail.com> wrote:
I was going to say something quippy about MS licensing but I clicked on the Science Behind Licensing link. Was not dissapointed.


Julian Firminger

Senior Systems AdministratorUnited Broadcast FacilitiesAmsterdam, The Netherlands

On Tue, Aug 7, 2018 at 9:39 PM, greg whynott <greg.whynott@gmail.com> wrote:


Classic. Need a degree...
-g



On Thu, Jul 26, 2018 at 12:32 PM, Shawn Wallbridge <swallbridge@gmail.com> wrote:
When I got the quote to add a single Meraki access point, I was
floored. I replaced our two existing Meraki units with Unifi and saved
money. I hadn't even seen the renewal quote at that time. When that
came in I sure was glad I had already replaced them.

Unifi did bite me in the ass when they EOL'ed my older AP's. They gave
us plenty of warning, but stated they would continue to work, just no
longer get config updates. I was fine with that, but what they didn't
tell me is our default user policies would apply to all users, which
meant everyone got caped at 2Mbps, so I had to replace the older AP's
pretty quickly.

shawn


On Thu, Jul 26, 2018 at 12:23 PM greg whynott <greg.whynott@gmail.com> wrote:
>
> If you are not in the market for a firewall, APs or switch bail now. If you are and considering Meraki, might want to read the below and do some googling. Its a bit long, sorry...
>
>
>
> Back many moons ago I posted about a Meraki device I acquired. At first I was impressed with them, but that was before I started actually using them in a production environment.
>
>
> Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____. The hardware itself may be ok but everything beyond that has been a horrible experience.
>
>
> For a small shop without the resources or skill set, I could see why someone might want to consider them. Even in that situation I would highly encourage someone to look elsewhere, such as Ubiquiti Network's offerings, which I have deployed for some side contract clients and they have been problem free and happy ever since.
>
>
> I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again. Buyt me a beer and I'll entertain you more. ;)
>
>
> 1. Licensing. This model is setup to extort, blackmail and be as clear as mud to the customer. Look at this and tell me how it makes sense. Its almost amusing listening to them try and explain it as if it was perfectly legit.
>
> - we bought an MX100 for our VPN requirements. 1 year license
> - acquired a MX65 with 3 year license for the wifi fw.
>
> For about a year these were under the same 'network' on their dashboard. I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard. When I applied the license it said it would expire in about 7 months. Scratching my head, I give them a call. In my mind we have over a year left on the MX65 and I just added another year of support to the MX100, why less than a year?
>
> After talking to them and listening at length about 'co termination' BS and how they are shared, which still didn't add up in my mind, I asked "if we spit them so they are not sharing licenses, will this fix things?" The answer was similar to "yes, then each license will reflect the full amount"..
>
>
> So I split the networks.. After that was done I applied the 1 year license, in my mind with about 30 days remaining on the support for the MX100, adding a MX100 1 year support license should give me about 390 days of support. Instead it was 309 days!!! WTF, how does that work?
>
> Then I look at my MX64 dashboard and see it says it'll expire NEXT month! Wait, we should still have about a year on that one....
>
>
> So I ask "whats up here, please explain"...
>
> The answer I get back is they are "sharing their time". The optics suggest they straight up ripped us off for about 2 years of support.
>
> I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low. I've never seen a more cantankerous licensing model in my life. Talk about smoke and mirrors and making it as complex as possible. The internet is full of people complaining about this, for a while I thought I was the only one who didn't "get it"...
>
> How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely? So odd...
>
> One guy got a free "life time license" but after he started using it and added more Meraki devices, his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"... ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice )
>
>
> 2. No insight. I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself. But because they offer no access to the device, you can't view debug logs or any other problem solving / investigation yourself without involving them.
>
>
> 3. Support. its a bunch of kids it appears. I noticed the Meraki was literately scanning our internal networks. Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines. I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7, that's the window size of the packet") A network support team who doesn't understand basic networking or able to decode a simple packet trace.. great. They claim the Meraki is connecting to my internal machines because we are using AD to authenticate.. ???? ok....
>
> Then they ask me "I see the account ads_proxy is used by a lot of machines, can you tell us about that account?". ads_proxy is the account we use to bind to the AD. How do they know all our internal machines are using that account to bind to the AD? This is a VPN device, there are no default routes to it. It concerns me they have such insight to our internal network. Were they doing unauthorized queries to our AD of some sort? It seems dirty and bad. I can't even add a rule to prevent this.
>
>
> tldr. :)
>
>
> -g
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


0 Plus One's     0 Comments  
   

Response from Greg Dickie @ Aug. 8, 2018, 5:35 p.m.
AI Cloud based licensing. One more buzz word so better

--Greg Dickiejust a guy514-983-5400
On Aug 8, 2018, at 16:56, Jean-Francois Panisset <panisset@gmail.com> wrote:

Clearly someone needs to market "AI based licensing".
JF

On Wed, Aug 8, 2018 at 12:00 AM, julian firminger <justdigitalfilm@gmail.com> wrote:
I was going to say something quippy about MS licensing but I clicked on the Science Behind Licensing link.  Was not dissapointed.  


Julian Firminger

Senior Systems AdministratorUnited Broadcast FacilitiesAmsterdam, The Netherlands

On Tue, Aug 7, 2018 at 9:39 PM, greg whynott <greg.whynott@gmail.com> wrote:


Classic.  Need a degree...
-g



On Thu, Jul 26, 2018 at 12:32 PM, Shawn Wallbridge <swallbridge@gmail.com> wrote:
When I got the quote to add a single Meraki access point, I was
floored. I replaced our two existing Meraki units with Unifi and saved
money. I hadn't even seen the renewal quote at that time. When that
came in I sure was glad I had already replaced them.

Unifi did bite me in the ass when they EOL'ed my older AP's. They gave
us plenty of warning, but stated they would continue to work, just no
longer get config updates. I was fine with that, but what they didn't
tell me is our default user policies would apply to all users, which
meant everyone got caped at 2Mbps, so I had to replace the older AP's
pretty quickly.

shawn


On Thu, Jul 26, 2018 at 12:23 PM greg whynott <greg.whynott@gmail.com> wrote:
>
> If you are not in the market for a firewall,  APs or switch bail now.  If you are and considering Meraki,  might want to read the below and do some googling.   Its a bit long,  sorry...
>
>
>
> Back many moons ago I posted about a Meraki device I acquired.  At first I was impressed with them,  but that was before I started actually using them in a production environment.
>
>
> Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____.    The hardware itself may be ok but everything beyond that has been a horrible experience.
>
>
> For a small shop without the resources or skill set,  I could see why someone might want to consider them.  Even in that situation I would highly encourage someone to look elsewhere,  such as Ubiquiti Network's offerings,  which I have deployed for some side contract clients and they have been problem free and happy ever since.
>
>
> I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again.  Buyt me a beer and I'll entertain you more.  ;)
>
>
> 1. Licensing.  This model is setup to extort, blackmail and be as clear as mud to the customer.   Look at this and tell me how it makes sense.  Its almost amusing listening to them try and explain it as if it was perfectly legit.
>
> - we bought an MX100 for our VPN requirements.   1 year license
> - acquired a MX65 with 3 year license for the wifi fw.
>
> For about a year these were under the same 'network' on their dashboard.   I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard.    When I applied the license it said it would expire in about 7 months.   Scratching my head,  I give them a call.   In my mind we have over a year left on the MX65 and I just added another year of support to the MX100,  why less than a year?
>
> After talking to them and listening at length about 'co termination' BS and how they are shared,  which still didn't add up in my mind,  I asked "if we spit them so they are not sharing licenses,  will this fix things?"   The answer was similar to "yes,  then each license will reflect the full amount"..
>
>
> So I split the networks..     After that was done I applied the 1 year license,   in my mind with about 30 days remaining on the support for the MX100,  adding a MX100 1 year support license should give me about 390 days of support.  Instead it was 309 days!!!  WTF,  how does that work?
>
> Then I look at my MX64 dashboard and see it says it'll expire NEXT month!    Wait,  we should still have about a year on that one....
>
>
> So I ask "whats up here,  please explain"...
>
> The answer I get back is they are "sharing their time".    The optics suggest they straight up ripped us off for about 2 years of support.
>
>   I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low.    I've never seen a more cantankerous licensing model in my life.  Talk about smoke and mirrors and making it as complex as possible.  The internet is full of people complaining about this,  for a while I thought I was the only one who didn't "get it"...
>
> How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely?    So odd...
>
> One guy got a free "life time license" but after he started using it and added more Meraki devices,  his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"...  ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice )
>
>
> 2.  No insight.    I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself.  But because they offer no access to the device,  you can't view debug logs or any other problem solving / investigation yourself without involving them.
>
>
> 3. Support.   its a bunch of kids it appears.   I noticed the Meraki was literately scanning our internal networks.  Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines.    I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7,  that's the window size of the packet")   A network support team who doesn't understand basic networking or able to decode a simple packet trace..  great.      They claim the Meraki is connecting to my internal machines because we are using AD to authenticate..  ????  ok....
>
> Then they ask me "I see the account ads_proxy is used by a lot of machines,  can you tell us about that account?".   ads_proxy is the account we use to bind to the AD.   How do they know all our internal machines are using that account to bind to the AD?    This is a VPN device,  there are no default routes to it.    It concerns me they have such insight to our internal network.    Were they doing unauthorized queries to our AD of some sort?    It seems dirty and bad.    I can't even add a rule to prevent this.
>
>
> tldr.  :)
>
>
> -g
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

0 Plus One's     0 Comments  
   

Response from Jean-Francois Panisset @ Aug. 8, 2018, 5 p.m.
Clearly someone needs to market "AI based licensing".
JF

On Wed, Aug 8, 2018 at 12:00 AM, julian firminger <justdigitalfilm@gmail.com> wrote:
I was going to say something quippy about MS licensing but I clicked on the Science Behind Licensing link. Was not dissapointed.


Julian Firminger

Senior Systems AdministratorUnited Broadcast FacilitiesAmsterdam, The Netherlands

On Tue, Aug 7, 2018 at 9:39 PM, greg whynott <greg.whynott@gmail.com> wrote:


Classic. Need a degree...
-g



On Thu, Jul 26, 2018 at 12:32 PM, Shawn Wallbridge <swallbridge@gmail.com> wrote:
When I got the quote to add a single Meraki access point, I was
floored. I replaced our two existing Meraki units with Unifi and saved
money. I hadn't even seen the renewal quote at that time. When that
came in I sure was glad I had already replaced them.

Unifi did bite me in the ass when they EOL'ed my older AP's. They gave
us plenty of warning, but stated they would continue to work, just no
longer get config updates. I was fine with that, but what they didn't
tell me is our default user policies would apply to all users, which
meant everyone got caped at 2Mbps, so I had to replace the older AP's
pretty quickly.

shawn


On Thu, Jul 26, 2018 at 12:23 PM greg whynott <greg.whynott@gmail.com> wrote:
>
> If you are not in the market for a firewall, APs or switch bail now. If you are and considering Meraki, might want to read the below and do some googling. Its a bit long, sorry...
>
>
>
> Back many moons ago I posted about a Meraki device I acquired. At first I was impressed with them, but that was before I started actually using them in a production environment.
>
>
> Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____. The hardware itself may be ok but everything beyond that has been a horrible experience.
>
>
> For a small shop without the resources or skill set, I could see why someone might want to consider them. Even in that situation I would highly encourage someone to look elsewhere, such as Ubiquiti Network's offerings, which I have deployed for some side contract clients and they have been problem free and happy ever since.
>
>
> I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again. Buyt me a beer and I'll entertain you more. ;)
>
>
> 1. Licensing. This model is setup to extort, blackmail and be as clear as mud to the customer. Look at this and tell me how it makes sense. Its almost amusing listening to them try and explain it as if it was perfectly legit.
>
> - we bought an MX100 for our VPN requirements. 1 year license
> - acquired a MX65 with 3 year license for the wifi fw.
>
> For about a year these were under the same 'network' on their dashboard. I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard. When I applied the license it said it would expire in about 7 months. Scratching my head, I give them a call. In my mind we have over a year left on the MX65 and I just added another year of support to the MX100, why less than a year?
>
> After talking to them and listening at length about 'co termination' BS and how they are shared, which still didn't add up in my mind, I asked "if we spit them so they are not sharing licenses, will this fix things?" The answer was similar to "yes, then each license will reflect the full amount"..
>
>
> So I split the networks.. After that was done I applied the 1 year license, in my mind with about 30 days remaining on the support for the MX100, adding a MX100 1 year support license should give me about 390 days of support. Instead it was 309 days!!! WTF, how does that work?
>
> Then I look at my MX64 dashboard and see it says it'll expire NEXT month! Wait, we should still have about a year on that one....
>
>
> So I ask "whats up here, please explain"...
>
> The answer I get back is they are "sharing their time". The optics suggest they straight up ripped us off for about 2 years of support.
>
> I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low. I've never seen a more cantankerous licensing model in my life. Talk about smoke and mirrors and making it as complex as possible. The internet is full of people complaining about this, for a while I thought I was the only one who didn't "get it"...
>
> How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely? So odd...
>
> One guy got a free "life time license" but after he started using it and added more Meraki devices, his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"... ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice )
>
>
> 2. No insight. I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself. But because they offer no access to the device, you can't view debug logs or any other problem solving / investigation yourself without involving them.
>
>
> 3. Support. its a bunch of kids it appears. I noticed the Meraki was literately scanning our internal networks. Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines. I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7, that's the window size of the packet") A network support team who doesn't understand basic networking or able to decode a simple packet trace.. great. They claim the Meraki is connecting to my internal machines because we are using AD to authenticate.. ???? ok....
>
> Then they ask me "I see the account ads_proxy is used by a lot of machines, can you tell us about that account?". ads_proxy is the account we use to bind to the AD. How do they know all our internal machines are using that account to bind to the AD? This is a VPN device, there are no default routes to it. It concerns me they have such insight to our internal network. Were they doing unauthorized queries to our AD of some sort? It seems dirty and bad. I can't even add a rule to prevent this.
>
>
> tldr. :)
>
>
> -g
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


0 Plus One's     0 Comments  
   

Response from Julian Firminger @ Aug. 8, 2018, 3:05 a.m.
I was going to say something quippy about MS licensing but I clicked on the Science Behind Licensing link. Was not dissapointed.


Julian Firminger

Senior Systems AdministratorUnited Broadcast FacilitiesAmsterdam, The Netherlands

On Tue, Aug 7, 2018 at 9:39 PM, greg whynott <greg.whynott@gmail.com> wrote:


Classic. Need a degree...
-g



On Thu, Jul 26, 2018 at 12:32 PM, Shawn Wallbridge <swallbridge@gmail.com> wrote:
When I got the quote to add a single Meraki access point, I was
floored. I replaced our two existing Meraki units with Unifi and saved
money. I hadn't even seen the renewal quote at that time. When that
came in I sure was glad I had already replaced them.

Unifi did bite me in the ass when they EOL'ed my older AP's. They gave
us plenty of warning, but stated they would continue to work, just no
longer get config updates. I was fine with that, but what they didn't
tell me is our default user policies would apply to all users, which
meant everyone got caped at 2Mbps, so I had to replace the older AP's
pretty quickly.

shawn


On Thu, Jul 26, 2018 at 12:23 PM greg whynott <greg.whynott@gmail.com> wrote:
>
> If you are not in the market for a firewall, APs or switch bail now. If you are and considering Meraki, might want to read the below and do some googling. Its a bit long, sorry...
>
>
>
> Back many moons ago I posted about a Meraki device I acquired. At first I was impressed with them, but that was before I started actually using them in a production environment.
>
>
> Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____. The hardware itself may be ok but everything beyond that has been a horrible experience.
>
>
> For a small shop without the resources or skill set, I could see why someone might want to consider them. Even in that situation I would highly encourage someone to look elsewhere, such as Ubiquiti Network's offerings, which I have deployed for some side contract clients and they have been problem free and happy ever since.
>
>
> I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again. Buyt me a beer and I'll entertain you more. ;)
>
>
> 1. Licensing. This model is setup to extort, blackmail and be as clear as mud to the customer. Look at this and tell me how it makes sense. Its almost amusing listening to them try and explain it as if it was perfectly legit.
>
> - we bought an MX100 for our VPN requirements. 1 year license
> - acquired a MX65 with 3 year license for the wifi fw.
>
> For about a year these were under the same 'network' on their dashboard. I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard. When I applied the license it said it would expire in about 7 months. Scratching my head, I give them a call. In my mind we have over a year left on the MX65 and I just added another year of support to the MX100, why less than a year?
>
> After talking to them and listening at length about 'co termination' BS and how they are shared, which still didn't add up in my mind, I asked "if we spit them so they are not sharing licenses, will this fix things?" The answer was similar to "yes, then each license will reflect the full amount"..
>
>
> So I split the networks.. After that was done I applied the 1 year license, in my mind with about 30 days remaining on the support for the MX100, adding a MX100 1 year support license should give me about 390 days of support. Instead it was 309 days!!! WTF, how does that work?
>
> Then I look at my MX64 dashboard and see it says it'll expire NEXT month! Wait, we should still have about a year on that one....
>
>
> So I ask "whats up here, please explain"...
>
> The answer I get back is they are "sharing their time". The optics suggest they straight up ripped us off for about 2 years of support.
>
> I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low. I've never seen a more cantankerous licensing model in my life. Talk about smoke and mirrors and making it as complex as possible. The internet is full of people complaining about this, for a while I thought I was the only one who didn't "get it"...
>
> How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely? So odd...
>
> One guy got a free "life time license" but after he started using it and added more Meraki devices, his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"... ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice )
>
>
> 2. No insight. I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself. But because they offer no access to the device, you can't view debug logs or any other problem solving / investigation yourself without involving them.
>
>
> 3. Support. its a bunch of kids it appears. I noticed the Meraki was literately scanning our internal networks. Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines. I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7, that's the window size of the packet") A network support team who doesn't understand basic networking or able to decode a simple packet trace.. great. They claim the Meraki is connecting to my internal machines because we are using AD to authenticate.. ???? ok....
>
> Then they ask me "I see the account ads_proxy is used by a lot of machines, can you tell us about that account?". ads_proxy is the account we use to bind to the AD. How do they know all our internal machines are using that account to bind to the AD? This is a VPN device, there are no default routes to it. It concerns me they have such insight to our internal network. Were they doing unauthorized queries to our AD of some sort? It seems dirty and bad. I can't even add a rule to prevent this.
>
>
> tldr. :)
>
>
> -g
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


0 Plus One's     0 Comments  
   

Response from Greg Whynott @ Aug. 7, 2018, 3:45 p.m.


Classic. Need a degree...
-g



On Thu, Jul 26, 2018 at 12:32 PM, Shawn Wallbridge <swallbridge@gmail.com> wrote:
When I got the quote to add a single Meraki access point, I was
floored. I replaced our two existing Meraki units with Unifi and saved
money. I hadn't even seen the renewal quote at that time. When that
came in I sure was glad I had already replaced them.

Unifi did bite me in the ass when they EOL'ed my older AP's. They gave
us plenty of warning, but stated they would continue to work, just no
longer get config updates. I was fine with that, but what they didn't
tell me is our default user policies would apply to all users, which
meant everyone got caped at 2Mbps, so I had to replace the older AP's
pretty quickly.

shawn


On Thu, Jul 26, 2018 at 12:23 PM greg whynott <greg.whynott@gmail.com> wrote:
>
> If you are not in the market for a firewall, APs or switch bail now. If you are and considering Meraki, might want to read the below and do some googling. Its a bit long, sorry...
>
>
>
> Back many moons ago I posted about a Meraki device I acquired. At first I was impressed with them, but that was before I started actually using them in a production environment.
>
>
> Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____. The hardware itself may be ok but everything beyond that has been a horrible experience.
>
>
> For a small shop without the resources or skill set, I could see why someone might want to consider them. Even in that situation I would highly encourage someone to look elsewhere, such as Ubiquiti Network's offerings, which I have deployed for some side contract clients and they have been problem free and happy ever since.
>
>
> I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again. Buyt me a beer and I'll entertain you more. ;)
>
>
> 1. Licensing. This model is setup to extort, blackmail and be as clear as mud to the customer. Look at this and tell me how it makes sense. Its almost amusing listening to them try and explain it as if it was perfectly legit.
>
> - we bought an MX100 for our VPN requirements. 1 year license
> - acquired a MX65 with 3 year license for the wifi fw.
>
> For about a year these were under the same 'network' on their dashboard. I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard. When I applied the license it said it would expire in about 7 months. Scratching my head, I give them a call. In my mind we have over a year left on the MX65 and I just added another year of support to the MX100, why less than a year?
>
> After talking to them and listening at length about 'co termination' BS and how they are shared, which still didn't add up in my mind, I asked "if we spit them so they are not sharing licenses, will this fix things?" The answer was similar to "yes, then each license will reflect the full amount"..
>
>
> So I split the networks.. After that was done I applied the 1 year license, in my mind with about 30 days remaining on the support for the MX100, adding a MX100 1 year support license should give me about 390 days of support. Instead it was 309 days!!! WTF, how does that work?
>
> Then I look at my MX64 dashboard and see it says it'll expire NEXT month! Wait, we should still have about a year on that one....
>
>
> So I ask "whats up here, please explain"...
>
> The answer I get back is they are "sharing their time". The optics suggest they straight up ripped us off for about 2 years of support.
>
> I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low. I've never seen a more cantankerous licensing model in my life. Talk about smoke and mirrors and making it as complex as possible. The internet is full of people complaining about this, for a while I thought I was the only one who didn't "get it"...
>
> How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely? So odd...
>
> One guy got a free "life time license" but after he started using it and added more Meraki devices, his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"... ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice )
>
>
> 2. No insight. I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself. But because they offer no access to the device, you can't view debug logs or any other problem solving / investigation yourself without involving them.
>
>
> 3. Support. its a bunch of kids it appears. I noticed the Meraki was literately scanning our internal networks. Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines. I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7, that's the window size of the packet") A network support team who doesn't understand basic networking or able to decode a simple packet trace.. great. They claim the Meraki is connecting to my internal machines because we are using AD to authenticate.. ???? ok....
>
> Then they ask me "I see the account ads_proxy is used by a lot of machines, can you tell us about that account?". ads_proxy is the account we use to bind to the AD. How do they know all our internal machines are using that account to bind to the AD? This is a VPN device, there are no default routes to it. It concerns me they have such insight to our internal network. Were they doing unauthorized queries to our AD of some sort? It seems dirty and bad. I can't even add a rule to prevent this.
>
>
> tldr. :)
>
>
> -g
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


0 Plus One's     0 Comments  
   

Response from Shawn Wallbridge @ July 26, 2018, 12:35 p.m.
When I got the quote to add a single Meraki access point, I was floored. I replaced our two existing Meraki units with Unifi and saved money. I hadn't even seen the renewal quote at that time. When that came in I sure was glad I had already replaced them. Unifi did bite me in the ass when they EOL'ed my older AP's. They gave us plenty of warning, but stated they would continue to work, just no longer get config updates. I was fine with that, but what they didn't tell me is our default user policies would apply to all users, which meant everyone got caped at 2Mbps, so I had to replace the older AP's pretty quickly. shawn On Thu, Jul 26, 2018 at 12:23 PM greg whynott wrote: > > If you are not in the market for a firewall, APs or switch bail now. If you are and considering Meraki, might want to read the below and do some googling. Its a bit long, sorry... > > > > Back many moons ago I posted about a Meraki device I acquired. At first I was impressed with them, but that was before I started actually using them in a production environment. > > > Fast forward 2 or 3 years of using them and I am now of the opinion they are a steaming pile of _____. The hardware itself may be ok but everything beyond that has been a horrible experience. > > > For a small shop without the resources or skill set, I could see why someone might want to consider them. Even in that situation I would highly encourage someone to look elsewhere, such as Ubiquiti Network's offerings, which I have deployed for some side contract clients and they have been problem free and happy ever since. > > > I could go on at length about the things I perceive as problem areas with them but the items below is why I'll never deal with them again. Buyt me a beer and I'll entertain you more. ;) > > > 1. Licensing. This model is setup to extort, blackmail and be as clear as mud to the customer. Look at this and tell me how it makes sense. Its almost amusing listening to them try and explain it as if it was perfectly legit. > > - we bought an MX100 for our VPN requirements. 1 year license > - acquired a MX65 with 3 year license for the wifi fw. > > For about a year these were under the same 'network' on their dashboard. I went to apply another year license to the MX100 when it still had 40 days of support left on it according the dashboard. When I applied the license it said it would expire in about 7 months. Scratching my head, I give them a call. In my mind we have over a year left on the MX65 and I just added another year of support to the MX100, why less than a year? > > After talking to them and listening at length about 'co termination' BS and how they are shared, which still didn't add up in my mind, I asked "if we spit them so they are not sharing licenses, will this fix things?" The answer was similar to "yes, then each license will reflect the full amount".. > > > So I split the networks.. After that was done I applied the 1 year license, in my mind with about 30 days remaining on the support for the MX100, adding a MX100 1 year support license should give me about 390 days of support. Instead it was 309 days!!! WTF, how does that work? > > Then I look at my MX64 dashboard and see it says it'll expire NEXT month! Wait, we should still have about a year on that one.... > > > So I ask "whats up here, please explain"... > > The answer I get back is they are "sharing their time". The optics suggest they straight up ripped us off for about 2 years of support. > > I'm still working with them on this in an effort to understand or correct, maybe common sense will prevail but confidence is low. I've never seen a more cantankerous licensing model in my life. Talk about smoke and mirrors and making it as complex as possible. The internet is full of people complaining about this, for a while I thought I was the only one who didn't "get it"... > > How does applying a new 1 year license end up extending it by only 309 days on the MX100 and makes the MX65 expire what appears to be 11 months prematurely? So odd... > > One guy got a free "life time license" but after he started using it and added more Meraki devices, his life time license morphed into a 3 year license and Merakie's answer to that was "that makes sense"... ( https://community.spiceworks.com/topic/1425017-meraki-licensing-not-so-nice ) > > > 2. No insight. I have opened about 20 tickets over the last 2 years for things I could of easily looked into myself. But because they offer no access to the device, you can't view debug logs or any other problem solving / investigation yourself without involving them. > > > 3. Support. its a bunch of kids it appears. I noticed the Meraki was literately scanning our internal networks. Every day we would get 100's of messages that the MX100 was connecting to port 7 on all our internal machines. I open a ticket and the answer I get back after several weeks of back and forth (at one point support said "that's not port 7, that's the window size of the packet") A network support team who doesn't understand basic networking or able to decode a simple packet trace.. great. They claim the Meraki is connecting to my internal machines because we are using AD to authenticate.. ???? ok.... > > Then they ask me "I see the account ads_proxy is used by a lot of machines, can you tell us about that account?". ads_proxy is the account we use to bind to the AD. How do they know all our internal machines are using that account to bind to the AD? This is a VPN device, there are no default routes to it. It concerns me they have such insight to our internal network. Were they doing unauthorized queries to our AD of some sort? It seems dirty and bad. I can't even add a rule to prevent this. > > > tldr. :) > > > -g > > > > > > > > > > > > > > > > > > > > > > > > > To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

0 Plus One's     0 Comments