I took a peek at the case and your config.
I see other sites of yours with the same topology are ok. And the switch at this site was connect up until Aug 13th.
I see you use MG21s connected to the MX WAN port and also connected to the LAN switch for PoE purpose. On a working site the switch port connected to the MG is access, VLAN 1, no STP guard setting. On the non working site the LAN port connected to the MG is trunk, native 1, allow all, root guard enabled.
And at the problem site the MG event log is full of Internet martian and Source IP and/or VLAN mismatch events. And those events started occurring on Aug 13.
I would edit the switchport config to match a working site config (access, VLAN 1, no STP guard). You might need to reboot the entire stack (have have someone factory reset the switch) at this site to get it reconnected as the switch being unreachable right now won't allow it to pull a new config.
In general when powering a MG from a LAN switch or MX PoE LAN port I'd configure it for an unused VLAN, access mode, and remove that VLAN from any other trunk ports. And if it's an MX disable DHCP on that "Cellular" VLAN.
Both designs are not really official or recommended per se. But they work. I created a couple of general slides with what I feel is best practice when using this topology. This info is my own personal preferences based on my testing. Not an official guide, document, etc from Meraki.
https://docs.google.com/presentation/d/1yRjifi0x4oeBARk-oagAj92RIwxu5EfQcuVquVeElr4/edit?usp=sharing
