The fun thing for me, is there were other stacking bugs in MS17 that made me go to 18. 🙃 But 99% of the time, we put our MX uplinks in 47/48. 🤦‍♂️ ... View more

No, Meraki doesn't support both relaying and running DHCP on the same device. You  must separate those functions if both are needed. ... View more

You cannot. However if you have another switch capable of relaying, you could create interfaces there using another IP on the same VLAN and then relay to clearpass. ... View more

I think we will all have the same problem. F4s_v2 was the default SKU for vMXs in Azure. While there are a couple of other supported SKUs, not sure how many people use them. I'm sure Meraki just got the info like we did, so we have to wait for them to develop a new preferred sku and I presume we will have to redeploy our vMXs. ... View more

If you do a packet capture of the MX lan port and the AP Uplink do you see the DHCP requests for VLAN 120? If you statically IP something on wireless on vlan 120, does it work? ... View more

All vlans is fine, so the uplinks to the APs are trunk native vlan 1, and all allowed, an the uplinks between the switches and up to the MX are the same? Did you check addressing and vlans on the mx and make sure it matches? ... View more

Is there a switch involved or are the APs plugged directly into the MX? Does the SSID possibly have the Local LAN firewall rule set to deny? SSID is set to the below?:   ... View more

This article was just published in the last week and appears useful to your issue: https://documentation.meraki.com/General_Administration/Licensing/Managing_Cisco_Networking_Subscription_on_EA ... View more

Yeah that's a bigger problem, definitely see if support is aware and can do something ... View more

If something is missing from the live mac table and you are sure it's generating traffic, I would open a support case, as that would be a bug of some sort. Should be pretty easy to prove and log to get a bug filed. ... View more

Are you on CS Firmware or IOS-XE? If on CS, I suggest trying IOS-XE or going to the latest CS if not on it. It is known that the Container that runs on the CS firmware sometimes just crashes and a reboot is required.   If you are already on IOS-XE, I'm presuming you mean you can't ping even locally or see the device online in any state and then the following might help. Are you using a Static IP or DHCP? If DHCP, have you done a packet capture to see if what is happening when the connectivity is initially lost? Secondarily have you tried switching to a static IP to see if that has the same problem? If your switch is already static, this is a stranger problem and I'd be doing packet captures on the port it uplinks to see if you can see any of the management packets and what's happening with them." Have you tried accessing the local status page? Does it say anything? ... View more

It's not something you can do from the dashboard. Support may be able to do something on the backend for you. MAC Flapping is generally a spurious error as long as the macs in question are originating from access points. In Meraki Managed Switches this error shows up all the time in the logs. More an FYI if you ever went down that road. Support may be able to help you now, but if your longer term path includes fully managed they will be back and unconfigurable (as things currently work). ... View more

Any single MX config that could have those ips would possibly cause that error, that includes DHCP, Traffic Shaping, Firewall Rules ... View more

I do not recognize and cannot find an API call with that name. Where did you find that? It may have existed in the past and been replaced by the live tools call for the mac table. They would be duplicative I believe. ... View more

The mac timer is 300s since the port has seen the mac, if the port goes offline, the entry should clear regardless of the timer. If the device stops responding, power save, etc, basically anything where it doesn't generate any traffic, it can also drop out. ... View more

The mac table is going to be the most accurate information at any given time.  MAC tables are live from the switch showing devices connected in the last 300s. Forwarding Tables are MAC Tables Client info is going to have a bit of a delay in showing up, and it includes historical info for up to 30 days. I would stick with the mac table if you are looking for live data. ... View more

Given the intermittent nature and the fact that it's random clients and not even all clients at site, this is going to be hard to track down. Do your VDI clients or servers have any logs that indicate what the issue is? I could see perhaps it being a utilization issue at the sites where it's happening and it just happens that the client in question is the one getting dropped. Are your vdi clients capable of doing testing of any sort when the issue occurs like pings, traceroutes, etc? For monitoring and historical information on utilization, I'd recommend something that monitors with SNMP. IMO, Outside of the live uplink monitor at the exact moment of the problem it's harder to track down historical utilization issues with the dashboard. Something else you could do is setup traffic shaping for the VDI services to try and prevent drops: https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping ... View more

Sounds like a bad definition may have gotten out there OR something got screwed up on the Umbrella servers. I suggest opening a support case. You definitely shouldn't be seeing something like this. ... View more

I'm not sure what you are asking about that involves Meraki? This seems to have been intended for a printing related forum. ... View more

If your guest subnet must be included in VPN you can block it from accessing the Azure VPN that way.   That will not help with the Zscaler tunnel issue. If you have that tunnel, then all traffic will egress that way. Adding firewall rules will not affect the routing table. ... View more

Yes that is strange, I see in your other replies, that it only doesn't work on the switch side, that more closely points to a bug that support would need to diagnose. ... View more

If it's just the module not working and other modules are of the same type (10GB Multimode) and are working, the module is probably just bad. Support should be able to RMA it for you.  There's an off chance it could be software or some sort of bug and support would be able to diagnose that as well. With SFPs there is little to see or configure in the dashboard. They autodetect the module and if it's a switch you can see the DOM output, but that's about it. ... View more

The problem here is you can not differentiate between what subnets access AutoVPN vs Third Party VPN. In theory both tunnels would work if the same things needed access to both, because the most specific route would be chosen, but if the ZScaler tunnel is only for your guest traffic, there is no way to route just guest out that VPN and have other subnets use AutoVPN and/or the Azure VPN. Every subnet enabled for VPN will at least on the Meraki side negotiate over all 3rd party VPNs. You are going to need to gateway your guest traffic to another firewall that can do the Zscaler VPN in this scenario. Semi-related if the Azure environment is yours or if the Vendor is amenable, you may want to look into standing up a vMX. It can be cheaper than using Azure's native VPN, and it definitely can be easier to manage as Azure just becomes another AutoVPN spoke. It would not help with your problem, but just a thought.       ... View more

Comcast ENS is a mesh layer 2 service. Comcast EDI is their regular internet service. ... View more