Meraki

Mloraditch

COA is what allows you to nearly immediately change the access level of a device. You can blacklist a device in your radius server and with COA it should get cut off the network within moments, rather than trying to find the device and kick it off another way. You can also just change the access level and again it should be updated right away.

Mloraditch

I've had the same conversation in the past month!

Mloraditch

New feature Support for OWE Transition mode Support for AAA accounting + Fast roaming (802.11r) Support for Mandatory DHCP + Fast roaming (802.11r) Support COA Support + Fast roaming (802.11r) Support for Client Exclusion Policies (Manual) Support for DHCP Option 82 Enhancement Client Analytics support for Zebra devices 6GHz Support for Transition mode with SAE SSIDs MLO Support with 802.3at power for CW9178/CW9176 Support for AP Auto Locate new Wi-Fi 7 HW support AP Auto Locate (UWB AP-to-AP Ranging) Safe Config Override for Site Surveying Support for AP name in beacon without CCX Bug fixes General stability, performance, and experience improvements MAB-based wired clients not re-authenticated after port reset (Wi-Fi 6, Wi-Fi 6E, Wi-Fi 7 APs) Gateway MR to source RADIUS traffic from AMI (Wi-Fi 6, Wi-Fi 6E, Wi-Fi 7 APs)

Mloraditch

If you are using an oem cable from Cisco then about the only thing I can think to do would be talk to support. The stack port could be bad on one of the units and need rma. if you are using a third party cable you can ask support but they may require you to get the official cable before doing anything further.

Mloraditch

Well the list price on that thing is 106K... I'm guessing they would prefer you get the RMA uplift. If your budget can afford it, you can probably afford the uplift is the thinking.

Mloraditch · ‎May 19 2025

That is not currently supported. I could definitely see it being possible down the road, but haven't heard anything in any forums about it.

Mloraditch · ‎May 18 2025

You can and it will work, but your client tracking data in both networks will not longer be accurate. If this is some kind of lab/testing situation and is at the physical end of your topology that may be acceptable, but if it's in between in some way I would not want that, but you have to decide for yourself based on the need and its importance. You could always develop a simple API based gui to do only what the employee needs to be able to do.

Mloraditch · ‎May 18 2025

If you statically IP things do they work? What is doing the DHCP? Does whatever it is support working without internet? Meraki Switches do not shut down during an outage but you may have something else that is doing so

Mloraditch · ‎May 18 2025

The documentation explicitly states that it's only possible to specify sponsors on a per domain basis. You could buy another domain and create email alias on that domain for only your sponsors, but beyond that you'd need to use a different solution like Cisco ISE. I'm not recommending it, but another partner that does something similar is: https://www.splashaccess.com/portfolio/splashaccess-guest-ambassador/

Mloraditch · ‎May 18 2025

How do you mean? What specifically is not working during the internet failure? Even if you are only trying to access a local resource if DHCP, DNS or something else that is a dependency is only available over the WAN you could be effectively down even if internet is not strictly required for the specific use case.

Mloraditch · ‎May 16 2025

The link should take you the firmware upgrade section of network settings. Obviously you can navigate there manually, but to help others, I would open a support case so the issue can be logged and fixed.

Mloraditch · ‎May 15 2025

If you are saying the phones plug directly into a MX or some old switch without the proper LLDP support you will have to do what @BlakeRichardson said. The MXs do not support providing a voice vlan via LLDP. Some phones will learn a voice vlan via DHCP options. Avaya I know can do this, but I don't know any currently shipping system where LLDP is not the recommended method and should be done via the switchport config as @PhilipDAth explains

Mloraditch · ‎May 15 2025

The best and most likely long term fix is what @PhilipDAth said, the old method with the management container is basically deprecated at this point. I imagine there may be a few other fixes for urgent needs, but I would not expect them to work on issues like this with much effort given the roadmap.

Mloraditch · ‎May 13 2025

I have never seen these before and an AM (H/t Burton V.) just included them in a random email I was on. I thought they were quite useful and am sharing: There are current as of now, but you can kind guess where some things will end up going. I think we all presume there will be a 9174 to go between the 9172 and 9176 and the 9200s will end up somewhere between the 150s and 9300Ls once they are orderable in Meraki mode. Anyway, enjoy!

Mloraditch · ‎May 13 2025

I will be there Saturday evening until Thursday afternoon

Mloraditch · ‎May 12 2025

The static IPs set on the MX can be tied to the serial. Add the serial to a dummy site and set both wans to DHCP, then factory reset and see what happens

Mloraditch · ‎May 12 2025

It sounds like you are following the correct directions. Are both wans configured with static ips? You can try switching to the other wan and using dhcp from somewhere to get it online and then clearing the other config from the dashboard/reset the password. You may have to RMA the unit. I've been in situations where devices just won't reset and after working with support RMA was the only option.

Mloraditch · ‎May 11 2025

The dynamic ports I think would only be open when in use, so I'm not sure that's unexpected.

Mloraditch · ‎May 11 2025

If you are allowing all ports and basic comms work it could be an AD issue. There are a LOT of possible reasons for failed AD replication. Windows Firewall will automatically take into account all things necessary for DC replication, but you can try turning that off briefly on both endpoints to see if it's the issue. You can also packet capture on each end when forcing a replication and see if packets are making it back and forth. Generally if you aren't putting any firewall rules in place on the site to site vpn, I would suspect software issues on the windows side for something like this. A stretch but you could try turning off AMP and IPS temporarily if in use.

Mloraditch · ‎May 10 2025

That is not possible with ISE and Meraki. Its possible with IOS based switches (in native IOS Mode): https://www.wiresandwi.fi/blog/cisco-ise-flexconnect-access-point-auto-smartport-trunk-via-macro-configuration In theory it could eventually become possible with Meraki Managed IOS switches, but definitely isn't available at this time.

Mloraditch · ‎May 9 2025

ISE can set a VLAN by name or VLAN ID and can also set a group policy. It can not set a smart port profile See here for how to use names: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/VLAN_Profiles#VLAN_Profiles_and_RADIUS

Mloraditch · ‎May 8 2025

Yes CW aps (and all new Meraki aps from here on out) can operate in either mode but with Meraki console is disabled.

Mloraditch · ‎May 8 2025

I've had to do this, but you could also get a Unifi Cloud Key Gen 2 Plus and migrate off the UDM to that. While you can definitely disable 99% of the UDMs networking functions you can avoid any possible issues that might happen if it ever randomly resets itself, etc.

Mloraditch · ‎May 8 2025

I'm struggling to find the reference info or perhaps it was just another post somewhere, but Im pretty sure I have heard of this and it is related to a boot sequence thing. Considering Meraki APs don't support console use, I would leave it unplugged.

Mloraditch · ‎May 7 2025

You can see all the official documentation here: https://meraki.cisco.com/trust/ on what they store. I don’t see anything official, but its a lot to read.

About Mloraditch

Mloraditch

Matthew Loraditch

Community Record

Badges