I'm not sure what you are asking about that involves Meraki? This seems to have been intended for a printing related forum. ... View more

If your guest subnet must be included in VPN you can block it from accessing the Azure VPN that way.   That will not help with the Zscaler tunnel issue. If you have that tunnel, then all traffic will egress that way. Adding firewall rules will not affect the routing table. ... View more

Yes that is strange, I see in your other replies, that it only doesn't work on the switch side, that more closely points to a bug that support would need to diagnose. ... View more

If it's just the module not working and other modules are of the same type (10GB Multimode) and are working, the module is probably just bad. Support should be able to RMA it for you.  There's an off chance it could be software or some sort of bug and support would be able to diagnose that as well. With SFPs there is little to see or configure in the dashboard. They autodetect the module and if it's a switch you can see the DOM output, but that's about it. ... View more

The problem here is you can not differentiate between what subnets access AutoVPN vs Third Party VPN. In theory both tunnels would work if the same things needed access to both, because the most specific route would be chosen, but if the ZScaler tunnel is only for your guest traffic, there is no way to route just guest out that VPN and have other subnets use AutoVPN and/or the Azure VPN. Every subnet enabled for VPN will at least on the Meraki side negotiate over all 3rd party VPNs. You are going to need to gateway your guest traffic to another firewall that can do the Zscaler VPN in this scenario. Semi-related if the Azure environment is yours or if the Vendor is amenable, you may want to look into standing up a vMX. It can be cheaper than using Azure's native VPN, and it definitely can be easier to manage as Azure just becomes another AutoVPN spoke. It would not help with your problem, but just a thought.       ... View more

Comcast ENS is a mesh layer 2 service. Comcast EDI is their regular internet service. ... View more

It's theoretically possible, but a bit of a complex setup. I'm spitballing this in my head, but I think it could work with the ENS being VLAN'd similarly to my earlier idea as you still want direct connectivity C/D behind the firewall so you'd have the ENS into a switch port, and use one vlan for internal routing and use the  other to create an internet handoff that you could use on WAN 2 at A and B.  This is a somewhat high level thought to help guide you down a possible path. Others may have different ideas and you may want to engage your partner for help. ... View more

If you didn't care about failover what you have listed would definitely work. If you did that the AutoVPN over MPLS would probably be irrelevant. Or are you trying to also have A and B failover to each other? ... View more

The meraki doc on auto vpn with MPLS would work here. MPLS is more used as a generic term for any private WAN. Comcast ENS can function (as far as Meraki is concerned) in the exact same way as MPLS would. I'm quite curious on the reasoning on dumping Internet for ENS. That is the opposite direction most companies I deal with are going. ENS is usually more expensive than edi at the same speeds because it can require taxes that internet circuits do not. You also are forced to use comcast even if the area you are in isn't a native comcast territory. However if I was forced to use your setup, I would not be leaving the MXs in the site with no internet.  I would do as you thought. Regardless you are going to have difficulty with failover, at least in an automatic way. I wouldn't really want to do it, but I can imagine a few hacky ways to leave the MXs via creating two vlans on your ENS, one terminating at Site A and one at B and then presenting those as ISP 1/2 to the MXs. There's a bit more work to it, but it would function and allow failover. Regardless, outside of crazy security or very specific bandwidth needs I'd see if you can reconsider using ENS. Comcast generally doesn't care how they get their money so you can likely change the products w/o incurring pricing changes. ... View more

I can't quite say anything more, but that was February and what I heard was much more recent but still not official. ... View more

Have you tried a factory reset on the problem switch?  Upgrading to 18.1? I don't see any specific bugs fixed, but it could be worth a shot. It also just may need an RMA. Have you contacted support yet? ... View more

This is the API command to do this: https://developer.cisco.com/meraki/api-v1/claim-network-devices/ ... View more

Yes only MXs do CF. Have you verified the events occur on the dashboard side? If they aren't there, they will not be in the API either. Perhaps someone adjusted the content filtering settings. ... View more

I understand you think it's technical, but the only technical part is when you link the Dashboard to the EA and then you link your smart account(s) to the EA and then your individual products to your smart account.  The licenses within the agreement have to be structured correctly for it to work the way you want. My understanding based on all the partner training I've been at and read, is that's possible. It's hard for anyone here to answer your questions specifically because we have no visibility into your specific agreement and EAs have MANY MANY options for structuring/skus/etc.   This is why I suggest getting with your Cisco account team. ... View more

I suspect they have the dashboard linked to the Cisco Parts database that CCW-R uses and vMX100s are  not in there because they aren't hardware and weren't sold with individual serials. I suspect they never will be, although I'm sure the engineers could hardcode something so they show up. ... View more

The voice vlan field enables CDP/LLDP to send that vlan number to a properly enabled device and it will put itself on that vlan. Those devices will be IP phones or ATAs usually. The errors you are experiencing sound like the phones are not handling the info properly. Suffice it to say there are some unique situations with various vendors where the CDP/LLDP info may not work right for a variety of reasons. Sometimes you have to enabled cdp/lldp on the phones, sometimes they use dhcp options for vlans, sometimes old dhcp options may interfere. Based on what you are posting both vlans work in and of themselves so that leads to me to think something is up with the phones.  Can you tell us what manufacturer/model of ip phones you are using and with what type of pbx? ... View more

Shared 149 and 97 in North America both have it working ... View more

MS switches run completely different software than IOS Based. The tool @alemabrahao listed does not cover this type of code. I think I have occasionally seen Meraki listed on Cisco CVE announcements when it might originate from open source code that many platforms share. Regardless this vulnerability doesn't affect MS code as published.  ... View more

https://documentation.meraki.com/MS/Cloud_Management_with_IOS_XE/Cloud-Management_IOS_XE_Overview/Cloud_Configuration%3A_Release_Versions_and_Highlights Support for this module was added as part of 17.18 which is in beta. I don't see any caveats listed beyond that.  ... View more

Enterprise agreements allow for a lot of changes as long as the overall value doesn't change. This is something you need to discuss with your Cisco Account Team and Partner as only they can speak to your exact contract.  I suspect what you want will be possible as management mode flexibility is a key tenant of the current licensing practices for EN SKUs. ... View more

That is the correct license for that model. While you have to assign a subscription to a network, you don't  have to assign it to a device so I suspect an issue you need to contact support for. Based on your screenshots, you appear to have things set correctly. Also, this may be a translation issue, but "L" licenses are only for 48 ports. You would need an "M" level license for a 24 port. There is not a feature where you can borrow a higher tier license for a lower product with Meraki.  ... View more

There is not a built in alert for this. You can always give feedback so it gets added to the official consideration list: https://documentation.meraki.com/General_Administration/Other_Topics/Give_your_feedback_(previously_Make_a_Wish) ... View more

Can you or someone check the 365 logs, they might be more elucidating? Are you able to test with any other smtp relays or services? ... View more