This picture shows it quite well:   ... View more

That sounds like an idea.  I may give that a try. ... View more

You've all been very helpful, thank you very much.  ... View more

Thank you for some clarifications around this.  So to sum it up, the bt standard in this case is used to achieve mgig support poe over 4 wires? Still 30w on port and 25.5 for the PD? ... View more

We set up a webhook into Teams to notify of the VPN tunnel going down and immediately had to shut it off as we were getting constantly pinged. I'm glad they're on top of it enough that they CAN show us the second-by-second up and down, but being able to tune that up and say "only notify if down for x number of seconds" would be VERY helpful. ... View more

! have 4 SSIDs VLAN 2080,2090,2096,2108 VLAN 2099 is for a security check- NAC Vlan 2020 management VLAN for AP ... View more

Great when you get the help you need in this community. Come back often ... 😉 ... View more

The AP is not aware of the syslog server and it's reachability. ... View more

I think the maximum power load is with a PoE device attached. Without that, I would calculate with no more than 20W power consumption.   (BTW: I wish these Teleworker devices had an option to be USB-C powered) ... View more

Having 5 different networks (with 10SSIDs and 10APs in each network) will result in a really bad solution. AutoRF works by coordinating transmission power and channel assignment with the APs in a single network. This design will severely break AutoRF and it is a bad design overall.  For this scenario we have WPN which will solve the challenges that the customers on this type of spaces have and is a robust and secure solution.  Friends don’t let friends do bad designs. Please educate the customer on why this path is a horrible idea and the benefits and simplicity of WPN.  ... View more

Just some Apple shortcuts made by Adrian. https://www.intuitibits.com/2023/09/21/yet-another-wi-fi-details-shortcut-for-ios/ ... View more

@DarrenOC You have hit the nail on the head although my head hurts after trying to understand the situation.  ... View more

He is asking how to combine both uplinks on both primary and secondary firewall, how I understood it - that means an active-active mode of operation in addition to loadbalance the WAN1 and WAN2 port of the MX. Active-active mode of operation is not supported by MX. The bullets provided is sourced by the "internet" yes, more a list of arguments to why active-active mode of operations not always preferable and should be considered carefully, unfortunately chat-gpt was not involved in that process. ... View more

Oh damn, of course, you are right. It is even clearly described in the link I added, but I messed that up. Thanks for the correction. ... View more

Congratulations @cmr ! Massive achievement and very well deserved. ... View more

Some Apple documents that might be of interest for some. https://support.apple.com/en-jo/guide/deployment/dep3b0448c58/1/web/1.0 <- See the AutoJoin section, for some "dbm" numbers.   https://support.apple.com/en-gb/guide/deployment/dep98f116c0f/web <- See the "Selection criteria for band, network and roam candidates" for some "trigger" values, how much better the new signal must be, and preference in wide channel, and "Wi-Fi generation" when roaming.     ... View more

What utter garbage.  Years and Meraki still can't get this right.  And we don't even have an actual non-meraki peer on the other end of our tunnels anymore - it's all meraki!  Simply merakis from different orgs.  And still their ikev2 implementation is trash that dies constantly.  Pretty pathetic. ... View more

Why set up the link between the link between the Catalyst and the MX as a trunk?   While you can do this, it doesn't add much, as you can't operate multiple SVIs over that link.   I'd just go for an access setup in your chosen VLAN, without any tagging.   Hard to say if the MX is appropriate as a purely internal firewall, without knowing exactly what you're wanting from it, though it is certainly true to say this is a fairly rare deployment scenario for an MX.   Remember that, by default, traffic between different VLANs is permitted by an MX - you'd need to configure specific deny rules.    You might also want to look into using no-NAT on the WAN interface:  https://documentation.meraki.com/MX/Networks_and_Routing/NAT_Exceptions-No_NAT_on_MX_Security_Appliances ... View more

It is an honesty license.  You have to buy a licence to have a legal entitlement to use it - but nothing prevents you from just turning it on. ... View more

If you are sure your routing is ok and you did the capture correctly and not see anything on UDP port 1812 leaving the switch, then you should capture the EAPoL frames on the port.  Your supplicant might not be sending EAPoL frames to the switch. ... View more

Security? Typically, it is much better than login credentials Cost? These typically come from your own CA. Only the cost of operating the CA apply Implementation? You need a way to put the certificates onto the end devices. For the AD integrated CA this is done with GPOs. For everything else, you MD with the help of the API should be used. Of load them manually. ... View more

For effective wireless troubleshooting, the first step is learning the basics of Wireless Networks: https://www.amazon.com/Certified-Wireless-Network-Administrator-Study/dp/1119734509 https://www.cwnp.com/certifications/cwna ... View more

Replace C9300s used as WAN switches with unmanaged switches.  Just have 3 ports connected in each; 1-ISP, 2-MX1, 3-MX2.  Safer from hackers and won't cause you any issues.  If you must use managed switches, then use some with a dedicated Out Of Band management port. ... View more