The design would look something like this. https://documentation.meraki.com/MX/Networks_and_Routing/Integrating_an_MPLS_Connection_on_the_MX_LAN
... View more
Yes , i suppose everyone https://community.meraki.com/t5/Security-SD-WAN/Retransmissions-Port-179-BGP-IPv6-on-Site-to-Site-capture-when/m-p/249447#M55712
... View more
You can assign a group policy to a user https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying_Group_Policies
... View more
Go to cellular gateways > monitor > cellular gateways There you can select the checkbox in front of the gateway name. Above the box should be a edit button
... View more
I cant tell exactly without knowing the design and how everything is connected/where your L2 vlans are configured. But Your mx also has 192.168.20.1. So you got 2 times that gateway in your vlan 5 now? I think you could make mx ip maybe 192.168.20.2? So the phones will take the isr as gateway? It could be better to make a drawing and contact meraki support to help out
... View more
I dont really understand how your phones would use the isr. Your dhcp configs point most traffic to the mx svi. Tftp, default gateway. And how does the mx route to 172.16. The fact that you where seeing ips alert can only be happening if the traffic is using the mx as gateway
... View more
So the isr was also the 192.168.20.1 svi before? And now the mx is the 192.168.20.1 ? Does the mx know all routes to the 172.16.x.x? And what did the isr do with option 150 the tftp list?
... View more
Mx doesnt use dscp itself, Except for packets with dscp 46 that will be using the Realtime queue You could tag traffic with a dscp, but it depends on your lan/wan design, configurations, components.
... View more
You could make something like subnet/vlan2 = high Subnet/vlan1 = normal Other subnet = low https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#Rule_Actions https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Traffic_Shaping_a_Local_Subnet_or_Host https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Simple_Traffic_Shaping_Strategy
... View more
It starts trying to connect the cloud via the configure ip gateway. If it cant connect the meraki cloud it cant get its config and won't work properly.
... View more
If it has a factory config it broadcasts a ssid you can connect to and set a static ip https://documentation.meraki.com/MR/MR_Installation_Guides/MR46_Installation_Guide#Basic_Troubleshooting
... View more
If you have a internet firewall on hq you could use one armed mode. If you want to use the mx as hq internet firewall you run routed mode. MX ospf doesnt learn routes. If possible use bgp for dynamic routing
... View more
If you just have one mx i would use this. https://documentation.meraki.com/MG/General_Configuration/MG_IP_Passthrough This way you dont have double nat and it would be easier to active a service like client vpn. If you just provide basic internet or have a warm spare setup nat mode on mg would works fine to.
... View more
With adv sec license you can use content filter categories. You can also block urls manually. There are also pre defined add block lists on internet that you can put in manually Meraki doc: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering
... View more
You can create a static 0.0.0.0 to your firewall at the hub. And enable that route to advertise in your autovpn. But all your local hub traffic also follows that route
... View more
So you could not use a general vpn default route . And then use source based default route for the vlans that want to use mx250 as default route
... View more
Regarding the stp. Are you running mstp on the 3850? https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Configuring_Spanning_Tree_on_Meraki_Switches_(MS)#PVST.2FPVST.2B
... View more
