Thanks GldenJoe for clarifying this.  ... View more

Blue T-Shirt: XXXL, please ... View more

I received this email with extract back in Jan:   "To help you continue to demo Meraki, you will receive one additional 5-year term license that starts between February 3rd and February 7th, 2025. No action is required on your part to receive this renewal."   Did anyone receive a 5 year license without specifically actioning? Mine is set to expire in August. Im assuming from previous posts I should get my renewal 7 days prior to your orgs expire date ... View more

Internally, the 48-port switch is two 24-port switches.  There are two main ASICs that each control 24 of the ports.  Those two ASICs are then networked together. ... View more

have you deployed any MX as HUB in routed mode with DC-DC failover ? where both DC advertise similar routes. ... View more

so here is the real information according to cisco support. static will always win. so if you have a 10.0.0.0/8 to core and then you get autovpns of 10.10.10.0/24 x.x.20.0/24, that 10 static will always win. they have something in the back that allows them to change the AD of static it basically gives priority to autovpn routes over statics. thanks.   Directly Connected Client VPN Static Routes Auto VPN Routes Non-Meraki VPN Peers BGP learned Routes NAT* ... View more

Windows" traceroute uses ICMP and relies on receiving an "ICMP Time Exceeded" response when the TTL is exceeded.  It can be affected by ICMP filtering. Linux traceroute uses UDP probes instead.  It can be affected by UDP filtering.   The OS of the "hop" determines how it responds to these two different approaches. ... View more

Hi , Yes you can set the option in teh Dashboard for users to have 5 Mins of guest Access then they are able to click the link in the Email , let me know if you need some support to set up . Cheers Tim ... View more

Thanks for the correct answer! It's so easy to just go to Security &SD-WAN – VPN Status and read the following: as we can see the OAC has a public ip assigned of 11.11.11.11 on it's wan 1 interface which is NATED, both ways ofc. VPN Registry: Connected. This WAN appliance is able to connect to multiple VPN registries using UDP port 9350 & 9358. NAT type: Friendly. ThisWAN applianceis behind a VPN-friendly NAT, locally using 11.11.11.11:43059, which is NAT-ed to 22.22.22.22:43059 Encrypted. Using IPsec and AES encryption. ... View more

I've now spent hours reading traces until my eyes bleed....and even the AI has given up on helping me. in the end it's a Microsoft problem again? I'm about to explode!   But the positive thing is that the Meraki community has saved me again. ... View more

I get this alert quite a bit. In our case, when a location loses power and comes back or if a switch is rebooted (causing the APs to go down) then come back up. The APs come back up with an IP of 1.1.1.1 (temporarily) for some reason. Then they go to the IP assigned to them.   If your issue is the same, it's not the alert causing the outage, it's the outage causing the alert.   Verify the mac addresses shown in the alert with your APs ... View more

If you use Chrome, open the developer tools with CTRL+SHIFT+I, go to the network tab, and load a page - what part of the process does it show as being slow?  DNS, TCP setup, TLS, something else? ... View more

@cmr just posted now! Congratulate our many winners and see who took the grand prize here  ... View more

I have MX105, and I am facing same problem from past 2 weeks, in the peak time latency gets spike on both the line howerver my 1 ISP is on backup. Not sure why latency spike on that ISP as well. Raised multiple support tickets but no luck with resolution. I am running MX 18.211.5. ... View more

Yes, it is.   https://documentation.meraki.com/MS/MS_Overview_and_Specifications/MS250_Overview_and_Specifications ... View more

No you can't as your MX is configured in NAT mode so you will not be able to "enter" in your network.   You would configure port forwarding on your router to point to your MX IP : 10.0.1.100. You'll have double NAT but it shloud work. ... View more

Are you utilizing Combined Power? I ran into a similar issue, and in my case, it turned out to be a hardware problem with the MS not offering PoE one any ports regardless of configuration. I’d recommend opening a support ticket with Meraki — they were able to confirm the fault and issue an RMA. ... View more

@JeroenVercoulen    But OSPF on the LAN side is enabled only if MX is in routed mode, right? Can AutoVPN subnets be advertised over LAN port if MX is in concentrator mode? ... View more

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS ... View more

When on a network you configure a limited active VLAN list you will be able to see those VLANs being defined on the switch itself by using the CLI.  "show vlan brief" So it is important that you include all the necessary VLANs in the comma separated list in that Active VLAN list.  And after that on each switchport functioning as a trunk you can use the allow all like you could on regular MS switches. ... View more

Hi , Can I ask? Set up 2 WAN interfaces, my primary is WAN1, and my secondary is WAN2. I am using Flow References in the other VLAN to use WAN2 for  the outgoing internet connection but the incoming internet connection during trace root goes to WAN1..my question is how to set the incoming connection still passed in WAN2. ... View more

Thanks a lot folks. I did read the article about transferring ownership of devices between organisations but wasn’t sure on the warranty piece and Meraki’s licensing model.  I’m thinking that having a spare or two might be the order of the day, if I decide to progress! ... View more

There is now a way to move devices from one Org to another, although I have not personally tested it nor enquired into pricing, see this post... https://community.meraki.com/t5/Security-SD-WAN/how-to-export-policies-MX-from-one-org-to-others-as-moving-MX/m-p/273055  ... View more

just as a follow up in case anyone's reading - support confirmed that the content filter supports IP addresses as well so * does indeed block everything (URL and IP). Still working on why the layer 3 doesnt work ... View more

Not sure about NPS but for Cisco ISE, one caveat with just adding the entire Management network in is that then using the Live Log for troubleshooting you will only see the NAD as the subnet, and not the device itself, as the NAD is created on the configured IP address. So if you need to determine which device it authenticating, you'll need to have added the NAD with it's host address, and not the entire network. ... View more