MS225 doesn't support VRRP.   Usually what people do is have at least two switches in an access stack (your MS225's) uplink to the redundant core and have those two uplinks be terminated on different core switches. ... View more

Disable and enable the switchport via api and link the script to cron job?   {{baseUrl}}/devices/{{serial}}/switchPorts/{{portNum}} ... View more

It's not because you have access to the internet that the MX has (full) access to the cloud.   In your dashboard Help > Firewall Info shows the firewall settings needed for everything to function correctly.   The cloud connection mainly needs outgoing UDP to port 7351 on a bunch of addresses.   More info here: https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Firewall_Rules_for_Cloud_Connectivity   You can pretty much block all incoming connections (packets that are responses will normally be let through thanks to stateful firewalling). But a real DDoS is hard to stop without specialized technologies.   I suppose the maximum security setting on the Comcast blocks certain outgoing connections... but that won't help stopping the DoS attacks. Perhaps you can specifically add Allow rules in the comcast with the above info. ... View more

Yes. In the Network-wide > General page.   Scroll down to Traffic analysis and set it to Detailed:   ... View more

Indeed, I went ahead and tested it for you.   I disabled my wired ethernet adapter (which in Windows had received the name of my SSID).   I searched my registry for all instances of that name. Found one: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{some_id_string_generated_by_windows}]   Removed the whole key.   Enabled the wired ethernet adapter again.   Network is now simply called "Network".   Then I connected the PC to my SSID again and the name changed again to the original name.   So just connecting to an SSID with the non-template name will probably be enough to overwrite the name (assuming the MAC-address of the DHCP server is identical of course). ... View more

The official answer is: Can I change the antennas to improve my performance? The MX68CW has fixed antennas for Wi-Fi and LTE that cannot be swapped. For the MX67C, only Meraki antennas are supported. Replacement antennas will be available for purchase.   If my antennae are lost or damaged, can I use 3rd party antennae that fit on the Meraki device? Only the Meraki antennae are supported. Lost or malfunctioning antennae can be replaced by contacting Meraki support.    That said, the connector on the MX67C is RP-SMA so you're welcome to try. People have done it. Keep the cable as short as possible though. See these topics: https://community.meraki.com/t5/Security-SD-WAN/External-LTE-antenna-with-cable-for-MX67C/td-p/28682 https://community.meraki.com/t5/Security-SD-WAN/MX67C-external-LTE-antenna/td-p/27765 ... View more

The appliance status page is part of the "Monitor" side of the Security & SD-WAN menu. So information on the pages in that column is only relevant when the devices are online. Hence this behavior is to be expected if the devices never connected to the dashboard.   ... View more

There are probably several ways to do this. I would probably do it using the Meraki scanning API.   Basically the scanning API makes the Meraki dashboard send you updates about connected and non-connected WLAN and bluetooth devices seen by your access points. You'll need your own back-end to receive these updates and process them.   If you filter these events by the ssid data element, that will filter out those clients that are not connected and those that are connected to an SSID you're not interested in. Then you just keep a database of the MAC-addresses you see (perhaps hashed for GDPR purposes). A simple count of those rows will then provide the info you need.   More info about the scanning API: https://documentation.meraki.com/MR/Monitoring_and_Reporting/Scanning_API   I think built-in counters in the dashboard location analytics will probably all be limited in time range. ... View more

If you mean load balancing between the two internet circuits check the link: https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferences   If you mean active-active HA configuration using two MX's, you can't Meraki doesn't support active-active HA, only warm spare. Recommended topologies can be seen here: https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair ... View more

Aaron Willette has an excellent blog post about Meraki's logging: http://www.willette.works/meraki-event-logs/   Syslog can bring your logs into a SIEM: https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Event_Types_and_Log_Samples   If you need more details about an incident, you should get them within the 1 month retention. You could setup alerting based on the priority score so you're triggered by your SIEM to do something.   You could also setup scheduled reporting via e-mail about the security events:   You could also use the API, but at the moment, it only has the client specific call, so that's very limited: {{baseUrl}}/networks/{{networkId}}/clients/{{clientId}}/securityEvents?perPage=100   More info: https://documenter.getpostman.com/view/897512/meraki-dashboard-api/2To9xm#de844141-5d03-4ba5-80f8-626f611db1ff   ... View more

Actually when you fetch a client's details you do get the SSID:   ... View more