In our workshops, open with high ceilings but a lot of metal etc... we place them about 75' apart.  We typically mount them around 15' off the ground facing down depending on what options there are from the ceiling.   ... View more

I also believe if you contact support they can check the temperature and verify if your interpretation of "very hot" is indeed out of the norm. But most likely as @PhilipDAth indicated, they'll process an RMA.  ... View more

If the traffic is NAT'd to your SMTP server couldn't you do the monitoring on that server? Alternatively you could mirror the port going to/from your mail server to whatever monitoring platform you wanted to use.   ... View more

Cradlepoint uses a WAN interface though right? The USB support on the MX doesn't use one of the WAN interfaces.  It's just for management and a connection of last resort. Meraki is working with engineering to get the bugs worked out with support for my USB device.  ... View more

By AD Authentication do you mean 802.1x Radius?  If so then it does look like you could have that selected for Network Access section and the spash 'Click-Through' is served by the Meraki servers so no certificate needed.   ... View more

Based on that diagram you kind of have two root switches since they both uplink directly to the MX cluster. Bummer we can't see what port 9/10 look like on the MS220 in the failed state.  Maybe check what the ports on the MXs look like in the failed vs working state.  It truly feels like STP isn't doing its job.  May be worth going to Switch>Switch Settings and manually specifying a root bridge.   ... View more

You can't 1:1 NAT anything that needs connectivity to the provider address space? ... View more

What IP is set as the gateway for the MS220 and the MS225?  I wonder if the MS220 is gateway'd to an interface that is only on the primary? ... View more

I'm not sure of your exact config here but you can go to Security Appliance>Firewall then scroll down and you can do Port Forwarding, 1:1 NAT or 1:Many NAT depending on your application.  ... View more

@Dash you can create the same vlan/subnet at each site as long as it isn't part of the VPN tunnel so you don't get routing issues between sites.  Regarding point 3, I haven't found a way to accomplish that.  I contacted Meraki support and they didn't have a solution so I just made two public vlans.  Secure public and regular public.  The secure public is the public only subnet/vlan where I'd failover my 802.1x devices and devices that would otherwise be secure.  The regular public subnet is for devices that are not otherwise secure and just need internet.  Crude solution but I haven't come up with a better one in the meantime.  @PhilipDAth any ideas for this? ... View more

Asif you can typically signup for free or trial gear here https://meraki.cisco.com/form/trial   Then you can setup your own lab or experiment.   ... View more

Will each MX have its own internet connection?  If so then you could safely use the same subnet on all of the MX's and just have it route out the internet.  A few things to keep in mind. 1.  If your MXs are VPN'd together then make sure to not include the guest subnets in the VPN 2.  If you make a guest vlan/subnet on the MX it will automatically be routable to/from your production network so you'll need to go to Security Appliance>Firewall to create a rule to prevent the guest vlan/subnet from being able to talk to your other vlan/subnets.  3.  Any device on the guest subnet will be able to see/ping any other device on the guest subnet unlike the way the wireless Meraki guest subnet works with segregating each client.  ... View more

In my experience the throughput has always just been the down speed.  No indication of upload speed.  But I stopped using that test in lieu of running http://www.speedtest.net/ from a client machine since I typically need to know the circuits upload capabilities as well.  Also if you have two WAN connections that tool doesn't give you the ability to select which one you want to test the throughput on.  So it'll likely just use whichever you have specified as the primary uplink.     The last section in the article @PhilipDAth linked above provides some interesting clarification. https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Throughput_test_to_the_Web_from_Cisco_Meraki_devices#Comparing_to_Similar_Throughput_Tests ... View more

I've learned a lot in this thread.  Mass kudos.  ... View more

I agree with @VascoFCosta.  The Meraki AP's get good range.  Unless you have a super dense environment with a ton of user or if you have a lot of inner walls blocking signal I bet you'd be fine with 3-4.  Are you wanting to have coverage outside the building or just inside? ... View more

The SFP should be a constant.  No configurations needed aside from your port config which you did as trunk. Your jumper is yellow so usually that is an indication that it is single mode not multi mode.  But its most important that the fiber cable (jumper) matches the rest of the fiber run to its destination.  Whether that be single mode or multi mode.  Did the fiber work before on the old Cisco switch or is this a new configuration you are working on? ... View more

I agree with @Markus comment.  The NPS config on each server will be important to review.  There are a lot of moving parts to make sure NPS is configured properly on both the server and also on the clients (GPO).  Shared secret, Policy Conditions/Constraints, etc... ... View more

If I run that same test from the Meraki dashboard it fails but my radius is working fine with NPS.  I think I called Meraki about that a long time ago but I can't remember what they said about the reliability of that test.  So you may want to try connecting an actual client to your SSID to test.  ... View more

In my experience it was usually an issue with me not understanding the fiber and getting the wrong jumper.  Single mode vs multi mode etc or having the pair flipped on one side or the other.   ... View more

I see you marked the thread as solved.  Were you able to find a solution or just moving on to support? ... View more

Error would seem to indicate an issue with the CSR.  Are you the copy of the CSR you downloaded from the Meraki dashboard isn't corrupt?  Maybe after you've downloaded the CSR try opening it in notepad.  The content of the file should look something like this with different hash information in the middle.    -----BEGIN CERTIFICATE REQUEST----- MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl 4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D 6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn -----END CERTIFICATE REQUEST----- ... View more

Glad you were able to get it resolved 🙂 ... View more