@Asher   Whilst you can't set up an actual NTP server, there are a couple of DHCP options which may allow you to achieve what you need -    Option 4 (Time Server) This option is used to specify the time server available to the client. This is also related to the Time zone offset option.    Option 42 NTP servers This option carries the NTP servers used on the network.   See - Setting Custom DHCP Options these work for both switches and security appliances.   ... View more

@SimonReach   Glad to hear everything is getting sorted out.   I would observe that the Z1 only does IEEE 802.11n and that both the Z1 and the Z3 only offer the Enterprise Security option, not the Advanced. Personally, I would choose the Z3 over the Z1. For a modem I find the Draytek Vigor 130 to have good throughput and the ability to configure itself to suit the different UK ISPs.   ... View more

Have you turned on rendezvous support?     ... View more

@Zilla   Thanks for your suggestions.   I now have the VLANs configured pretty well the way I want them to work.   My next issues are to do with isolating "risky" devices into their own VLAN yet still be able to access their services, eg Bonjour or Chromecast.   Virtually all the "smart" devices I have seen are woeful from a security viewpoint, so should be kept away from the rest of the network, yet some are quite convenient. Whether it is at home or work, I cannot see us having fewer smart devices in the future. So we have to be able to find a way of being able to live with them, securely.   ... View more

@gavin wrote: I can't connect chromecast generation 1 to SSID. SSID is configured for bridge mode. I am unable to connect chromecast generation 1 to my Meraki AP- MR33, running version MR 24.12. any suggestion?   Do I have to enable multicast to fix it? it was not working on my fortinet AP but it started working as soon as I enabled multicast. Gavin I have a couple of A/V devices in my test network that have Chromecast built in. It is very convenient to be able to cast from a phone to one or other of them. I have found that it works very well when the SSID the wireless device connects to uses the same VLAN that the Chromecast A/V player ethernet connected devices are members of.   So smartphone - VLAN 111 SSID               -  WPA2-PSK, L3-roaming, VLAN tag 111, not isolated, not blocked from LAN VLAN 111 allowed on WAP and switchport WAP is connected to.   The MX does not handle multicast properly (cannot configure IGMP-proxy), so make sure the VLAN connection does not need to be routed via the MZ ; simplest to plug the WAP and the multicast capable device into the same switch and configure IgMPv3 snooping on the switch.   I have found out the following from Google -  You will need to disable AP or client isolation on your router in order to set up Chromecast. -- See What router settings do I need to set up Chromecast? With that being said,  If you have strong knowledge of firewalls, , you can set things to allow certain traffic. Which ports does Chromecast use when connecting to external services? • HTTP:  TCP/80 • HTTPS:  TCP/443 • DNS:  UDP/53 • SNTP:  UDP/123 Which ports are used by Chromecast to communicate with computer/phone/tablet in the same network? • SSDP:  UDP/1900/multicast • mDNS:  UDP/5353/multicast • TCP/8008 • TCP/8009 Hope this information helps. Even with this information I am having no joy at getting a smartphone on one VLAN to communicate with a Chromecast device on another VLAN. Cisco has a Chromecast Deployment Guide, Release 7.6 the information therin leads me to believe that Meraki does not yet handle this situation as multicast is not fully functional at this time.   I have tried enabling Bonjour which desn't help, I configured the VLANs so that the one of the VLANs super-netted the other and Meraki refused to configure that.   With everything on the same VLAN, it works just fine.       ... View more

Be aware you may have to put the Virgin Superhub into modem mode. In any event, it is worth trying. ... View more

Simon   I don't get Virgin TV, so I don't know how that will be handled by the MX. One of the things BT has done right is to use multicast for BT TV channels. This requires a router/security appliance that can run an IGMP proxy, which the MX does not yet do, but the MS switches handle IGMPv3 already. My solution is to use a router that can be configured so that a STB/playout device can be connected to it, and be fully functional whilst everything else can be passed through unchanged to the MX. I am very happy using a Vigor 130 modem (auto configures for UK ISPs) in PPPoE/PPPoA (Bridge) mode, But it doesn't get round the IGMP proxy issue.   ... View more

Hi First things first -    Have you put the Virgin Super Hub into modem mode? This is a common problem     ... View more

@MilesMeraki wrote: Disabling the port which the machine connects to is sufficient enough. This obviously stopping any form of possible network connectivity. I'd go further; I would unplug it and record the hours and costs of physically visiting the equipment's location in order to do whatever "maintenance" is required. This cost information potentially gives you an additional lever to support the case for bringing forward the equipment's replacement.   ... View more

@MilesMeraki @PhilipDAth   I've found a lot of information on the Cisco education site so I'll take it on board (hopefully weeding out the misleading stuff), and I'll re-organise the VLAN numbering scheme accordingly. I'm tempted by (room) 101 for the unused VLAN.         ... View more

Eric   The Iranians thought they were safe but STUXNET got them.   The reality is, replacement of the equipment that incorporates the PC running XP needs to be planned for, and sooner rather than later. If you can't interface the equipment to the Master Patient Index, in a safe manner, it is always going to be a problem and issues will arise as data has to be transcribed into other systems and notes rather than seamlessly transferred. The more equipment is integrated, the more problematic the unincorporated equipment becomes.   Hopefully for you, this equipment is relevant to procedures with a high RPVU, which will both make its replacement more affordable and provide allies with influence.   If you want a real nightmare, check out how the dysfunctional British NHS was held to ransom by hackers who encrypted data on insecure devices and demanded payment in bitcoin to release the encryption keys.     ... View more

@MilesMeraki @PhilipDAth   Thanks for your help guys, it is much appreciated.   As you both predicted, changing the native VLAN for the AP(s) back to 1 solved the problem.   Because of my background, I'd prefer it if there was not a default VLAN, and to avoid using VLAN 1, because both 0 and 1 are predictable and often default values.   I'm trying to develop a core architecture that can act as a template for future deployments, rather than configure on a one-off basis.   I am not a network engineer, so what is obvious to everybody else is not always obvious to me. As I said before, your assistance is much appreciated.   Robin   ... View more

@PhilipDAth LAN1 port on MX plugs into the MS220-8P port 10 ... View more

@PhilipDAth   I've accessed the local pages for the switch (MS220-8P) and the AP, everything appears to be Healthy.   However, I check the entry on the switch port page and it shows that that the port the switch is connected to has    Native VLAN - 11 Allowed VLAN - 11, 111, 1001   (11 Management, 111 Analytics, 1001 Isolated Guests) - is this correct? ... View more

@PhilipDAth wrote: Reading this again I missed this was an AP issue.   I would think by "VLAN0" it means the native or untagged VLAN.   The switch port that that the AP plugs into, I assume it is a trunk port.  Is the native VLAN - VLAN1, or a different native VLAN? At present he "default" VLAN is VLAN 1. At present all the switch ports are trunk ports.  My aim is to use VLAN 11 as the management VLAN and avoid using any defaults.   Its after 2235 here I'll get back to this in the morning (my time), thank you for your assistance.    Do I need to do anything on the switches other than set which VLANs each port will pass? Do I need to set up the ports to also pass the management VLAN when a client device is directly attached?   laters . .    ... View more

@MilesMeraki   Thanks for your suggestion - the screenshot below shows how the AP is configured -  Both the SSIDs function as expected. The AP is getting its IP address from the correct VLAN DHCP server. I am not sure where to go looking for more causes . . .   ... View more

Philip   Thanks for your interest.    I just tried getting the phone to forget both networks so it was unattached and then re-attached to VLAN 111 Analytics ( via the Enigma SSID. I still get the same error message and the orange status on the AP.   The default is VLAN 1 not 0. The switch and the AP are on the management VLAN 11. Eventually, I intend removing VLAN 1 and I do not see that I need VLAN 0 (is that a normal VLAN), if everything is specifically assigned?       I'm a bit puzzled.     ... View more

@Welles wrote: Ekahau Site Survey is pretty much the *main* one out there. However, others do exist, i.e. AirMagnet Survey.   https://www.ekahau.com/   http://enterprise.netscout.com/products/airmagnet-survey     Using Ekahau will ensure that whatever report you eventually produce, it won't be dismissed on account of the tool used. It is worth coming to grips with. It is also of great assistance whilst fine-tuning AP positioning.   The biggest mistake that we see people making is "chasing range", as opposed to providing a wireless service in each location where it is needed. Better to have more APs operating at lower TX volumes than fewer shouty devices. Generally, I prefer to work using 5 GHz equipment, less signal leakage between adjoining spaces, it does not have the same propensity to penetrate physical and living structures as the 2.4 GHz signals, although it is "bouncier", or more reflective. It is simpler to dense-pack 5 GHz than 2.4 GHz radios, more non-overlapping channels and less propagation.   ... View more

@PhilipDAth   I have the workstations set to use OpenDNS, and all the VLANs, apart from one which which uses the DNS addresses provided by the ISP that also delivers the TV service (that is what the service expects). The PPPoE service also appears to use the ISP DNS, which seems to override the VLAN DNS settings. Do you know of a way to change this?     ... View more

delete it and recreate it ... View more

I've found the gnome (top left) ;-[]     ... View more

I started to post a screen shot and then saw you had posted already . . . duh Who is the guy on the left? ... View more