In addition to the input from @PhilipDAth also make sure everything is good with your firewall rules.  In particular, the MX appliances on both sides will need outbound UDP 9350 to talk to the VPN Registry. ... View more

To some extent it can depend on MX firmware version.  Until maybe a year ago, the IPSec tunnels formed by AutoVPN used AES128 with CBC and HMAC-SHA1, the default SA timer is 28800 seconds (common requirement is no greater than 86400) and the default is DH Group 2 (1024-bit MODP).  In MX 13.x and newer firmware the default is SHA2.  And in a recent 14.x version there is now an option for HMAC-SHA256 authentication.  IKEv2 in the works.  Also coming is AES256 on AutoVPN, we actually do already support AES256 on 3rd party VPN, just not on AutoVPN yet but I think soon.  Any AutoVPN tunnel that gets built will use the highest possible policy set, crypto map and transform set that is mutually supported by both MX appliances.  If it happens to be a 3rd party VPN, you have the full range of choices 3DES or AES 128/192/256, SHA1/2, DH1/2/5, and a configurable SA lifetime.  You could probably open a Support ticket for your specific deployment to confirm the exact settings for your review process. ... View more

@Jsnyder81 if this helps, and to add to the reply from @GeorgeB see this screenshot of the network usage from the MV71 camera over my driveway that also covers the residential street in front of my home.  So there is a fairly regular amount of motion and analytics info, like vehicles moving by, people walking, and I can even pick out the windy versus still days by how much the trees/leaves sway back and forth, so there's a reasonable amount of metadata being sent to the cloud.  As you can see, my MV71 has generated a total of about 16MB, and averaged under 2Kbps over the last 24 hours.  See screenshot. MV71 Metadata Usage ... View more

I understand your ask for PTZ, but I would make an educated guess that rumors about a Meraki PTZ camera are rumors.  There will be other camera models in time, but I seriously doubt PTZ will be the next one to ship.    Here's an earlier post I made for same question in an earlier topic, hope this helps! https://community.meraki.com/t5/Security-Cameras/PTZ/m-p/1259#M46   Industry reports show decreasing PTZ camera use, and Meraki is not likely to add a PTZ camera to the portfolio anytime soon.  Less than 10% of cameras are PTZ, and PTZ cameras can be 2x to 3x as expensive, they are physically larger, and heavier (motors/servos) and these moving parts wear out and break down more frequently, and the more you use it, the shorter its lifespan becomes, as indicated by the shorter warranty typically offered on PTZs.  PTZs do have their place in the industry.  But perhaps the biggest drawback is that if you PTZ into a specific area, the camera cannot record what it isn't looking at.    Most PTZ use cases can be addressed with proper planning and multiple non-PTZ cameras today, and in the future with other models that might offer a wider field of view for example.  There are many cases where PTZ cameras have been deployed and then the pan and tilt functions are rarely used, and only the zoom gets used, to zoom in for identity or zoom out for overall scene context, and MV does offer a varifocal lens remotely adjustable via Dashboard for that purpose.     All that said, MV cannot address every use case.  If you're in retail and want to follow an active shoplifter around a store, the MV cannot be used for that purpose.  But I'd make the argument that with well-placed cameras and Dashboard's video wall, you could get very close, as well as meet all other retail requirements.   MV21/71 are the first two products in a new and exciting product family.  Help Meraki help you, keep making wishes in Dashboard, and keep the feedback coming through your Meraki sales team or Meraki Partner so all of the use cases and feature requests can be collected, categorized and prioritized. ... View more

Thanks @MilesMeraki that's another good point I didn't mention, to make sure your floorplans were properly sized/scaled, while that may not fix the triangular pattern, it's important so the client density heatmap is also properly colored and dots properly distributed. ... View more

I'm assuming you're clients are more evenly distributed around the full rectangle of that floorplan, and not actually within the triangle as it shows.  A few things could be contributing to that odd result, including the RF environment.  You would also likely get better RF fingerprinting and triangulation results with a 4th AP.  You'd probably also want to double check the basic settings for best & common practices, like eliminating the lowest couple of data rates in each band, use automatic transmit power reduction, etc.  I'd open a case with Meraki Support to take a look at the APs in real time, go over some Dashboard settings and provide some additional insight.  Hope that helps! ... View more

Correct, this is not "full list" brightcloud content filtering like you would have on the Meraki MX (along with lots of specific website categories) but is just basic "top site only" adult site content filtering built into the AP.  The more sophisticated content filtering would require the MX appliance.  More info here: https://documentation.meraki.com/MX-Z/Content_Filtering_and_Threat_Protection/Content_Filtering ... View more

@rpn is spot on, and you should engage with your local Meraki team (or Cisco Partner) to lead a meeting to make sure your network eng/arch team understands the full value proposition of the Meraki solution, maybe as opposed to a checkbox by checkbox comparison of dozens of features you aren't using in an attempt to say Meraki isn't "robust enterprise class" which is untrue.  You may find someone's alternate agenda surface.  Read through this blog post before attending that meeting: https://meraki.cisco.com/blog/2017/08/infographic-reducing-total-cost-of-ownership/   <soapbox> Many Meraki competitors (both before and after acquisition by Cisco) have long stated that Meraki is meant for SMB, and they still say that.  Not even considering all the Meraki deployments in dozens of global fortune 500 companies and thousands of enterprises, Meraki's explosive growth is proof enough.  57% YoY (accelerating) growth of a billion dollar business is unheard of these days in the IT world, and that's exactly what Meraki did just in the last fiscal year.  </soapbox>    Meraki certainly does integrate with CP as well as multiple other 3rd party identity sources, pretty much anything that has a standards-based RADIUS interface.  Also, the CoA on MR Wireless @rpn mentioned is fully supported (in case you do need it but it wasn't mentioned) and you'll find more info here: https://documentation.meraki.com/MR/Encryption_and_Authentication/Change_of_Authorization_with_RADIUS_(CoA)_on_MR_Access_Points and here are some related docs: https://documentation.meraki.com/MR/Encryption_and_Authentication/External_Identity_Sources#RADIUS and https://documentation.meraki.com/MR/Encryption_and_Authentication/Wireless_Encryption_and_Authentication_Overview   ... View more

What you are experiencing is the HLS delay (HTTPS Live Streaming) which is normal and results in about a minimum of 4 to 5 seconds of delay because HLS turns the live video stream into a set of 2-second chunks and does sequential HTTP-based file downloads, and needs at least the first 2 chunks (about 4 seconds) to begins the streaming process.  Meraki has optimized HLS for MV quite a bit, I believe it was originally well over 15 to 20 seconds.   The trade-off is that Meraki MV is extremely intuitive and simple to use, natively traverses any firewalls or proxies that allow HTTP in the first place, and requires no special software or browsers or specific Java versions or plugins or ActiveX controls or any of that.  It's pretty much any browser on any device on any operating system and you're working with the full power of MV.     There is a setting that can help just a little, change the quality setting on the "Quality & Retention" page from Enhanced to Standard and this can shave off 1-2 seconds.  This can slightly change the way the video is encoded as the stream gets split into files for the HLS stream.  This setting can be camera by camera as well, so if the camera is zoomed in for identity of someone being buzzed in through a doorway, the quality may not matter much but the extra 1-2 seconds can really help whoever needs to see who is standing there before buzzing them in.   Unfortunately there will always be some HLS delay (remember the tradeoff: powerful, simple & intuitive with no special software or plugins) and it's already been optimized about as much as it can be.  If it were to be optimized even further, it would introduce a lot more overhead, such as more numerous smaller video chunks therefore a higher percentage of protocol overhead, and could also introduce more of a chance for choppy video playback.   So be aware that users will have that perception that the cameras are just plain slow, they wave their hand in front of the camera and see it in Dashboard 6 to 8 seconds later and say "see how slow it is" but once they understand the architecture and the benefits and the reasons why there is a lag time, the HLS delay is typically an acceptable tradeoff.     All that said, it doesn't fit every single use case.  Please continue to make wishes in Dashboard and share your use cases and requirements with your Meraki or Meraki Partner reps so they can filter these back to the product team to consider and prioritize feature development.   ... View more

No, not a genuine indicator of AP throughput/performance, and there are many variables and possibly different mechanisms in the background to determine the throughput.  I haven't tried it between 24.x and 25.x (will when time permits) but I'd like to check out a pcap of the test and compare the 2 versions.  Open a Support ticket to have them assist with this and ask them to research additional details on the throughput test mechanisms.  Your 24.12 is the latest GA firmware and your 25.8 is the latest beta. ... View more

Make a wish for that and I'll do the same, for example on the Network Wide > Clients page in addition to a download option have an email option and a schedule option like you would have on the Summary Reports page.  The monthly export you're asking for is not built into Dashboard by default but you could leverage the API and have a script run monthly to pull both client data and location analytics.  Maybe check here for more info on pulling client data via the Dashboard API https://n190.meraki.com/Daves-Meraki-Net/n/mwgsJb4b/manage/support/api_docs#list-the-clients-of-a-device-up-to-a-maximum-of-a-month-ago and more info on location analytics via the Scanning API http://developers.meraki.com/tagged/Scanning   ... View more

Hi @MilesMeraki please do keep making wishes and share the use case for the vMX with your Meraki or Meraki Partner reps to check with the product team.  To your 2nd question, yes, some things are in the works , keep checking the release notes for the beta versions on the Firmware Management page, and also ask your Meraki team if you can be included in the application analytics beta.    Regarding Viptela, it's still pretty new, but I wouldn't expect any sudden Viptela IP integration into MX, they will each have unique capabilities for different use cases and different customer requirements, granted with a little overlap.  I'd expect you'll see continued MX deployments for existing Meraki customers where you need full-stack management with integrated threat management (AMP, IPS, URL Filtering, etc) and all the goodness of Dashboard for simple cross-functional management, reporting, monitoring & troubleshooting.  And you'll see Viptela continue to be deployed for existing Viptela or ISR 4K deployments and where you have more complex deployments like per-VRF customization & topologies, WAN acceleration and TCP optimization, and/or need end-to-end secure WAN segmentation across private/public cloud infrastructure.  And of course there will be some overlap, both solutions will fully cover your L3 VPN overlays, with transport independence, L3-7 policy management, config templates, 4G/LTE failover, virtual AWS/Azure platforms, etc. ... View more

Hey Team, yes this is a known issue and there is a detailed field notice here with all the info: https://documentation.meraki.com/zGeneral_Administration/Support/MS225_Fan_Update If you are impacted, you may have already received Dashboard banners, and/or can go to Help > Hardware Replacements. Hope that helps!   ... View more

Hi @Jotasan unfortunately the integrated SFP ports (ports 11 and 12 on the MX84) are LAN-only ports and cannot be leveraged as WAN1/2 interfaces.  I looked for an override but do not see any option.  We do have that ability on MX400/MX600 platforms where you could put in a 2x10G SFP+ module and run beta firmware to use those as WAN interfaces.  Unfortunately on the MX84, you'll only have the copper RJ45 WAN interfaces and would have to use a media converter if the ISP handoff is fiber/LC only.  Make a wish and I'll do the same with the team.  Meraki is aware of these evolving requirements which is one reason why the newer 250/450 have dual SFP+ WAN interfaces.   ... View more

Hi @PierreS unfortunately those pages do not currently give you the custom time/date ranges and not beyond 30 days.  Some of that data gets aggregated anyway beyond 31 days otherwise I imagine the storage requirements would become massive, as there are now well over 1.2M Meraki networks and growing rapidly.  As you mentioned, the location analytics page can provide custom ranges, so you can do month over month comparisons or see seasonal trends.  The other place you can do this is on your Summary Reports under the Organization menu.  Please do use the Make a Wish tool in Dashboard to put your use case in the suggestion box.  For the Network Wide > Clients page for example, for now, you would have to run a monthly report and export it as an XML or CSV and store them locally.   ... View more

Have not seen that in my SM network, I have a handful of phones (and on different providers) all showing the correct phone numbers on the clients page.  The only devices not showing numbers are not actually phones but wifi-only (non-cellular) iPads or tablets.  Perhaps try forcing a mass check-in, select multiple devices from the clients list, drop down the "Command" button and select Request Check-in and after a few minutes refresh device details.  If you still have actual cell phones properly enrolled in the SM network and not showing their phone numbers, I'd open a Support ticket to investigate.   ... View more

450,000 hours for the MR42 (and most other models) and 300,000 hours for the power injectors.   ... View more

A few thoughts, in no particular order. Correct that "co-existence" has to do with Bluetooth and wifi co-existing in the 2.4GHz spectrum, however I would suspect a windows driver issue or something similar that's causing the machine to run 1x1 (if it even is).  The existence of Bluetooth (especially newer devices) is not very impactful anymore and there are good interference avoidance mechanisms.  Plus it's only going to have an impact (even if only minor) in the 2.4GHz band, not the 5GHz band.    What is the machine capable of, 2x2 or 3x3?  What gets reported (maybe the same output) running that command when associated to other wireless networks or APs?  Every time I've ever run that command I usually see "Unknown". for coexistence support     Also check what throughput results you get if you connect to the AP from the machine directly, using the local status page by pointing a browser to ap.meraki.com and running a speed test, and see if it's indicative of how many spatial streams the client device is capable of.   Also check what you see on the Network Wide > Clients page for that client, and open the "details" link under device capabilities and see if more than one SS is detected.  Or on the Clients page, turn on the "capabilities" and channel width columns.  Also look at the MR53's AP page where it lists current connected clients and you'll see what channel it's on.  Turn on band steering and see if you can get the client to connect on a 5GHz channel, and if/when it is, run your netsh command again, and if it still shows that same output, I'd disregard it, not an issue.   Also, I'd assume the MR53 is running in full PoE power mode (802.3at)?  If it's running on legacy 802.3af power, it will disable a spatial stream plus the 3rd dedicated scanning radio in order to run in low power mode.   ... View more