Raise a case with Meraki Support ... View more

Is this a particular problem with a specific endpoint - or all endpoints? I've just been running a few basic test calls via the developer Hub and they appear to work fine If you're using a Python script, I'm not sure how the Develop Hub page is involved..?   Unless maybe you're separately testing calls which you later use in your script, perhaps ... View more

There can occasionally be geo-specific restrictions on capabilities,   e.g.  https://documentation.meraki.com/General_Administration/Support/Information_for_Users_in_China#Unsupported_Features_in_China I've done a little bit of digging (Africa not my patch).   There can be challenges around MX - particularly with it's VPN & other security capabilities - in some countries.   The recommendation would be to work closely with an authorised Cisco reseller with specific experience in-country.    You'd not get any such help purchasing in the US and trying to import.  I can certaily foresee challenges for you, in going down that path. ... View more

If you didn't already;   raise a case with Meraki Support... ... View more

My first guess on this would be to look to update the WLAN driver(s) for your laptops.   Go to the site for the wifi chip manufacturer, rather than just relying on the Windows updates. ... View more

The way most companies / organizations achieve this is to use authentication via 802.1x at the point of connection.   The identity used will be assocated with the device in question, in the Dashboard.  Of course, that's just a side-benefit for most customers, as it's mainly done to confirm who or what is connecting to their network and to provide fully secure WiFi comms.  Such identity is often also used to apply different policies to different users or user groups too;   i.e. what resources can they access?   how much bandwidth can they consume?   etc.   https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying_Group_Policies Enterprise 802.1x is a pretty big project to undertake though, so best to explore this with an experienced Cisco partner, I would say.    ... View more

Bear in mind that, even if your core switches are a stack, uplinks will not loadshare unless you also configure them as aggregate links - otherwise a loop is formed, which Spanning Tree will resolve by blocking links. ... View more

Both Legacy and Free 100 will be going entirely - at least, in terms of enrolling new devices.  If you want Systems Manager capabilites for new devices after 7th Feb, you will need to purchase the appropriate quantity of licences.   These can be ordered using a SKU of the form LIC-SME-xYR    where x = the number of years (1, 3 or 5).   The quantity is determined by the number of devices you wish to manage using Systems Manager. https://documentation.meraki.com/SM/Other_Topics/Meraki_SM_Legacy_and_Free_100_Retirement_FAQ As per this document, Meraki support for both Legacy and Free also end on this date. ... View more

Picking up on Karsten's point...   you mention it's for a new site.    Which doesn't sound like you intend it for a cloud platform like Azure or AWS (?)  What you can't currently do is run vMX on a hypervisor like ESXi or Hyper-V.  Nor (as the lack of Adv Sec license would imply) can you currently use it as a UTM for your cloud platform.  For the time being it's used to provide secure access to your cloud platform from your MX-based SD-WAN solution. ... View more

Basically a model number and a product SKU (that you use in an order) are separate - albeit related - things. Is there a particular reason why you need the SKU specifically? ... View more

It sounds to me like you need to set up your non-Meraki VPN to a Fully Qualified Domain Name (QDN) rather than a static IP.   You need to ensure, of course, that the destination is set up for dynamic DNS;   the FQDN needs to resolve to the changed address, when that happens.   https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Non-Meraki_VPN_Peering_with_FQDN  Using a static address would be much more stable / reliable though. ... View more

When a port with Spanning Tree enabled changes state (comes up / goes down), STP has to decide how to treat it - this is just reflecting that fact.   Maybe select  Port RSTP role change  as an Event type (to) ignore? ... View more

Check the Network-wide > Event log for your MX and filter for 'intrusion' - you'll see the periodic Snort engine updates.   These updates are, incidentally, matched per-link to the List update interval under SD-WAN & traffic shaping:   https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#   ... View more

Remember that, when you create a new Network, you can use an existing Network to form the basis for your new Network, via cloning  https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Cloning_Networks_and_Organizations_in_Dashboard#Creating_New_Networks ... View more

Correct - as per this document, source based default routing (chosen per-VLAN) only allows two types of next-hop: An IP directly attached via a local VLAN A remote MX, to which the MX in question is linked via an AutoVPN tunnel.   To specify a different WAN link for each VLAN, you need to use the subnet in use on each VLAN, in the way you describe, within the SD-WAN config. https://documentation.meraki.com/MX/Networks_and_Routing/Source_Based_Default_Routing ... View more

I don't believe so - there's no matching parameter for this endpoint:   https://developer.cisco.com/meraki/api-v1/update-device/   Typically this is where you'd use the Meraki app, where the engineer performing the install would upload the picture directly. ... View more

Creo que es muy poco probable que el problema sea la falta de prioridad; De todos modos, no se puede garantizar el rendimiento del tráfico en un enlace de Internet, especialmente en sentido descendente (de Internet al sitio, donde el MX simplemente recibe lo que envía). ¿Planteaste un caso con el soporte de Meraki? Creo que encontrará que este problema se debe a otra cosa.   Si necesita priorizar este tráfico, es importante que incluya las direcciones IP de destino de los hosts de este servicio, ya que la mayor parte del tráfico de Internet se ejecuta en 443 en estos días. ... View more

Basically those devices are failing the 802.1x authentication, so are effectively being disconnected, to keep your network secure.   Have you put some kind of provision/setup in your RADIUS server (and/or the device) for how those devices are to be authenticated?   You need something for any/every device type connected to a port with that profile. ... View more

Creo que su colega debe haber cambiado la VLAN a la que se asignó el puerto, no el puerto en sí. Esto también cambiaría la dirección IP del dispositivo, a través de DHCP, en la mayoría de los casos. ... View more

I take it your DC MX is also a Hub?   I'd raise a case with Meraki Support - one of the first things they will likely check is whether the back end option to prevent Hubs forming tunnels / exchanging routes with other Hubs is enabled.   This is often done in environments with multiple DCs or active-active Hubs in the same DC, to prevent routing loops. In the first instance, running some pcaps on the MXs at each end should reveal whether the MXs are sending out the appropriate packets to the remote destination - also what packets (if any) are being received at the far end.  You should be able to compare the dynamic ports for match and whether they're being received as expected (i.e. via any upstream NATs  PATs) ... View more

Es poco probable que su teléfono esté conectado al puerto 49, ya que ese no proporcionará PoE para un teléfono. Es más probable que el teléfono esté en un puerto entre 1 y 48, posiblemente con el puerto 49 proporcionando la conexión al resto de la red, probablemente usando un enlace de fibra óptica. ... View more

I'd suggest you use the packet capture feature of the MX firewall (which makes it quite different from a switch) to see what's going on.   Remember that, by default, the MX will allow the outbound traffic from the camera (check your config to confirm this) but the corresponding inbound traffic in reply is only pemitted for as long as the session is active on the MX - and so long as the ports match.   If the camera stops sending for long enough, the MX will block any traffic from the cloud box towards the camera.  You probably should setup syslog from the MX to a compatible receiver, to get more detail, if it seems the MX is indeed dropping packets. ... View more

Use RTP over RTSP (TCP) was already unchecked.   Admittedly, I didn't capture the very first stream between my machine and the camera (so maybe there's some dynamic settings caching going on), but I see no UDP traffic between the two, when starting streams now - not even an initial 'give UDP a go'.   I may retest later, when I can fully restart my PC ... View more