Yes - any MS250 model is physically stackable with any other MS250 model. You will need at least one 40G stacking cable, of the right length, from within the Stacking Cables section here:  https://meraki.cisco.com/lib/pdf/meraki_datasheet_sfp.pdf   You can't physically stack between different MS series - e.g. MS250 with any MS350.    The only exception to this is that you can physically stack MS210 models with MS225 models.   None of this should be confused with virtual stacking, which is basically a GUI only feature and works for all switches deployed in the same Network in Dashboard.   https://documentation.meraki.com/MS/Stacking/Switch_Stacks ... View more

Put a new MX in the DC, in routed mode, with all of Company B's servers behind it, inside your existing firewall (you don't show this on your diagram, but I assume you have one?). Put it in a different Organization from the existing Hub and existing Company A office Spokes (maybe configure a new Organization).   Put the the Company B MX65W as a Spoke of this new Hub, in the same Organization.   With the Company A and Company B MXs in different Organizations, the VPNs will be entirely separate.   If the MX65W is already in the existing (Company A) Organization, you can logically move the hardware between the Organizations yourself, but you'll need to call Support to get them to move licensing. If you are mixing your Company A and B servers on the same switching, this gets more complex, but you imply that's not the plan.   If you keep it separate physically, it's harder to get wrong. ... View more

Unfortunately the wireless from a Z1/3 is pretty much entirely separate from that delivered by MR access points (and lacking quite a few advanced MR features).   This is the same for MX--W too.    An added MR will not wirelessly mesh from a Z or MX--W. I usually caution customers carefully on this sort of thing, before they deploy those models - particularly with the MX, where it's likely to be placed somewhere least conducive to delivering good WiFi coverage. You can wire an MR to a Z, provided the PoE port is spare and configure the same SSID on both and, provided you use the same auth method, it will probably work, but it's pretty nasty - no smooth roaming, for example. Remember that Z3 delivers 802.3af PoE only, so most WiFi 6 MRs would not be supported. ... View more

@DarrenOC is absolutely right that you can form IPSec tunnels from a Z1 or Z3 to a compliant non-Meraki device, but such 'non-meraki VPN' configurations are not to be confused with AutoVPN.    AutoVPN is between Meraki devices only.   I mention this because AutoVPN is much simpler to configure and manage at scale and allows the use of true SD-WAN;   the overlay tunnels between peers form over both uplinks and are tightly monitored, end-to-end.  You can then define your preferences for which traffic flows over which uplink and fail specific applications over if performance isn't appropriate.   'Meraki devices' also includes the virtual MXs, for Azure, AWS and now Google CP and AliBaba Cloud too. If a customer is looking to put MX in at remote branches and link back to (say) an existing ASA at their DC, I think it's probably a false economy to stick with the existing head-end device - even before you consider the benefits of SD-WAN.   People often save so much time and effort in managing a full Meraki AutoVPN that it pays for the central MX.  If you'd rather avoid the disruption of replacement, why not put a VPN Concentrator MX in, behind the existing firewall?  https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide#Deploying_a_One-Armed_Concentrator ... View more

You could use motion alerts, via Webhook, to trigger the capture of footage:  https://documentation.meraki.com/MV/Advanced_Configuration/Motion_Alerts#Alert_Only_on_People_Events https://developer.cisco.com/meraki/api-v1/#!get-device-camera-video-link   There's a beta tool available to trigger such alerts only on people detection too.   Right now I don't believe that extends to vehicles.    Bear in mind that if you also triggered the capture of screen grabs, you could send the output to AWS Rekognition (for example) which could detect vehicles, people, text and all sorts of other things.   You may also find MV sense particularly useful in pre-processing and adding more granular information:   https://meraki.cisco.com/lib/pdf/meraki_datasheet_mv_sense.pdf  ... View more

WPA2-PSK key must be between 8 and 63 characters long.    Dashboard checks this is met, when you attempt to save your key. ... View more