I can recall having overthought this one too. 😉   Yes, you‘ll have to add the Spare first of all. Then, simply go to the MX configuration page and create a Warm Spare pair. You‘ll be presented with the newly added spare MX and be led though the process. The IP will also be configured within this one.   Sorry that this is not a concise Howto document, but it‘s really simple. ... View more

@svacs wrote: That would be a nice feature. Sign me up! It works the other way around: „Make a wish“ on the Dashboard page. ... View more

Oh yeah, let‘s see the first customer pull in the full internet routing table on MX64! 😋 ... View more

Critical fail-VLAN Netflow export MACSEC VRFs at least for the bigger boxes   P.S.: @damienleick Port-Security doesn‘t give you any more security than not handing out IP addresses via DHCP. 😋 If you want to set the bar high enough, there‘s nothing else but proper 802.1x. That doesn‘t necessarily mean you‘ll have to use a domain. ... View more

If you‘re referring to the new Per-Device licensing model: you‘ll have to buy another license for the new AP. The old license will be unaffected then.   https://documentation.meraki.com/zGeneral_Administration/Licensing/Meraki_Per-Device_Licensing_Overview ... View more

NPS sucks big time. At least it doesn‘t cost a dime...apart from giving your staff headache all the time.   Every time a customer has tried implementing it they came to us afterwards and asked us how to do it „the right way“... ... View more

I‘d guess. In Meraki-land the only device capable of delivering Netflow is the MX. It acts as the exporter then. You‘d have to implement at least a collector too additionally. Don‘t know if Auvik provides you with that. ... View more

Perhaps you shouldn‘t hold your breath for such an API. 😉   Food for thought: Webhooks provide you with (almost) everything you‘re asking for. Guess it only depends on what you‘re doing with the alerts sent out. Of course there are services like Zapier, but perhaps it‘s sufficient for your case to simply ingest the data Meraki sends out and write them to files. Your monitoring systems then could poll those and deal with the data.   At least such a Webhook „server“ would be implemented in virtually no time. At least it‘d be a lot quicker than waiting for an alert API to be (possibly) implemented. ... View more

Sure: Netflow is being used on networking equipment to showtraffic going over it.   It's a combined architecture with three components: Flow exporter: aggregates packets into flows and exports flow records towards one or more flow collectors. Flow collector: responsible for reception, storage and pre-processing of flow data received from a flow exporter. Analysis application: analyzes received flow data in the context of intrusion detection or traffic profiling, for example. The exporter is typically a switch, router, firewall or loadbalancer. Flow data consists (at least) of Ingress interface Source IP address Destination IP address IP protocol Source port for UDP or TCP, 0 for other protocols Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols IP Type of Service So basically, you're leveraging information that's available directly within the network to see what's going on in your environment. ... View more

Hello there!   Sounds like a lot of fun with your tools! It‘s always great to be able to learn something new for oneself. 🤗 ... View more

Rather than using the API, you could leverage Netflow. Something that‘s designed for this kind of task. 😉 ... View more

Same here. Currently, I don‘t mind and take it as cosmetic issue because at least it works as expected. ... View more

Seems like there are several areas you need VLANs enabled, even if they‘re not needed: https://community.meraki.com/t5/Developers-APIs/Getting-LAN-Config-via-API-when-VLANs-are-disabled/m-p/75311 ... View more

Well...thinking about better solutions would be advisable then. 😇 ... View more

That‘s exactly the way it goes: secondary gets updated, takes over, afterwards the primary one receives the update and tackes over again when everything is up and running again.   As the Dashboard is taking care of the whole process, it isn‘t possible to have only one of the boxes being upgraded. ... View more

You could „Make a wish“ on the firewall configuration page for Firewall Objects. Maybe this will help speed up this and will bring new potential to firewall configuration on MX. ... View more

1. Sentry is key, just as Ajit mentioned 2. Can be achieved by using policies, yes 3. I don‘t quite understand. Systems Manager IS device management, why would you need Intune on top? ... View more

Have you read https://documentation.meraki.com/zGeneral_Administration/Firmware_Upgrades/Meraki_Firmware_Release_Process   Especially this part: “The latest beta firmware is fully supported by our Support and Engineering teams. Older betas are supported with best effort; an upgrade to the latest beta will ensure full support.“ ... View more

Well, basically you‘d simply have to iterate through your networks and create clients (if not yet available) or update those. The API makes it possible. ... View more

Just "Make a wish" on the DHCP configuration page ... View more

Guess the quality of contributions here will never cease to amaze me.   Glad we're having you guys! 🙏 ... View more

Would that make any sense for that kind of device?   The only thing I could think of would be using it in Safe Mode: https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Meraki_Device_Local_Status_Page#MG_Series but as this is solely useable for troubleshooting (from my point of view) it dosen't really make sense to use the MG that way. ... View more

Running the 26 train for a longer time without any issues. 26.6.1 is looking especially good. ... View more

Guess this more ore less only depends on CyberArks abilities. As they should be transparent to the end system, I don‘t see why it shouldn‘t be possible.    But possibly I‘m not getting your point here. ... View more