@RogerO wrote: my internal apps team which they do not know what URL's they call I'd act surprised... But I'm not.   Man, life would be so much better without developers 🙂 ... View more

I wish I had better whitelist formulas to offer you... 😞     ... View more

@Darrell Not exactly. It can use multiple IP's for inbound traffic. So you can do DNAT on inbound traffic. What you cannot do is SNAT on outbound traffic.  ... View more

I got mine today too! I didn't realize the MotM's got stuff. I never read that thread before... That was a pleasant surprise this morning 🙂   Thanks as well to everyone who kudo'd and solutioned my posts! And thanks to @CarolineS for all the work on the forums!  ... View more

https://documentation.meraki.com/MS/Monitoring_and_Reporting/Switch_Port_View     ... View more

That is correct. The uplink port has nothing to so with anything STP whatsoever. ... View more

The uplink port is the port the switch is using to talk to the Meraki cloud. It has nothing to do with up- or down-link within your LAN. ... View more

Haha! Three different people, three different answers. At least two of us are wrong... If not all three 😞 ... View more

I think this actually is detrimental to your network. You are creating a "shortcut" path that is not representative of the path your clients will use. This dedicated VLAN heartbeat cable leaves you wide open to the scenario where your clients lose connectivity to the active MX, but the active MX does not relinquish control to the secondary thereby taking your entire network down. You want VRRP to move over the path your clients actually use.  ... View more

That page was not updated due to an oversight I believe. They are aware now that it is outstanding and hopefully it'll get changed soon.   In my experience the issues caused by creating the loop at L2 on devices that do not participate in STP are far more detrimental than having VRRP frames pass through one switch between MXes. I would agree that you don't want your VRRP to take the scenic route through your switch fabric to get to the other MX. But if you have problems getting VRRP through a single switch before the dead timer expires then you really have much bigger problems that you need to be looking at.     ... View more

Very cool. I can see this being quite useful. Nice work! ... View more

@MRCUR That could very well be the case. I've only been working with Meraki gear for about a year so I can't say how long it's been there. I'm glad it is there because I would have been very frustrated if I went to do this and needed a whole new piece of hardware to get it done. ... View more

@RyanB Not at all!  Join the conversation and bring forward ideas!  If my assessment of that article is incorrect please by all means call me out on it 🙂     ... View more

That's incorrect @MRCUR   https://documentation.meraki.com/MX-Z/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX#1:1_NAT   " It can also translate public IP addresses in different subnets than WAN interface address if the ISP routes traffic for the subnet towards the MX interface. "     ... View more

@RyanB I dispute it's greatness. See my comments above 🙂 ... View more

...And, Meraki has officially changed their documentation on this. The heartbeat cable is no longer a recommended configuration.   https://documentation.meraki.com/MX-Z/Deployment_Guides/NAT_Mode_Warm_Spare_(NAT_HA)#Recommended_Topologies   Yay! ... View more

Hi @Pugmiester,   I did not mean ARP entries, I mean MAC address table entries. They are not the same. ... View more

@GreenMan Yup, I'm with you on the simple path part. I'm just saying that the dedicated VLAN over a dedicated link for "heartbeats" is flawed thinking as VRRP doesn't work that way, and you can't deterministically predict where the DB sync traffic is going.    What is needed to complete this setup is a way to flag the heartbeat VLAN as the heartbeat VLAN. Right now there is no such control on the MX. ... View more