255.255.255.255/32 doesn't match 155.231.231.1.  ... View more

Is that the actual static route you are using? That doesn't make any sense, and it certainly doesn't match what you are trying to ping.    What exactly are you trying to do here? ... View more

It has a use when you look at a larger, broader rule set. Consider that you have a subnet that you want to create an exception from the global policy for, but for some reason you have a single host in that subnet that you do want to follow the global policy. You'd create the rule for that single host to use the global policy, and then create the rule for the subnet to use the exception.    ... View more

@GIdenJoe wrote: For HA MX'es don't forget your WAN1 and WAN2 on both appliances need to connect to the same respective upstream ISP circuits. So you'll need to have one ISP come in building 1 and connect that one first on the switch there on an external VLAN and then have two ports connecting to both the WAN1's of the MX'es, so the third link will also be going over the fiberlink.  And then the reverse of ISP2. That one will connect first to switch 2 and then back up to the MX'es WAN2. Only if you need to use a VIP. You don't need to do this if you just use the MX IP's.    ... View more

OMG, a non-all star cracked the top four! Damn fine work there @DarrenOC !  ... View more

Woohoo!   My example was meant as pseudocode since I didn't have any idea what a null character would be in whatever language that actually is 🙂 ... View more

I've not used the code you're referring to before, and honestly I only really know a bit of python, but it seems to me that if you were to blank out the secret before you do anything else with the data tat should do the trick? @Mikanator wrote:   // Check secret and store event const SECRET = "xxx123";   if(body.sharedSecret == SECRET){     body.sharedSecret = <NULL>                <----- Blank secret from data    PD.emitCEFEvents([cef_event]); }   ... View more

SImply put, your only option is PoE.   The MV72 does not have any other power input other than power supplied via the Ethernet port. That said, how you get PoE to the camera is up to you. You can use PoE supplied directly off a switch, or you can insert a PoE injector into the mix, and that injector can be powered by any number of methods depending on the model of injector you use.  ... View more

There's no functionality to do this within Meraki. You'd need an external <something> to accomplish this. ... View more

Frick... I changed my answer on one question and it bit me. The other I legitimately got wrong 😞   ... View more

Configs belong to a network, not to a device. If you remove a device from a network it does not continue to operate with the config of the network. Removing a device from a network does effectively remove all config from it.  ... View more

Yes, it does fail over immediately, though I'm not seeing that in any docs. ... View more

Did you look at this feature:   https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation   That might do what you want? ... View more

Oh, sorry @colinster ! My solution is just a repeat of your solution, just on one line. I like the way you think!  ... View more

@trunolimit wrote: wouldn't this block all access on the LAN? even access to the default gateway? Nope. You cannot block, even with an explicit dedicated rule, traffic to and from the MX IP address itself.    Intra-subnet traffic, i.e. between hosts on the same VLAN, does not transit the MX, and therefore it cannot block it.  ... View more

The RADIUS Access-Request will have the IP of the Meraki device (NAS IP Address) in it. Could you not classify "Meraki clients" by any client where the NAS is a known Meraki device? ... View more

I humbly submit the following as my solution to this problem:     The parts that are cut off are "10.0.0.0/8,192.168.0.0/16" in both the Source and Destination fields. This single line ACL will prevent all of your subnets from talking to each other, while allowing all your subnets to talk to the Internet.  ... View more

65535?   Seriously though, I've never seen a limit anywhere.  ... View more

Gotta get me some of those socks! ... View more

Oh! I just realized, you can match the returned users' IPv4 address against your client VPN address range! That'll tell you for sure if they're local or remote.  ... View more

@Paul_Jefferies ,   The closest thing I see is this:   https://api.meraki.com/api_docs/v0#list-the-clients-that-have-used-this-network-in-the-timespan   But when I just tried pulling the data from there it would seem that there's no specific field that identifies the client as a VPN client, even though this same data in the Dashboard does show a VPN icon beside the user... So that's lame.    You might still be able to use this endpoint if you're not doing any other authentication on your network. If you're not, then the "user" field will always be blank for non-VPN users, and VPN users will have the user field populated.    If you can use that to get all the VPN users then you can hit this endpoint:   https://api.meraki.com/api_docs/v0#return-the-clients-daily-usage-history   to get usage data. ... View more