If it works on a Meraki switch, but not on a Cisco switch, I'd argue it most likely be a configuration issue on the Cisco Switch.  Since the Guest SSID is tunneled to a concentrator, it's the Concentrator that'll be the NAD. This is regardless if the switch is Meraki or Cisco.  ... View more

I'd assume the tool is one of those, "open doors, press buttons, open a bottle, without skin contact"-tools, that were popular during Covid. 🙂 ... View more

Awesome explanation @CharlieCrackle ! ... View more

Correct, but punching a hole in the door, makes it less secure? 🤔 ... View more

Wouldn’t whitelisting the rule risk allowing true positives? ... View more

At least it is a possibility to upgrade the service, instead of white listing the rule. ... View more

I haven't seen it on the MX roadmap either, as such. But there was the session from Tech Field Day last year (I think?) that presented a segment on Adaptive Policies using VRFs, and since an MX is required for Adaptive Policy, it is kind of implied to be on a roadmap.    But that may just be me leading to much into it.  ... View more

Are you implying that the different Meraki Product teams are *large gasp* not coordinating releases?! ... View more

I'm guessing it's not entirely out.  Trying to configure a routed port on a C9300 gives me this.    No option to select a VRF, although I could create one.  Doesn't look like I can assign it though, from the looks of the Network column.   It's not listed in the "show run" on the 9300 either, which follows from it not being assigned. ... View more

Nice! Can’t wait for the doc to land! ... View more

Currently working through the Blackbelt training on Meraki Deployment. Stage 1 and 2 were pretty basic, but there's actually some quite good videos e.g. Meraki-Catalyst SDWAN Interconnect ,on the Stage 3 training.  ... View more

And if you notice, it's always only on the first SSID. 😉 All other SSIDs have Local LAN set to Allow. Only SSID 1 is set to Deny. 😉  ... View more

For the MR to keep track of if the tunnel is up, in monitors traffic. If there is no traffic, it will monitor using DHCP. It doesn't really matter what options are being used, or how it is crafted. If the MR gets a DHCP response of any kind, the tunnel is marked up.  You can either specify a specific IP address of a DHCP server, or not. If you specify a server IP, it will send directed DHCP requests to that.    After a failover of the secondary concentrator, the MR will continue to monitor the connection to the primary, and preemptively fall back. So I'd argue that if you see the connection flap between DCs, something is dropping either the VPN connection or DHCP packets.   You may want to ensure that the VPN Concentrator that the MRs are terminating their VPN connection on is not part of the rest of the AutoVPN topology. I.e. do not use the same MX for AutoVPN SDWAN Cloud and for the SSID tunneling. This is to avoid the "Double Tunnel", as mentioned in the SSID Tunneling document. https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roaming_-_VPN_Concentration_Configuration_Guide#How_SSID_Tunneling_Works  ... View more

Second to the bottom line, MR Product Edition on the License Info page.     It will say Advanced Enterprise, if you have it. ... View more

Meraki MX'es in an Active-Active setup will require a license per device.   Also, Meraki does not support Active-Active HA per se. You'd need to do some manual failover tasks for that to work. Meraki Warm Spare (HA) uses VRRP and is an Active-Standby setup. ... View more

If you see packets arriving at the MX from a cap, I'd argue that traffic is getting routed towards the MX. However, since 100.0.1.0/24 is a Local VLAN I think it should take precedence over the default route.    I do see that both trace routes seem to resolve the address as one of Verizons. ... View more

If you trace route from the windows host towards a ressource on 100.0.1.0/24, what do you get? ... View more

If there's an entry for 100.0.1.0/24 in the route table, then I'd argue the MX should adhere to that. Since it's a local VLAN traffic shouldn't be forwarded to Internet.  What does the route table on the windows host sat, when connected to VPN? ... View more

What does the route table on the MX say for 100.0.1.0/24 ? ... View more

Does the packet loss seem to be to and from Internet? Do you notice the same packet loss on inter-VLAN traffic?I'm wondering if the cause of packet loss may be due to further upstream, i.e. ISP.    You mention you're using DAC cables, have you considered replacing the DAC cable with Meraki SFPs? ... View more

Yeah, I've also been noticing the same. For the last few weeks, I've seen my dashboard pages having reloaded due to excessive memory usage. Rather annoying when having to have multiple tabs open during troubleshooting. I see the same on the latest version of Safari on MacOS 18.5. ... View more

I see that Philip cut me to the chase, as always! 😄 ... View more