This might not be related ...   I have just run into a problem with MX95s at a customer site running 19.1.7.2.  They had started having AnyConnect issues.  What I found out was the MX95s were constantly and regularly crashing.  They were failing over quick enough so the customer didn't notice the Internet dropping out - but they did notice their AnyConnect sessions dropping all the time. None of their other models of MX were experiencing this issue.  Only the MX95s were affected.   We have had to roll them back to 18.211.4 (what they were running beforehand).     ... View more

@AmyReyes, you have this system running so well now, just like clockwork.   Well done @Jobsp and @EvaF for helping out so much.   I know how you did this @Mloraditch - through constant participation.  I've certainly noticed all of your great input.  Well done.   And thank you to everyone in the dirty dozen.  You know who you are.  🙂   ... View more

>Is it somehow possible to automatically store these backpack files in a specific directory on mobile. so that another app (developed by our team) can read these files   I don't think this would be possible.  Apps on Android and iOS are containerised.  One app can not access another apps files, or even a file outside of its own container.   For Android you could create your own custom APK with the files, and push that though.  And when you update the files, just push the APK again. ... View more

This might not be related, but note this fix in 17.2.1 for MS.     Also note after doing this upgrade you have to DELETE and re-create the existing LAG configurations for the fix to be applied. ... View more

I back @alemabrahao .  I would not sign any contract until a POC has been done and the solution proven to work. ... View more

NLB is a pig.  I like using the free HAProxy.  Very powerfull.   For the last client that needed NLB - I used a pair of C9300s running IOS-XE just for those servers (and they use them in Meraki Monitor mode).  Everything else was Meraki. ... View more

I think this might be related to this recent Microsoft bug. https://www.bleepingcomputer.com/news/microsoft/microsoft-recent-windows-updates-cause-remote-desktop-issues/   ... View more

This looks correct to me. ... View more

Here is a screenshot from the Uplink tab on an actual MX250.  The options simply don't exist.     ... View more

ChatGPT is wrong.  Here is the official documentation listing the requirements and supported models. https://documentation.meraki.com/MX/MultiWAN_Backup_Uplink#Prerequisites   ... View more

If you click on the picture of "you" in the top right-hand corner, you can get both of these bits of information.   ... View more

https://meraki.cisco.com/blog/2018/06/all-about-autovpn/   "If the two MX’s public IP addresses match, then the MXs in question are in the same private network. As such, they should route to one another via their interface IP addresses"   If they share a common public IP they will communicate directly with their private IP addresses. ... View more

If it is more than 20m away from the users - I would consider adding an extra AP as well. ... View more

LLDP can do power negotiation.  Double check the ports to see if they have any PoE configuration overrides (should be fine with no PoE configuration). ... View more

I think you should be getting more throughput than you are. What speed are your Internet connections at each end? Is it an MX95 at each end?   We need to validate your testing methodology. If you run Iperf to the same host using 127.0.0.1 what do you get?  This sets the upper limit of what you can test. If you run iPerf between two computers directly over your LAN, what throughput do you get?   Now that we know the limits of the testing system, we need to move onto the links.   You will need to plug a computer directly into each Internet connection (using a public IP address on each), and then do an iPerf.  Painfull, I know.  This will verify the bandwidth available over the Internet path.   I see different performance numbers in the sizing guide: https://documentation.meraki.com/MX/MX_Sizing_Information/MX_Sizing_Principles   It's not uncommon to tune SMB to get it performing well. https://learn.microsoft.com/en-us/windows-server/administration/performance-tuning/role/file-server/#client-tuning-example ... View more

Assuming that hubs are in routed mode; I have solved this a couple of times using different methods.   1. Deploy an HA proxy at the hub. Add the service's domain name to the internal DNS pointing at HA Proxy, and then have HA Proxy forward that on. This is a cheap, reliable solution.   2. Use Umbrella SIG or SecureConnect. This routes all of your web traffic through Cisco Umbrella. You then have them add the Umbrella proxy ranges as allowed. This solution is quite expensive and complex, but it does give you other security benefits.   Another option is to convert the app to support SAML authentication (aka start on a zero-trust journey), remove the IP address restriction, and use a SAML provider (like Cisco Duo) to limit access to only authorised machines. I have done many of these kinds of deployments.  It's just much stronger security wise. ... View more

You should be able to buy it from the same place that you got your switches. ... View more

I believe I have run into this issue with a client.  They have a pair of MS425s as their network core, connecting to a pair of Nexus switches for their server access block via a port-channel.  The issue seems to repeat every 1 to 3 weeks.  All cabing between the switches has been replaced.   Intermittently, the Nexus switch starts seeing the ports connecting to the MS425s start flapping in 30s cycles, and eventually, the Nexus switch errdisable's them - permanently.  Errdisable recovery will not enable the ports.  Disable/enabling the ports does not fix them.  Unplugging the 10Gbe TwinAx cable from one of the LACP members, and then plugging it back in again fixes it.   I note in the latest MS release notes for 17.2.1 it lists this resolved bug: "All new LAG configurations will block redundant links if the connected device is not configured for LACP. This change fixes an issue where switches would sometimes move LAG ports to an active forwarding state prior to LACP convergence, creating the potential for loops. The change does not apply to existing LAG configurations.".   I also take it to mean that after you apply this firmware, you need to delete and then re-create the LACP group. ... View more

> I need to wait until dashboard enters grace period (30days) and the ask Meraki support to convert it to subscription model?   You wait until the co-term licence expires, and then claim your subscription code.  It will then convert to subscription licencing.  There is no need to contact support.   >I will then have only 30 days to buy&claim all subscriptions   You can buy a subscription and request it to start at a future date (this is what I usually do). https://documentation.meraki.com/General_Administration/Licensing/Subscription_-_Licensing_Overview#Flexible_Terms   >Maybe I can buy/claim them earlier   You can buy them earlier - but you can not claim then till your co-term licence expires.   >It would be much easier if I could buy all subscriptions centrally   A subscription can only be used for a single org.  You can then bind it to one or more networks.  You can have multiple subscriptions within a single org. https://documentation.meraki.com/General_Administration/Licensing/Subscription_-_Licensing_Overview#Network_to_Subscription_Binding     ... View more

On top of @Purroy 's answer, the next most common issue I encounter is clients having "Deny Local LAN" enabled.  Make sure that is turned off. https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_Meraki_MR_firewall   ... View more

> It is connected to the hub by a Cat6 cable.   When you say this, do you mean you have another MX as your main security appliance, and then you have this MX64W being used only as an access point?   Are there any other access points in the environment?   Are you saying users are 69m (75 yards) from the MX64W? When users connect to the WiFi, is is clear and unobstructed, or do they have to go through several walls? ... View more

I wonder if the subnet they use in their company is the same as the subnet you use in your company. ... View more