Meraki

Community
  • About PhilipDAth

About PhilipDAth

Re: MX95 Warm Spare – Failover Causes Complete Network Outage

by Kind of a big deal in Security & SD-WAN
2 hours ago
2 hours ago
>Each MX currently has two LAN connections into the switched infrastructure:   I would remove one of the dual LAN links from each MX, leaving each with a single link to the switch infrastructure.  This will stop the blocked ports. It might be sufficient on its own to resolve the issue. ... View more

Re: Is it just me or is that link not working to Apply for Cisco Insider Ch...

by Kind of a big deal in Off the Stack
11 hours ago
2 Kudos
11 hours ago
2 Kudos
Core changes that would be required for me: I want the freedom to say if Cisco is doing a bad job, and to make such statements publicly. I want the freedom to say if a Cisco product/software is bad, and to make such statements publicly. I want the freedom to discuss and promote non-Cisco products.   I accept that the above only applies to information not covered by an NDA.  Obviously, information obtained in privilege should not be discussed publicly at all.   Also, because you don't receive the agreement until after you have been accepted into the program, there is no way to verify whether any changes have been made to it.  Consequently, I haven't bothered trying to reapply for many years.   That's my 2 cents of feedback.  🙂 ... View more

Re: 1 site multiple MX's

by Kind of a big deal in Security & SD-WAN
11 hours ago
11 hours ago
If you want everything on the same VLAN ...   You know how you have an ISP link in each building - what about asking the telco if they can provide you a layer 2 link instead between the buildings? ... View more

Re: MX95 Warm Spare – Failover Causes Complete Network Outage

by Kind of a big deal in Security & SD-WAN
11 hours ago
11 hours ago
Does each MX have a single connection to the switched infrastructure?  Dual LAN links can result in spanning tree shutting down a port.   On the LAN ports on the switches that the MXs connect to - are those ports all identically configured?   Is the LAG group between the switches passing all VLANs (and configured as trunk ports)?   On the LAN ports on the switches that the MXs connect to - if you swap the ports over, does the issue follow the switch port or the MX? ... View more

Re: Meraki Dashboard Server Error

by Kind of a big deal in Dashboard & Administration
11 hours ago
1 Kudo
11 hours ago
1 Kudo
I just logged into shard n85 ok.   The status page is not listing any outages. https://status.meraki.net/   ... View more

Re: Alternative option to single-app mode

by Kind of a big deal in Mobile Device Management
11 hours ago
11 hours ago
I don't know the answer.  This is the closest I could find. https://documentation.meraki.com/Platform_Management/SM_-_Endpoint_Management/Operate_and_Maintain/Tags_and_Policies/App_allowing%2F%2Fdenying_list_in_security_policies   ... View more

Re: Client VPN Doesn't Work When the Deployment Setting Mode is "Passthroug...

by Kind of a big deal in Security & SD-WAN
11 hours ago
2 Kudos
11 hours ago
2 Kudos
Make sure your internal network has routes for the client VPN subnet pointing to the MX.  This is a hard requirement. ... View more

Re: Is it just me or is that link not working to Apply for Cisco Insider Ch...

by Kind of a big deal in Off the Stack
11 hours ago
2 Kudos
11 hours ago
2 Kudos
Hey team.  I want to warn you that this program has onerous legal restrictions (or at least has had in the past) on what you can say, promote, or discuss online (including in any Cisco-owned communities).   I couldn't bring myself to sign off on the application in the past. ... View more

Re: Splash page configuration either AD or RADIUS on MR46 AP's

by Kind of a big deal in Wireless
11 hours ago
2 Kudos
11 hours ago
2 Kudos
To add to Mloraditch excellent answer, this is because the splash page is hosted and served from a server on the Internet, not from inside your network.  Consequently, the RADIUS request comes from the Internet.   It is a real pain.   Could you use Entra ID authentication instead? https://documentation.meraki.com/Wireless/Design_and_Configure/Configuration_Guides/Encryption_and_Authentication/Microsoft_Entra_ID_Integration_with_Splash_page   ... View more

Re: 1:1 NAT on non-Meraki VPN

by Kind of a big deal in Security & SD-WAN
11 hours ago
2 Kudos
11 hours ago
2 Kudos
Ask them to perform the subnet NAT translation on their end. ... View more

Re: Systems manager being discontinued

by Kind of a big deal in Dashboard & Administration
Sunday
2 Kudos
Sunday
2 Kudos
We tried using Systems Manager at the beginning to manage Windows and Android, but it was just too much hard work.  Debugging things (especially on Android) was really hard work, and the Windows platform seemed to get no love.   We've moved to Intune now. ... View more

Re: Problems with secondary VPN on MX100 and a forti

by Kind of a big deal in Security & SD-WAN
Sunday
Sunday
I think I just got this.  Are you trying to create a non-Meraki IPSec VPN from the WAN2 interface on the MX?   You can't do that.  It always uses whatever the primary WAN interface is. On the Fortinet side you can probably configure both VPNs, but only one will be up at a time. ... View more

Re: 1 site multiple MX's

by Kind of a big deal in Security & SD-WAN
Sunday
Sunday
Each site will require its own unique subnet range.  You'll enable AutoVPN on the MXs to network all the sites together. ... View more

Re: MX 26.1.1 - First beta

by Kind of a big deal in Security & SD-WAN
Sunday
Sunday
>Client VPN now supports IKEv2 for establishing connections.   Now that is interesting. ... View more

Re: Problems with secondary VPN on MX100 and a forti

by Kind of a big deal in Security & SD-WAN
Thursday
Thursday
When you say you are trying to establish a second VPN, I assume you mean to a different Fortinet firewall somewhere else?   You can only have a single VPN between a pair of devices. ... View more

Re: Who is still having an issue with client names in the Meraki Dashboard?

by Kind of a big deal in Full-Stack & Network-Wide
Thursday
Thursday
For Chrome, you can configure that setting via Active Directory group policy and Intune via configuration settings.   https://chromeenterprise.google/policies/   https://support.google.com/chrome/a/answer/12129062?hl=en     ... View more

Re: Recognizing the November 2025 Meraki Community Members of the Month

by Kind of a big deal in Community Announcements
Thursday
7 Kudos
Thursday
7 Kudos
Well done @SMAT_jp , @jameslord and @Seenu for your contributions.  And thank you to the amazing 12. ... View more

Re: Who is still having an issue with client names in the Meraki Dashboard?

by Kind of a big deal in Full-Stack & Network-Wide
Thursday
Thursday
This post contains the cause of the issue and the solution. https://community.meraki.com/t5/Full-Stack-Network-Wide/Who-is-still-having-an-issue-with-client-names-in-the-Meraki/m-p/282397/highlight/true#M3108   ... View more

Re: Best practice, MXs L3 warm spare, MS not stacked L2. Please provide an...

by Kind of a big deal in Switching
Wednesday
Wednesday
I would not connect the MXs to each other either.  Just a single connection to the layer 2 domain.   RSTP is not sufficient to stop ports being incorrectly blocked.  It would help if the MXs supported spanning tree or port channels, but alas they do not. ... View more

Re: Client not reachable after some time

by Kind of a big deal in Switching
Wednesday
Wednesday
I have most often seen this with Windows' power-saving settings. Has power saving turned the machine's screen off when this is happening? ... View more

Re: Auto VPN # Diverting traffic over the VPN for a single host address - I...

by Kind of a big deal in Security & SD-WAN
Wednesday
1 Kudo
Wednesday
1 Kudo
>The only way you are going to be able to do this when not using the hub for all traffic is have the hub point it to something else, a secondary firewall   This solution will work.     Another solution I have used is to deploy an HAProxy VM that forwards all traffic it receives to the website.  Create an internal DNS entry in Active Directory, www.company.com, pointing to the private IP address of the HA Proxy.   This causes anyone accessing that website to go via the HA Proxy, and for all of their traffic to appear to come from one IP address.   You can do something similar on Windows with: netsh interface portproxy add v4tov4 listenport=443 listenaddress=0.0.0.0 connectaddress=x.x.x.x connectport=443 ... View more

Re: Best practice, MXs L3 warm spare, MS not stacked L2. Please provide an...

by Kind of a big deal in Switching
Wednesday
Wednesday
I would not dual-connect an MX to a switch fabric.  Use a single connection.   What happens is you eventually run into a spanning tree issue and suffer an outage that the extra redundancy was meant to avoid.   In other words, the extra complexity causes more outages than it prevents.   ... View more

Re: Supported Design? - Layer 2 service on MX WAN interfaces with auto VPN?

by Kind of a big deal in Security & SD-WAN
Wednesday
1 Kudo
Wednesday
1 Kudo
No.  These are the two supported topologies: https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN   https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS   At a minimum, you would need to modify the design so that the ELAN is connected directly to the Internet. ... View more
My Accepted Solutions
View all
© 2025 Cisco Systems, Inc.