If you go Organisation/Overview you can see a map of all your devics, which ones are alerting, and which ones are down.       This allows you to quickly see if an outage is related to a geographic region or is widespread.     ... View more

I'm not completely sure of your question.   You can use the Cisco Meraki Add-on for Splunk. https://splunkbase.splunk.com/app/5580 You can also use Splunk Connect for Syslog. https://splunkbase.splunk.com/app/4740     ... View more

Click on an affected client, then open the "Roaming" tab to see what it says.     ... View more

Try disabling client load balancing. https://documentation.meraki.com/MR/Operate_and_Maintain/How_Tos/Client_Balancing   ... View more

Also, check out the code snippets on the right-hand side for examples.     ... View more

Make sure you are running stable or better firmware. ... View more

Have you assigned ports to each VLAN?   Have the clients been configured to use the default gateway for the VLAN they are in? ... View more

The fixed IPs can be referenced in many places.  Off the top of my head: DHCP reservations NAT translations Firewall Rules VPN firewall rules Potentially client VPN configuration ... View more

What kind of device is the port plugged into? ... View more

Typically, if you wanted to restrict which devices have access to an application in an Entra ID world, you would use a Conditional Access policy.   You can configure a "Named Location" and mark it as trusted.   In the "Grant" section you can also require that a device is required to be compliant:   And then you can create an Intune compliance policy to define what you mean by that.     It is quite a lot of hassle if you don't have Entra ID conditional access in use, combined with Intune and compliance policies.   Cisco Duo makes this kind of thing easy with its Trusted Devices feature.  You can say things like "Every device in my AD or my Intune are trusted", and then you can add specific manual overrides for special cases (like contractors). https://duo.com/docs/trusted-endpoints   ... View more

Can we clarify this. With Co-Term, you can only mix SD-WAN+ (note the plus) with another licence type such as Enterprise or Advanced. You can not mix MX Enterprise and Advanced.   Correct?   I agree that with subscription licencing you can mix and match as desired, but subscription licencing only has two tiers, Essentials and Advantage.   Correct? ... View more

>Client list is showing external Public IP addresses.   Have you got the internal circuit connected via any internal switch ports, either in an MX or an MS? This is a common trick for connecting two MX to one Internet port. ... View more

If you switch to subscription licences, you can choose a specific termination date (as long as it is more than 12 months away if this is the first subscription).   https://documentation.meraki.com/General_Administration/Licensing/Subscription_-_Licensing_Overview   ... View more

For more sensitive customers, I put printers onto their own VLAN (along with all IoT devices). Prevent that VLAN from talking to the internal VLANs. You can also probably create a firewall rule to deny the printers from talking to anything. ... View more

I have a bigger question for you - why do you need to give the access switch a static IP address?   I can't remember when I last did this. ... View more

I *think* there is a retry after 2 hours.   But let's try a whole new approach.  Configure the core switch to be a trunk port as you would like it to be. When you power on the Meraki access switch for the first time it will try DHCP on the untagged VLAN (and presumably fail), and then hunt around for other VLANs that have working DHCP.  If you wait just a bit longer, your access switch will come online anyway using the DHCP on VLAN5 (or potentially any VLAN with working DHCP).   ... View more

I second the Splash Access solution. ... View more

I would be tempted to get two SD-WAN Plus licences, and apply them to the branch and the site where the VDI servers are located. Then you can use the "Mmeraki Insight" monitoring capabilities. https://documentation.meraki.com/MI   Failing that, check out the SD-WAN monitoring page (I am assuming that this is running over AutoVPN) and see if that reveals anything. https://documentation.meraki.com/MX/Monitoring_and_Reporting/SD-WAN_Monitoring     ... View more

Make sure you open a support ticket about this. ... View more

What a pain!   I'm a LetsEncrypt fan ... ... View more

Try disabling them.  These two in particular. ... View more

You just gave me an idea.   Go to the very bottom of the Meraki Dashboard, any page, and click on "cookie preferences".   Disable both "Performance" and "Targeting" cookies.       I don't have the RAM issue - but for me this makes the Meraki Dashboard much more snappier.  You don't need a stop wach - it is very noticable. ... View more

That is interesting.  I would not have expected a health check to change the underlying mechanism of how the VPN is built.   Is it possible to create a "null" health check that always just returns "true"? ... View more

If the client has lots of sites, I would use dual VMXs, but then use BGP over IPSEC from each VMX to an Amazon AWS VPN or Transit gateway.   Currently, I rely on using Lambda scripts performing automations to detect scripts and update configs to handle the failover. This is so much cleaner.   If the customer has a small number of sites, I'm now just as likely to use this approach to go from MXs in a DC straight to Amazon AWS. ... View more