OR - don't use full tunnel.  Specify only the list of subnets required that AnyConncet users will need to access inside of your organisation. ... View more

I just smashed this together.  Copy and paste this into Powershell.  It sends a query to Microsoft for the list of IP addresses used by Microsoft Teams.  Exclude these from your full tunnel VPN.   $clientRequestId = [GUID]::NewGuid().Guid $uri = "https://endpoints.office.com/endpoints/worldwide?NoIPv6=true&clientRequestId=$clientRequestId" $endpointSets = Invoke-RestMethod -Uri ($uri) $Optimize = $endpointSets | Where-Object { $_.category -eq "Optimize" } $optimizeIpsv4 = $Optimize.ips | Where-Object { ($_).contains(".") } | Sort-Object -Unique Write-Host $optimizeIpsv4   ... View more

No one has mentioned it ... ... View more

You might be able to write a script to call get-network-clients and then filter on only VPN clients. https://developer.cisco.com/meraki/api-v1/#!get-network-clients   ... View more

Splash Access has a solution for the education sector for dorms where each dorm gets a seperate network and supports self-onboarding.  I would check this out, as it might make things much easier for you. https://www.splashaccess.com/  ... View more

What does the MX uplink statistics show? ... View more

Check the uplink configuration is set to the max (you'll have different numbers to the ones shown below).   Security & SD-WAN / SD-WAN & Traffic Shaping   ... View more

You could also consider using IPSK. https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS  ... View more

I'd consider getting a Cisco partner invovled.  You can find someone near your area here: https://locatr.cloudapps.cisco.com/WWChannels/LOCATR/openBasicSearch.do  ... View more

Any chance there is a second DHCP server on the network? ... View more

I have quite a few customers using it.  Works well. ... View more

I was going to say no - but there you go!  It's not SVG, but you would build a graph using it. ... View more

That suggests the IGMP config isn't right in the network.  Check out this post which explains it in detail. https://community.meraki.com/t5/Switching/Multicast-Basic-s/m-p/25867/highlight/true#M2125  ... View more

Awesome guide!   ps. Join the tidal wave and get rid of ADFS.  🙂 ... View more

Also note Meraki has moved to a different IP range and using https for communication.  If you have an upstream firewall make sure it is allowing the traffic.     ... View more

I like the sound of the outdoor 360 degree camera.  We have been having to put these into custom enclosures.  This is going to be so much easier! ... View more

Maybe 300 users using per-user certificates. ... View more

Meraki MS has always supported EAP-TLS.  I have a customer deployment using it. ... View more

> The CW APs are common hardware that offer a choice of management style depending on your network deployment - cloud or on-premises   The APs aren't convertible - are they?  If you order the Meraki version, you can't convert it to on-premise management, and vice versa - correct?  So there isn't really any choice in the matter ... ... View more

What method is used to provide the virtual IP ?  VRRP? If it is multicast, is the application sending proper IGMP join requests?   Some dumb systems like Windows NLB require static ARP in some configurations (which Meraki can not do). https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-network-to-support-nlb-operation-mode  ... View more

The DMZ sounds like an easy fix.  Another option is to get a dedicated cheap Internet circuit for the lab, making it more like a real site. ... View more

I feel some confusion around the introduction of Cisco Enterprise APs to the Meraki portfolio.   Are the CW9K APs going to replace the Meraki native APs over time?  Should we be quoting these in preference to Meraki native APs now?   When would I choose to quote a Meraki native AP versus a CW9K AP - as there is a lot of feature overlap and the answer is not clear to me. ... View more

The Cisco bug tracking tool is linked BOTH to your support case (so you can get to it easily there) and an optional community post (which allows everyone to discuss the bug).   Pretty good huh?   ... View more