https://documentation.meraki.com/MX/Other_Topics/MX_Cold_Swap_Replacing_an_Existing_MX_with_a_Different_MX  ... View more

I would configure recovery with something like: errdisable recovery cause all   It's probably easier just to disable the errdissable on LACP.  I don't think you will progress this. ... View more

> Support is not available if you are using the free version of Systems manager.    If you are using the free version AND have no other Meraki licences.  If you have a licence for anything else Meraki, you get support for Systems Manager (including the free edition). ... View more

For larger networks I allocate a supernet and let a template sub-allocate the address space itself.  You can search the route table of a hub to check for any specifically allocated subnet.   For other things, I just use Excel ...     ... View more

> In fact I have an ONT (fibre to ethernet)   That is not a good sign.  Your ISP specified LLC encapsulation - which can't be used on an ONT with an Ethernet presentation.   Hopefully, your ISP has just given you the wrong information, otherwise, they may have mis-provisioned the circuit.   Actually, it doesn't make you confident about them provisioning the IPv6 side correctly. ... View more

I'm not familiar enough with Macs to know if they have a GPS chip.  If they do, and Systems Manager is allowed access to it, then it will use that.   This document describes the process. https://documentation.meraki.com/SM/Monitoring_and_Reporting/How_Systems_Manager_Approximates_the_Location_of_a_Managed_Device   ... View more

I'm not sure.   I believe WPA2 only allows AES.  I believe WPA will allow TKIP. ... View more

This is not normal, so I think we should look at less probable causes.   How do you know the AP is rebooting?  What has led you to this conclusion?   What is powering the APs?   What appears in the AP event log in the dashboard? ... View more

You do need a subscription, but because of lots of promos, and a lot of orgs have some quantity of free licences.  If you are able to see the device in Systems Manager, then it should work fine.   Make sure the Systems Manager policy setting you are looking at says it is for the kind of device you are applying it to. ... View more

No, but a Windows client should be able to send its own DDNS update request directly to the DNS server. ... View more

Those kinds of settings relate to a DSL connection.  The MX has an Ethernet WAN port.   So you'll need an ISP router style device to bridge the DSL to Ethernet. ... View more

It works really well.   You have to connect to the DDNS assigned to the MX.  If you want the user to see a "nice name" for connecting, then you can create a profile that you can upload to give that better user experience.  I've created an online tool for this: https://www.ifm.net.nz/cookbooks/online-anyconnect-profile-editor.html    For MFA you typically use something that supports push notifications, such as Cisco Duo or Microsoft Azure/Office 365.   There is no direct integration with Office 365.  For MFA, you configure an on-premise NPS server with the Azure MFA component. ... View more

If each DC is a seperate L3 domain, then traffic will be spread based on the subnets advertised by the DC MX into AutoVPN.  Basically, it will depend on what subnet the client tries to access.   If you really want traffic to go to both DC over both DC MXs, then you'll need a link between the two DCs, ideally use BGP, and use two templates.  The first prefers MX1, the second prefers MX2.   This article covers most of the concepts: https://www.willette.works/active-active-meraki-sd-wan-headends/    This article covers off using BGP: https://documentation.meraki.com/MX/Networks_and_Routing/BGP  ... View more

You can not perform route filtering of AutoVPN routes. ... View more

The priority applies to the entire switch stack, not individual members of the stack.  Assuming this is a hardware stack. ... View more

You'll need to open a Meraki support case fo that one. ... View more

Comedy gold.  You should open a support case over that one. ... View more

PAT won't work.  But you should be able to configure 1:many and 1:1 on any interface and have it work.  1:1 should definitely work. ... View more

For the API it would be: api.meraki.com <shard>.meraki.com Where <shard> is the shard your org is located on. If you use MV, then there are going to be a bunch more for image retrieval (snapshot API). If you use MQTT you are going to need to add in the MQTT servers that you use.   For the dashboard, that's a lot tougher.  There are the obvious ones: meraki.com www.meraki.com meraki.cisco.com account.meraki.com <shard>.meraki.com   That's assuming you use Meraki accounts.  If you log in using SecureX or SAML you'll need to add all those authentication URLs as well.   But then you also need all the URLs for all the components used.  If you go to Chrome developer tools (CTRL-SHIFT-I) and go to the "Sources" tab, and then load each page, you'll get the external domains also required.  For example:   Note that you won't be able to match on IP address, as a lot of these use load balancers with dynamic sets of IPs growing and expanding, so you have to match on FQDN.   If you use MV you are going to need to add in the URLs for the cloud proxies (if viewing from outside) or the cameras (if viewing from inside).   ... View more

> *premises   I always thought premises was the plural of premise.  Thanks for updating me on that. ... View more