Do you have any WiFi firwall rules configured?   The capture shows that the phones are able to make a DNS request, but get zero response to the SIP register command.  Either the packets are not leaving your network - or the issue is on the other end.   Do you see the same issue if you do a packet capture on your firewall on the Internet circuit?  Aka, do you see the packets leaving your site? ... View more

Thanks for joining the community.  Which cameras are you using? ... View more

Thanks for joining the community. ... View more

Are you sure the phones aren't attaching to WiFi?   Do the phones need any special DHCP options?  If so, are you 100% sure they are added correctly?   If you do a packet capture of a phone, do you see two way traffic with whatever it is talking to? ... View more

What is doing DHCP in the network?  Why not configure that DHCP server to give out 10.0.0.2 as your DNS server?  That seems MUCH simpler. ... View more

What is 10.99.99.254? If it is a DNS relay/server (such as a Z4 or MX), then the true client is hidden.  You could get a clearer result if you changes the clients to use an external DNS like 8.8.8.8 instead and not use the DNS server. ... View more

I'm a fan of Catalyst hardware, IOS-XE ... not so much.  🙂 ... View more

I gave up on my last one, and just allowed all traffic to the "Optimised" address range for Teams.   https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide#microsoft-teams   ... View more

I'm not sure what to think now.   I had a look at the last MX250 I sold, and the quote I got from the Cisco distributor lists the redundant power supply as an additional item, and it has a price next to it.  Usually, the items included in the bundle are listed as $0 line items. Has the Cisco distributor been doing my quotes wrong?  Could be - but then wouldn't I have been getting an additional power supply turning up? Could this be a Cisco theatre ordering and shipping difference? Could it be that the additional power supply is a compulsory item you have to order?  I don't know.   The switch lineup doesn't ship automatically with redundant power supplies.  Would the MX family use a different set of rules here?     This has now really muddied the waters for me.  I guess I need a customer who wants to buy an MX, but doesn't want to pay for a redundant power supply, to see what is actually shipped.  However this is not something I would counsel for. ... View more

Correct. ... View more

Love your work. ... View more

Very nice work. ... View more

>Cisco Secure Connect Reserved IP   More of a comment about "Reserved IP". This is not a generally available service.  You apply to the Umbrella team.  If you get consent, then you can place an order for it. It is my understanding that consent is only given to large Umbrella tenancies. ... View more

It sounds like the firmware crashed.  I would update them to the current stable release. ... View more

Just to clarify - they can take an additional power supply - but you still need to order it. ... View more

Have you checked your inbound spam filtering system (such as Office 365) to see if it reports receiving the email? ... View more

Lots of things access the Internet on a machine besides users. ... View more

Anything in the Meraki event log? What about the log on the other end? Can you ping the remote peer from the MX?   I assume there is nothing doing NAT between the two peers. ... View more

Have you got "Deny Local LAN" enabled? https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_Meraki_MR_firewall   ... View more

I agree with @alemabrahao , check for recent firmware updates on the Meraki.     ... View more

Alas you are correct. https://documentation.meraki.com/MX/Networks_and_Routing/Source_Based_Default_Routing   ... View more

That is what I get as well.  There is simply no way (once Authentication Methods is migrated) to create an account that does not require MFA. ... View more

The dedicated SSO subdomain doesn't work that smoothly.  You have to go to a special URL associated with the sub-domain, and then log in from there.  You can't use it to login from the main login page. ... View more

This should work.  It should be rock solid.   My bet - a multicast bug in the MS390/C9300 firmware.  Investigate if there is a different switch firmware version you can upgrade to.   Are the HSRP routers plugged into the same switch stack (safer) - or different switch stacks? ... View more