Just my 2c on this. It would be great if Meraki also extended this technology to switch trunking. Auto trunk and LAG inter switch links. That would make the majority of switch connections idiot proof. ... View more

Interestingly enough, the option is available on the template config.   I don't have a big concern about the allowed vlans since the AP is being authenticated but I don't like the native vlan being set. We use RADIUS VLANs on one SSID and one that can be assigned is the same VLAN as the switch management network. It seems like that will break because of a tagged/untagged mismatch. Maybe don't have a native VLAN once everything is authenticated. ... View more

Anyone using this on a network where they are already running 802.1x? I don't see any mention in the docs about how the two interact. Also concerned that it automatically sets a native vlan on the switch port. That will mess up one of my SSIDs. ... View more

Interesting. Wonder if they have opened it up to more customers. I asked our account manager about it over the summer and he said they were not accepting any more customers. ... View more

Thanks for the info. That should be enough range to cover our server closet and the electrical room. I saw something online that said the BLE 5 range was up to 240m. That seemed unrealistic. ... View more

False. I would honestly not be looking at Meraki cams if I had compatible APs. ... View more

Since we don't have any wifi 6 APs, we are looking to use a MV as a gateway. What is the expected coverage radius of a MV? ... View more

Anybody heard any updates on this? Given that MR v27 and MS v12 have gone GA, I would expect secureconnect to be around the corner. ... View more

Networks aren't really my issue. Surprisingly I only have 1 network that has a mix of pre and post wave2 APs. I have a mix of pre and post wave2 branch networks which I just recently consolidated into a single combined template though. There seems to be no way to set different firmwares for templated networks. Not sure if Meraki will add a per network firmware override option for templated networks. It is a bit annoying as some of these devices still have 4+ years of support left. ... View more

So I assume this means there will be no way to have a single template with pre and post wave2 APs if we want to keep them on the latest 26.x and 27.x firmwares? ... View more

Just curious if you guys resolved your issues. I have a stack of MS425s connected to a stack of MS355s via twinax DAC cables. I noticed one of the aggregate ports on the MS355s was showing high crc errors. I swapped cables with a spare but still it remained so I put the original back. I then flipped the cables on the ms355 end and the high crc errors moved to the new port on the ms355. I then swapped the cables on the ms425 end and the crc errors once again moved back to the original port on the ms355. That eliminates the cables as a possible issue as the errors were always on the far end of the same MS425 port regardless of cable used. Currently waiting to hear back from support. The switches are running 11.30. Gonna try a reboot of the 1 ms425 tonight. ... View more

My concern is that the release notes do not specifically mention that the dhcp issue was fixed. It has just disappeard from the known issues section. ... View more

Curious about this myself. This issue is preventing us from using 26.x. It was much more than intermittent for us! It is frustrating when you see the same known issue in so many consecutive firmware releases. ... View more

I agree on the multiple bubbles being messy but there should be at least multiple numbers listed for # of OK devices and # of erroring devices.I am ok with the color of the bubble remaining the color of the worst error. ... View more

@MerakiDave I am not a fan of this design. It makes it look like there are 15 devices offline when zoomed out. I feel like there should be either separate bubbles next to each other or multiple lines of text on the bubble that indicate the different statuses. ... View more

I have a lot of details in my other thread but basically the switch is ignoring eap starts from the client if the port fails to guest. We were getting 5-10% of our clients stuck on guest a day. The help desk either had to cycle the user's port or the users would need to manually unplug their IP phone and plug it back in to reset the port. No issues on 9.37 or 11.1. ... View more

Have you tried 11.1? I upgraded all my sites to 11.1 to fix an 802.1x issue that was a huge problem for us. No issues so far. It has been my experience over the years that the beta firmwares are usually more stable than the "stable" firmware. ... View more

I ended up getting our UCaaS provider to enable second port status reporting on the polycom phones but that exposed an even worse 802.1x bug in the 10.x firmware. Now we have a problem with windows PCs that either slow boot or come out of hibernate. Windows 10 and 7 both send icmpv6 router solicitation packets very early in the boot before 802.1x comes up. This causes the switch to send an eap challenge that fails since the supplicant has not yet started on windows. This causes the PC to be put on the guest vlan. Once the supplicant starts and sends eap starts, the switch is erroneously ignoring them thus my clients are getting stuck on the guest vlan. The only access policy method that works is multi-auth but that does not support guest and I have a requirement for guest vlan. There seems to be no programmatic way to disable ipv6 on the LAN adapter and MS does not recommend disabling it system wide. I tried firewalling some of the icmpv6 traffic with windows firewall but that didn't seem to work either. I have a scheduled task that cycles the LAN port from windows after a power event but it is not 100% reliable. I just had support roll back half my networks to 9.37 to see if that will restore my sanity. Not sure how 802.1x worked "decent" for several years but has gone so sideways in 10.x. ... View more

Just a FYI. I got a response from support saying that the MS switches do not support any radius timeouts. ... View more

Yeah already have one open. Was just hoping someone had already resolved these issues. ... View more

Seems it doesn't work. I set the NPS policy to have a 5 minute idle timeout. The client is authenticating to the policy and wireshark confirms that the timeout is specified in attribute 28. Well after 5 minutes of disconnecting the device from the phone, there is no deauth event in the meraki logs and I am not able to change devices. ... View more

Hmm. The cisco page has a bit more info https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/IP_Tele/IP_Telephony_DIG.html#pgfId-389486   They indicate that I need to use the idle timeout and not the session timeout but the Meraki page says idle timeout only works if radius accounting is used but we don't currently use accounting. I will try to mess with setting up radius accounting while I wait to see if our provider can update their polycom provisioning server.   Thanks ... View more

We use NPS. I have the radius session timeout set for the policy. I have left the device disconnected from the phone for hours more than the timeout but when I connect a different PC, the switch ignores the request. This is the timeout I have used in the past to force periodic reauth. I have found a setting on the polycom phones that seems to resolve the issue but we use a UCaaS service and I cannot modify anything on their provisioning servers so I have no way to set it globally. I was hoping there is some other alternative. Cisco/Meraki's 802.1x options are a lot more limiting than with our old procurves. On them, we could have multiple authenticated clients per port and still support a guest vlan. ... View more