I don't think so. Each organization and network should only have one ID and one EID.  For the automation purposes ID is used. If you want to build the links to the networks/devices then you can substract the EID from the URL of the organization or URL of the network as I have explained above.    But of course, if you say that this does not work for you, I don't know another way... ... View more

the Organization endpoint returns the URL to the organization the Networks endpoint returns the URL to the network, where the YYYYYYY is the EID {'enrollmentString': None, 'id': 'N_6xxxxxxxxxxxxxxxxxx0', 'name': 'MY NETWORK NAME', 'notes': '', 'organizationId': '6xxxxxxxxxxxxxxxxxx0', 'productTypes': ['appliance'], 'tags': ['mytag'], 'timeZone': 'Europe/Bucharest', 'url': 'https://nXXX.meraki.com/MY NETWORK NAME/n/YYYYYYY/manage/usage/list'},     ... View more

The way I am doing it: Fetch all orgs with endpoint:  https://api.meraki.com/api/v1/organizations Parse all orgs and fetch all networks with:  https://api.meraki.com/api/v1/organizations/{organizationId}/networks   On the other hand -  X-Cisco-Meraki-API-Key is the API key of a particular dashboard user, therefore please make sure that your user has access to all your organizations that you need to see. ... View more

I wouldn't bet saying unlimited, but I would say that I don't think any of us can hit the limit 🙂 ... View more

Good question. I don't see it possible ... 😞 ... View more

@GIdenJoe I can assure you this is browser dependent. As you can see this is an experimental feature in Chrome. Maybe Firefox have implemented it too.. who knows...     In my very extensive testing on MacOS, I can see this happening in Chrome, but I can't see it happening in Safari regardless of the quality you choose. Nor did the QUIC fallback mechanism work while the UDP ports are blocked.   So I would avoid using QUIC at this moment, if possible. ... View more

As I understand it, you have a FW cluster behind an MX cluster. In that scenario, it seems that you need to connect both firewalls to both MX'es (MX cluster does not operate in Active-Active scenario for simple routing purposes), otherwise, if your primary FW will crash while the primary MX will still be up nothing - good will happen.  ... View more

This QUIC topic is pain in the ***. The other day I came across this while peoples were reporting they can't watch youtube videos... and of course they were right, because we're not allowing UDP/80 or UDP/443... but what's more strange is that it mostly happens in Chrome because it is supported by Chrome (and can be disabled), but it does not happen in other browsers (at least per my checks).   Now coming back to NBAR. While I agree that the topic might be for the Cisco NBAR team - I would say - I am not buying a NBAR product, I buy a Meraki product that is advertised to support 1400+ NBAR applications and if it does not work as intended/advertised, it is solely Meraki's problem. How will they deal with Cisco NBAR team is again their problem.   ... View more

There are so many options, that sometimes it just makes things more difficult than simpler 😄 whAt if i've pickeD three of thEm? ... View more

All API calls for management interface are referring to MX, even the one you said, from v0. Therefore, I don't think there is a way to determine the Uplink for a MS switch, unless you prepare it yourself.    For instance, you can tag the uplink ports so later you can identify them via tag. Or, another way would be to check the CDP/LLDP neighbour and try to compute it yourself, if your network IP address scheme permits. ... View more

No, this will not work. Two Meraki MXes in different organizations can establish site to site VPN only as Non-Meraki peers. ... View more

Actually, since this is for Auto VPN only, there is no need to define destination addresses. You only do source NAT, the other end do its own source nat and those subnets should be advertised in the routing table. 192.168.1.1/24 -> translate to 10.0.1.0/24 -> talk to -> 10.0.2.0/24 <- translate to 192.168.1.1/24   If you want to have 1:Many source nat, the Port forwarding and NAT might be an option, but I doubt they will source traffic from s2s vpn interface. They are designed by default to source traffic from WAN interfaces. Therefore, this is is more like to work when you have multiple sites with same IP range connected to a VPN HUB which will only initiate communication with the networks behind HUB but not between them, or networks behind hub will not be able to initiate communication with them. ... View more

Hi, not exactly as you described but somehow similar, is possible, however this will only work with Meraki Auto-VPN. According to documentation, this feature will not work with Non-meraki peers.  https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation     ... View more

@Moraks since you said your SSID is configured as L3 Roaming, please check your AP firmware version and update to 27.7.1 which fixes exactly a issue with L3 roaming.   However, if you are with the same L2 switch infra, I would suggest to go with Bridge mode. You have no gain by building useless tunnels between APs. ... View more

DHCP has nothing to do with accessing a share folder. You should understand your topology and what you want to achieve.  If you'll explain in more details what is your topology and what is not working, we can suggest you where to look... ... View more

@PhilipDAth I would disagree and only comment so that we have this for future readers. When organization is initially configured with SAML, after a SAML user login, you will not be able to create a user with that UPN, because Dashboard will say that the user already exists. Dashboard will be even able to send you alerting emails since you're admin for the organization, but only after user have logged in at least once. It will also to save your profile settings.   The only way Dashboard could perform all those tasks, is if it would store something about the user in backend, create a user or a profile for the user per se.   After you disable the SAML, in about 10 minutes you are able to configure the UPN as local user. ... View more

the port between MX and switch, as best practice - should be trunk and allowing vlan 20 and maybe management vlan for switch.   So, most probably you have a problem between switch and mx.   ... View more

You should understand the meaning of static routing.  The answer is: for the destination subnet, what is the next-hop ip thru which I can reach the subnet.  On the MX, this vlan is already directly connected, so there is no next-hop ip.   This route can be added to other Mx-es if you wish to reach this vlan via a specific router, but not vice-versa.   On the other hand, maybe you think about source-based routing... but we don't understand what you want to achieve in order to help...     ... View more

You have not posted the screen with the static route you are trying to configure, but it is not possible to add a static route with a destination subnet of a vlan defined on the MX itself.  ... View more

I think it is important to have more details in order to understand your topology. What is the SSID configuration: NAT, Bridge, L3 roaming, etc..? Are there any settings like 802.11r or 802.11w enabled? Are they(APs) connected to the same switch infrastructure? Are they(APs) in the same management Subnet? If the SSID is bridge, is the vlan allowed on all APs? ... View more

Is that the authentication for client?  Does your AP have a static IP, or is it DHCP? Is the AP connected to a controller or is EBW? Is the policy checking for NAS ID? I am just thinking that after reconnect the AP is getting a new IP and the Radius packet a sourced from different IP if the policy is not checking for the NAS ID... but I am not radius expert at all...    and last but not least - go away from EAP-FAST on ISE<2.6 and iPhones 🙂 I had too much trouble with TLS version miss-match. ... View more

Alternatively, if your clients are connected via Meraki MR access points you could use isolation there.   I think what you are trying to achieve, is Adaptive policy, which should be supported by MX'es at a later stage. ... View more