Similar things had happened to my environment when I turned on content filtering and threat protection on spoke and hub at the same time. I turned them off on the Hub and it went away. ... View more

It's a cellular modem. We are using a layer 2 circuit to connect back to headquaters. ... View more

This was helpful and resolved the issues I was having with whatsapp on our network. ... View more

>Hmm. He didn't say the vpn on his Cisco is client vpn? In fact he didn't even say it was ipsec?   If it was an SSL VPN there would be no issues.  The most probably reason it broke (IMHO) is because it is using the same ports, meaning it is using IPSec also.  I have not idea if the 2911 is using site to site or client VPN, but if it is using IPSec, it really doesn't matter. Only one thing can process the IPSec UDP ports at a time. ... View more

PhilipDAth, The core has L3 interfaces and the access switches are all layer 2.  ... View more

Fully agree. Useless response by support. ... View more

The MX64 is software limited to 250Mb/s.  It wont go past that.  The software wont allow it.   Consider getting an MX67.  It is software limited to 450Mb/s.  Paying the extra to go from 450Mb/s to 600Mb/s would mean going from an MX67 to an MX100 - and it's probably not worth the money.   We use an MX67 in our office and it works great. ... View more

You know...I tested it out a while back but then the requirement for this was no longer needed so I lost track on it. I thought that it did work but like I said I haven't tested it in a long time. ... View more

@Jeff-US wrote: Any chance the APs couldn't connect up to the cloud to be updated so they never received your firewall rules? I'm not completely ruling that out, but the MRs were getting updates otherwise. Updates to SSIDs and VLAN assignments were working correctly, though I did need to reboot 2 of them to get the NAT DHCP working after I reverted the changes.   @MacuserJim wrote: Have you tried adding the deny rules to the layer 3 firewall rules on the MX appliance to see if that makes any difference?fdfd Tried that, they had no effect. I tried to do a quick packet capture to check the source addresses, but it didn't record any ICMP packets. I didn't have time to investigate further and had to revert back to NAT. ... View more

I'm running all MR42's with this version and have seen no issues as of yet. ... View more

So i got one access point to work by moving it over to another network with another switch and it recieved an ip address, and when i moved it back to the original position and the same switch port it worked fine like the other ap's. I did the same with the other AP but that's not working. i think i will try to contact Meraki support and see if they have any idea what is happening. ... View more

>Event log shows "msg: phase1 negotiation failed due to time up."     There will be a mis-match in your phase 1 settings.  The first thing I would check is the PSK.  Have a mis-configured PSK will cause this.   Next check the crypto settings, and the lifetime being used, and make sure they all match. ... View more

I thought as much, but thought was worth checking in case I was missing something.   Thanks! ... View more

Hi @mklein,   That's no different than @MacuserJim's suggestion, just using the API instead of the dashboard. It's simple network cloning.  ... View more

Not sure if this is more of an Apple, or Meraki quirk. But that error reads like you have an existing passcode or restrictions payload that prevents a user from changing the device passcode. The "Teacher Settings" profile is probably tied to the Classroom app, yes? So there's probably something in the default Classroom configuration that makes you change the device passcode that's in conflict with the other profile blocking passcode changes.   A test would be to remove whatever other passcode restriction profile you have, then push the Teacher Settings profile and open the Classroom app to see if there's anything that requires a passcode change. ... View more

Another update.  15.10 did not fix the AMP issue that I am seeing, and broke port 2 on an MX100 that was configured to use that port as internet 2.  Rolled back to firmware 13.33 and port 2 works, again...AMP still has many issues, even with the latest beta, and the latest beta is not a good idea in a production environment.  All done now.  Thanks. ... View more

Note that Apple configurator is only available on Mac's now. Apple has stopped working on the Windows version.     This is one of the reasons I prefer Android devices for companies when they need management now ... too many restrictions from Apple and you end up getting forced to buy things you don't want and get locked in. ... View more

@jdsilva that's a nice swag museum in the background 🙂 ... View more

Well I guess it's time for the API load.  Thank you all.   <al>   ... View more

Hi Razoe, @MacuserJimredirects us to a perfect Url depicting the HA functionality in Meraki. However allow me summarize this for you. Your understanding is correct. For HA to work properly VRRP heartbeat shall reach either side ideally via L2 / L3 Core.   Also (expcerpt from the Url)  *There should be no more than one additional hop between them, and they must be able to communicate on all VLANs.   Your queries. 1. Does the WAN1 in Building A and WAN1 in Building be have to be of the same subnet (minimum a /29)? Can they be two /30 IP Addresses (meaning they’re not of the same WAN Subnet). We can have WAN Interfaces of MXes on the different sub nets. However ideally we shall have a vIP based configuration. I guess this may not be possible in your case as the MXes are placed in two different buildings. */30 When using this option, the current Active MX will use its distinct uplink IP or IPs when sending traffic out to the Internet. This option does not require additional public IPs for Internet-facing MXes, but also results in more disruptive failover because the source IP of outbound flows will change. */29: When using this option, both MXes will use a shared virtual IP (vIP) when sending traffic out to the Internet. This option requires an additional public IP per uplink but allows for seamless failover because the IP address the network is using to communicate with the Internet will be consistent. The vIP for each uplink must be in the same subnet as the IPs of the MXes themselves for that uplink, and the vIP must be different from both MX uplink IPs.   2. I’ve seen images/diagrams where the MX1 needs to be connected to MX2 as well as MX1 Needs to be connected directly to SW2, and MX2 needs to be connected directly to SW1. Is this all necessary? Or it’s just additional redundancy? MX1 shall not be directly connected be MX2. This is an old configuration which is not recommended any more as there were Dual Master Issue cropping up. I have also updated your diagram with few comments. Hope this help you.   ... View more

Thanks for your response   I made a wish for that column in the dashboard and I'll wait for their response. Also I have enabled SNMP for monitoring hoping I'll find there an OID for system uptime, but I just found these:   SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.3 = Timeticks: (2) 0:00:00.02 SNMPv2-MIB::sysORUpTime.4 = Timeticks: (2) 0:00:00.02   These metrics are not helpful at all. Also I think I found a bug on SNMPv3, where it says "Decryption error" even thou I place every password correct in the snmpwalk.   And yes, the system uptime is an essential metric for every equipment, especially network equipment. Thanks ... View more

OK, now I got it, after trying different browsers and several attempts it ran in Postman and imported all calls.   Thanks!   If it worked yesterday I hadn´t asked... :S ... View more

Thanks @MacuserJim,   This was the reason for SIM Card back-up, should the Wi-Fi not be available too. A very good point about the firmware update. I wonder if there is a market in smart plugs for the enterprise space.   Might need to visit the hospital to see how they monitor people on life support systems. They must have solved this problem in that space!   Thank you, Peter James ... View more