Meraki

alemabrahao

Either way, you would have to configure port forwarding on your ISP's modem to point it to the MX IP address.

alemabrahao

I'll be honest and say that using Meraki alone won't achieve your goal; ideally, you should integrate it with another tool like Cisco's own Umbrella.

alemabrahao

Are you sure this would be a good idea? And what about DNS and HTTPS? You'll probably need to study all the resources that the applications you'll be using utilize to make this network functional. I think first of all you should check if this is really feasible and worth the effort.

alemabrahao

This document will help you better understand how to use the feature. https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Operate_and_Maintain/How-Tos/Blocking_and_Allowing_Clients

alemabrahao

You can find it in the release notes on the Meraki dashboard itself.

alemabrahao

isco Meraki’s Mobile Device Management product Meraki Systems Manager (SM) has reached End-of-Sale. For more information or timeline details for End-Of-Sales (EOS), End-Of-Support (EOST), and/or End-Of-Life (EOL) please see the End-Of-Life Policy, and/or the End-of-Life (EOL) Products and Dates knowledge base article. https://documentation.meraki.com/Platform_Management/SM_-_Endpoint_Management/Product_Information/Meraki_Systems_Manager_EOL_Migration

alemabrahao

It's not an workaround, it's the design proposed by Meraki.

alemabrahao

Yes, you need to ask a feature request.

alemabrahao

Take a look at this discussion. https://community.meraki.com/t5/Switching/Meraki-MS-with-ISE-and-DACLs/m-p/194496

alemabrahao

This is the document that contains the information described. https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Networks_and_Routing/MX_Layer_2_Functionality

alemabrahao

You need to open a support ticket. Only Meraki support can handle this.

alemabrahao

Blocking only via Zscaler DNS may reduce some QUIC‑related issues, but it will not reliably prevent QUIC. For consistent results, you need to block QUIC at the network/HTTP proxy level, not just DNS.

alemabrahao

I suggest you add the printer IP to the allow list and open a support case.

alemabrahao

Meraki provides an API endpoint to update a device's address or geographic coordinates, but to be honest, I don't think that will solve your problem because, if I'm not mistaken, the location is based on the device's IP address, and the ISP's IP address might be geographically in a different region. The MX does not have native GPS.

alemabrahao

The best solution would be to move the SSID to Bridge mode. Can you test this to see if it resolves the problem? Apple's CNA often fails because the AP performs local NAT/DHCP, and the L3 handshake takes long enough for iOS to distrust the network.

alemabrahao

Are you using an external portal or the Meraki portal as your homepage? If it's external, is the URL or IP address allowed in Walled Garden? Allow captive.apple.com and keep apple.com blocked. If possible move the SSID to Bridge Mode.

alemabrahao

alemabrahao

Don't trust that AI says.

alemabrahao

No, it doesn't support 😉, just DHCP relay.

alemabrahao

No, it's a layer 2 switch. It doesn't provide layer 3 function. The MX Series Security Appliances and MS Series Switches (with layer 3 routing enabled) have a built-in DHCP service. When enabled, it can provide DHCP to all configured subnets/VLANs, or relay DHCP messages to designated DHCP servers.

alemabrahao

Yes, it can be managed in Meraki Systems Manager, as long as it meets the Android Enterprise requirements. Meraki Systems Manager supports Android versions Android 10 through Android 15 for Android Enterprise enrollment. Systems Manager Supported Operating Systems - Cisco Meraki Documentation

alemabrahao

CMNA is an exclusive program offered to partners who work in the area of sales of Cisco Meraki solutions. https://community.meraki.com/t5/Learning-Hub-Partner-Content/CMNA-Certified-Meraki-Networking-Associate/ta-p/275820

alemabrahao

Yes, according to Cisco’s hardware documentation, the maximum total transmit power for the 6 GHz radio, regardless of channel width is 23 dBm. Cisco Catalyst Wireless 9166I Series Wi-Fi 6E Access Point Hardware Installation Guide - Transmit Power and Receive Sensitivity Values [Cisco Catalyst 9166 Series Access Points] - Cisco

alemabrahao

When I say replicate, I really mean manually configuring it. Meraki isn't that complicated and doesn't have many settings.

alemabrahao · Re: MR33 End-of-Support by July 21, 2026

This is only true when support is still active in case of a defect. Think of it this way: would it make sense to insure a car that already has a defect? No insurance company would make that agreement.

About alemabrahao

alemabrahao

Alessandro Abrahao

Community Record

Badges