Disable 802.11w and all will be fine. Some legacy devices that do not support 802.11w may not be able to connect to an SSID even if in mixed mode. This may be due to the device improperly handling the advertised information contained within the beacons.  ... View more

Enable the Global Catalog Role on Each Domain Controller In order for a Domain Controller to maintain the logon events used by the MX for user/group identification, it must be running the Global Catalog Role. As such, a required configuration step is to enable the Global Catalog Role for each Domain Controller that the MX will be polling. Please refer to official   Microsoft documentation   for specific configuration steps.   Enable Security Auditing on Active Directory Domain Controllers Explanation When Active Directory Group Policy is enabled, the MX pulls a continuous stream of Security Events from Windows Active Directory Domain Controllers. Using Logon Events (540 and 4624) and Account Logon Events (672 and 4768) specifically, the MX can determine which domain users are logged into which domain computers and what the IP address of those computers are. This information is then coupled with the users Group Membership retrieved from an LDAP/TLS lookup and the IP address or MAC address of the computer learned via Cisco / Meraki client detection. By combining these pieces of information, the appropriate filtering policy can be applied transparently in real-time to each computer based on the currently logged on user. If Domain Controllers specified in Dashboard do not have Security Auditing enabled, the MX will not be able to associate users to computers transparently. To ensure that a Domain Controller is configured to audit successful Logon and Account Logon Events, enable this logging using the Default Domain Controller Policy or Local Computer Policy for Domain Controllers in your domain. ... View more

There are a few steps you should take first:   https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Directory_with_MX_Security_Appliances#Configuration_Overview ... View more

You can use WAN ports with DHCP private IP address, but I'm not sure if you can set virtual interface with private IP address using DHCP.     ... View more

I think it's not a MAC address and it's IPv6 address.   MS switches can alert an administrator if a device is detected that appears to be using Network Address Translation (NAT). NAT on the LAN may indicate the use of a rogue AP or router, but also may be used for legitimate purposes with technologies such as containers, or tracking prevention.      https://documentation.meraki.com/MS/Monitoring_and_Reporting/NAT_Detection_on_MS_Switches     ... View more

It doesn't look like a MAC address, can you share the email you received? ... View more

If you click on Tools tab on the specific switch there's a button there. " MAC forwarding table" Hit Run. ... View more

Is your switch Meraki or 3rd party  switch? ... View more

https://enableit.com/how-long-can-an-ethernet-cable-be/ ... View more

Yep, the switch only needs an IP address and it must be able to communicate with the Meraki cloud. ... View more

But is the client able to access the internet?  ... View more

You can track which port this machine is connected to by looking up your switch's MAC address table. ... View more

You don't need a separeted WAN Link, plug any one of the Ethernet or fiber ports into an upstream device on your LAN. The uplink port should have access to a DHCP server and it will also need to be able to communicate with the internet.  ... View more

On access control page:     ... View more

Can you show your Advanced splash settings? ... View more

The next hop is correct, It's how the things work on Meraki. Probably there are some configuration incorrect on Sophos. ... View more

Looks good, do you have Sophos access? Did you check if there are any rules in Sophos that could be blocking access? ... View more

Can you show your configuration, the rounting table, non-meraki peers and exported subnets? ... View more

Have you configured the local networks to participate on the VPN?     ... View more

Maybe you can do it yourself. It's pretty easy, unless you need it certified. ... View more

This cable can connect the PoE uplink port on the back to the passthrough port (on the back). You can use this setup if the uplink connectivity needs to be provided via the new passthrough port on the bottom of the AP.    https://documentation.meraki.com/MR/MR_Installation_Guides/MR36H_Installation_Guide#UTP_Jumper_Cable ... View more

It's look like a L7 rule configured. Have you tried removing it?     ... View more

You can create a custom traffic shaping rule.     ... View more

How many time did you set on splash frequency?   https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Splash_Page_Frequency ... View more