On MX, you can access the local device status page and set It manually:    On switch, you can force 1Gb full duplex.   ... View more

@StuartClarke, I just confirmed It with Meraki support and they confirmed that It is possible to enable it on vMX. ... View more

What type of license are you using? per-device co-termination?   In co-termination, you just need to remove the old AP from the network and then add the new AP to the network and the license will automatically be linked to it. In the per-device do an undo assign on the old AP to assign to the new AP.     ... View more

Just remember that you have to contact the support to enable this feature.     ... View more

Probably yes, but I recommend you to read this article first:   https://documentation.meraki.com/Architectures_and_Best_Practices/Auto_VPN_Hub_Deployment_Recommendations ... View more

Try this without being connected to any network (wifi, etc).  Did you get an IP address when connecting to the management port? ... View more

You can try It, but to be honest I have never needed to configure It on my switches.   https://documentation.meraki.com/MS/Other_Topics/QoS_(Quality_of_Service) ... View more

Have you tried to enable the default traffic shaping rules?     ... View more

You need to generate a key:     ... View more

I know that the documentation does not indicate that management communication is always through Uplink.   But if we think about the logic of the other firewalls, we have outgoing (Internet) and incoming (LAN) traffic. In the case of MX, WAN interfaces are used for outgoing traffic. 😉 ... View more

Maybe this?     https://documentation.meraki.com/SM/Profiles_and_Settings/Certificates_Payload_(Pushing_Certificates) ... View more

Same here, but after clicking on device status and then back to the switch list, It worked as expected. ... View more

MX84 Meraki cloud communications would go through the Watchguard ; so Internet 1 and 2 would only be used for AutoVPN ?   Nope, The MX will use the WAN interfaces to communicate with Meraki Cloud. ... View more

Note: the keyword default route, means that a source-based default route, will not force all traffic to a configured next hop. It will only forward traffic for destinations that are unknown in its routing table. Note: This option cannot be configured if utilizing a single VLAN Use Case A simple use case is segmentation. With Source-based default routing, a default route per VLAN can be configured, (for example, Guest VLAN) with a next-hop as another MX security appliance over Meraki AutoVPN or a gateway device on the LAN. ... View more

Well, I don't know if It is the best option, but you can create a Source-based default route.   LAN source based default route - The next hop of a LAN source-based default route is on the LAN side of the MX security appliance. The next-hop IP is known to the security appliance on the LAN side either by a VLAN or a static route.    https://documentation.meraki.com/MX/Networks_and_Routing/Source_Based_Default_Routing ... View more

Try with API v1 instead v0:   https://developer.cisco.com/meraki/api-latest/#!get-network-sm-devices ... View more

Test with telnet: telnet us.tlsgw.meraki.com 443 ... View more

I believe it is normal not to be able to SSH into a Cisco host, so this is not a valid test. Do you have DNA Essentials or DNA Advantage?   Pre-Onboarding Confirm that the switch(es) designated for onboarding are one of the following: Catalyst 9200, 9300, or 9500 series hardware Running IOS-XE 17.3.1 - 17.8.x IOS-XE upgrade instructions and release notes: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-3/release_notes/ol-17-3-9300.html#id_67613 Current recommended IOS-XE release information can be found at: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/214814-recommended-releases-for-catalyst-9200-9.html#anc4  A full list of supported hardware can be found at: https://documentation.meraki.com/Clo...ud_Monitoring Have access to the Meraki dashboard Verify the ability to log in to https://dashboard.meraki.com/ Or create a free account. Instructions are available at: https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Creating_a_Dashboard_Account_and_Organization. Get your organization's dashboard API key. To find or generate an API key: In Organization -> Settings verify that the checkbox for “Dashboard API Access” is selected and saved in the “Dashboard API access” section From My Profile, choose "Generate new API key" or use an existing key. Note that a full admin account must be used. SAML log-in is not supported for API key creation The API key must have full read/write access for the organization to which switches will be onboarded. Additional documentation regarding enabling API access is available at: https://documentation.meraki.com/General_Administration/Other_Topics/Cisco_Meraki_Dashboard_API#Enable_API_Access. If an "invalid API key" error message appears, confirm the key and try again. API keys may take up to 15 minutes to become active in the onboarding application after creation. Ensure reachability The computer from which the onboarding application is run must be able to reach api.meraki.com on TCP port 443 The onboarding application is a stand-alone executable file; security settings on your local device must permit running this application and accessing the API server HTTPS proxy servers that modify the certificate in transit are not currently supported The Catalyst devices to onboard need access to the Cisco cloud Ensure any firewall rules in place allow communication with the gateway corresponding with the dashboard region on TCP port 443: Americas: us.tlsgw.meraki.com EMEA: eu.tlsgw.meraki.com  Asia Pacific and Japan: ap.tlsgw.meraki.com HTTPS proxies to access the API endpoint and the TLS gateway are not currently supported. If necessary, ensure rules are in place to allow direct HTTPS connections to each. Connectivity must be via a front-panel port (not the management interface). Only the default VRF is supported. IP routing (ip routing) must be enabled on the switch or will be enabled as part of onboarding. Ensure routes are in place to reach external addresses including a default route (use of ip default-gateway is not supported). Ensure DNS is enabled on the switch (ip name-server {DNS server IP} configured). Ensure DNS lookup is enabled (ip domain lookup). NTP needs to be enabled on the switch (ntp server {address}), and the switch clock must reflect the correct time. AAA on the switch must be configured using aaa new-model. SSH access to the switch CLI must be enabled and accessible via the computer used for onboarding. The user account for onboarding must have privilege-15 level access on the switch. ... View more

Check on Wireless > Configure > SSID availability if the Per-AP availability is enabled or disabled:     ... View more

I tested It and the issue was not solved on 17.10.1. ... View more

So is the documentation wrong? 😅   https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Non-Meraki_VPN_Peering_with_FQDN ... View more