The documentation suggests that you should configure a tunnel and use Tags with separated tunnels. https://documentation.meraki.com/MX/Site-to-site_VPN/MX_and_Umbrella_SIG_IPSec_Tunnel
... View more
Even though the Nexus switches run in vPC mode, you are not creating vPCs for MX connections. You need to connect each MX to both Nexus switches using individual access/trunk ports (no channel-groups). These ports should not be part of any vPC, they must be standalone.
... View more
Try this. GET https://api.meraki.com/api/v1/organizations/{organizationId}/devices/system/memory/usage/history/byInterval Headers: X-Cisco-Meraki-API-Key: <your API key> Content-Type: application/json
... View more
Meraki does not currently support multiple AttributeValue elements under the same SAML role attribute. The Dashboard only processes the first value and ignores all subsequent ones.
... View more
Meraki tries to build a visual topology using Layer 2 discovery (CDP/LLDP) and some MAC/ARP intelligence. If there are any inconsistencies in LLDP/CDP advertising or temporary learning mismatches during bootup/reconnection, it might infer wrong parent-child switch relationships.
... View more
You say you have organizational-level access, but is it read-only or full access? If it's read-only, you'll be able to perform a get, but something that requires modification won't be possible.
... View more
Generating a new CSR will not immediately invalidate the currently uploaded certificate. The currently active certificate remains in use until you upload a new one and click Save.
... View more
Okay, that's your point of view, and I respect it, but I still believe that MX can't handle it well (I speak from experience, so it's not an unsubstantiated statement). I hope you don't misunderstand me. 😊 Best regards.
... View more
I partially agree; the problem is that you think a UTM has to do everything, but that's a misconception, to say the least. Having specific equipment for this function is the most appropriate. The truth is that the MX leaves nothing to be desired in this regard.
... View more
Well, you're working almost at the recommended user limit. Maybe you should consider upgrading to a larger MX. Have you checked to make sure your MX isn't experiencing excessive usage?
... View more
Meraki’s Layer 7 firewall and GEO-IP filtering are designed primarily for outbound traffic from LAN to WAN. When traffic comes from the internet into your network via NAT, it bypasses those content-aware inspection engines. In short, you need another device in front of the MX to perform this function given this limitation of the MX. https://www.f5.com/products/big-ip-services/advanced-waf
... View more
Unfortunately, Meraki does not expose full alert details (the exact reason) through the API in the same structured way it's shown in the dashboard.
... View more
Hi, You’re not missing anything obvious, they’re probing DHCP in a way that isn't visible via normal client DHCP tests. With targeted packet captures and tuned health-check config, you should be able to stabilize the tunnel monitoring.
... View more
Take a look at the documentation, but to be honest, wouldn't it be easier for you as an administrator to remove the accounts that you no longer want to access the organization instead of having to reconfigure everything? https://documentation.meraki.com/General_Administration/Inventory_and_Devices/Moving_Devices_between_Organizations
... View more
