@PhilipDAth wrote: I believe the power cord is included for when the shipping destination is in the US, and isn't for everyone else in the world. US doesn't include the power cable anymore either across all products. MA-PWR-CORD-US is the part for the US.  ... View more

@jdsilva Interesting - I was not aware of that functionality nor have any of the engineers I've discussed this with been familiar with it. This is the first time I've noticed that sentence in the doc. Thanks for pointing that out. I wonder if this is a recent (past year or two) addition as I've previously had to put L3 switches in front of MX devices to get this working.  ... View more

Your MX will need to be within the /29 block. You can only create NAT rules for the subnet configured on the WAN interface. Typically in this scenario (where there is a /30 uplink subnet and then an additional subnet for static IP's) you'd put a L3 switch in front of the MX.  ... View more

@m00ndogg wrote: Hi guys,   I don't see the "Run a DHCP server" option in my drop down list. Do I need to enable L3 in a different screen first? I'm using an MS220-8P The MS220 line does not support running a DHCP server.  ... View more

I'm confusing by what you're trying to achieve here since you're already saying it's okay for the clients to get a warning about the server cert not being trusted. Since you're okay with that, then what's the issue with just having the RADIUS server present its cert to the clients instead of the AP's as you have done with Aruba in the past?    I agree with @DCooper that you should avoid having clients manually accepting invalid (to them) certs if at all possible. If you have management of the devices connecting to your WiFi, then you should do everything possible to ensure they trust the cert you will present from the RADIUS server. I do understand this isn't generally feasible in a BYOD setup however.  ... View more

I've found that even on current 10.X firmware versions, if you break the stack ring for any reason while the stack is running, you will need to reboot the stack once the ring is fixed or you'll have issues down the road. At this point I always reboot a stack if anything happens to the stacking ring because of this.  ... View more

@PhilipDAth wrote: Could you maybe plug it in via USB to a computer, and let it access the Internet via the computer? You can do Internet sharing via a Mac, or you can also use Ethernet directly with the iPad - https://www.lifewire.com/connect-ipad-to-wired-ethernet-port-1994242 ... View more

You cannot configure this in Dashboard. Short guard is always used from what I have seen.    If you open a Support case they may have a backend way to change this for a specific SSID.  ... View more

@dmo What does Wireless Health show? Have you made any recent config changes?    I'd recommend starting a new thread instead of adding to this one.  ... View more

I have a few hundred MR34's in production (generally in networks with MR32's) and do not see this issue on earlier 25.X firmware. Perhaps the 34's never made it down to NZ @PhilipDAth? We're running 25.3 today as 25.9 (and later) has a blocking bug for us with Windows clients randomly being disconnected from the network.    The only thing I will note is that we generally use a significantly higher minimum bitrate (because we go for high density with an AP in every room) and auto channel width for 5GHz. You should easily be able to hit 300Mb+ on an unloaded MR34 with a client that can handle that type of throughput (2016/2017 MacBook Pro's are great for testing VHT WiFi).  ... View more

The trunk between your MX and MS should have the same config on both sides. Native VLAN 1 and allow all (or allow 1,2,10).  ... View more

Have you considered switching to the Meraki hosted guest auth/splash setup? We use this quite successfully across a number of networks and deploy the guest SSID with a PSK and then present a sign in page.  ... View more

@GregasG & @EClap5 I see a lot of these failures logged as well. It appears to be a combo of drive by WiFi users attempting to connect (this is a K-12 environment) and the AP's logging these failures when devices are roaming.  ... View more

If your environment is 100% 5GHz compatible, you may want to consider changing the SSID to operate in 5GHz-only mode.  ... View more

@Netwow wrote: yes we have a 10 gig from the provider If you're paying for a 10Gb pipe from your provider, wouldn't you want a firewall that can handle 10Gb then?  ... View more

This KB article provides a good overview of the limitations of group policies based on product and how you can apply them: https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Policies   Generally it comes down to what you want to do with the policies. If you're only assigning a VLAN through the policy that matters for WiFi users, you could apply them via MR SSID's and leave wired users going through the MX unaffected.  ... View more

@kevinl If you are able to create a VLAN per-tenant, then what you describe would be your best bet as you can set all of the traffic shaping/firewall rules, etc. you need for each of them in a group policy and then assign that policy directly to the corresponding VLAN.  ... View more

Unfortunately there are no deployment guides for the vMX yet other than the deployment instructions here: https://documentation.meraki.com/MX-Z/Installation_Guides/vMX100_Setup_Guide_for_Microsoft_Azure & https://documentation.meraki.com/MX-Z/Installation_Guides/vMX100_Setup_Guide_for_Amazon_AWS   As @kevinl mentioned, you can deploy multiple vMX appliances to scale the VPN connections.  ... View more

Ah, I didn't realize this was a PPPoE setup. I think you are right that in this case it would not work for the MX devices to be doing the PPPoE unless your ISP allows multiple connections under the same account (which is very unlikely).    In MX NAT HA with a VIP configured, both of the MX devices are active with their WAN IP's but the VIP is only active on the primary MX. So you will likely need a router/modem in front of the MX devices. It may be possible to put the MX devices in a DMZ from the router's perspective however which would get you close to bridge mode but still have PPPoE working.  ... View more

The MX450 is only rated for 6Gbps currently FWIW.  ... View more

Do you have higher than 1Gb or 10Gb bandwidth from the single provider?  ... View more

How many static IP's does your ISP provide you? In a NAT HA setup with a virtual IP, you actually need 3x public IP's - one for each MX plus the VIP.    Are you able to put your upstream modem in bridge mode so the MX devices can handle NAT? That would be the preferred setup when using NAT HA mode on the MX devices.  ... View more

@AStoddard wrote: @Bilifive From the management port you can change VLANs, enable/disable ports, and change link speed. I don't recall if you can change between trunk/access You cannot edit trunk/access from the local UI.  ... View more

This is the ISE-Meraki integration guide: https://communities.cisco.com/docs/DOC-68192 ... View more