I don't have those specific models, but I have had issues with CLC errors causing a port to cycle, but also occasionally had a port down/up randomly caused by a cable fault. Have you ran a cable test from the dashboard, it's not a perfect cable test, but it could indicate an issue. I would run the test at least twice as I've had a couple of times where it reports fine, and then 5 seconds later shows broken pairs. ... View more

Thats interesting. I checked the settings of the new network I created yesterday and they had the following settings: I then clicked on 'Restore to Meraki Default' and ...the 6GHz was set too power range 0-8??:   Then went and checked that the country the network was assigned (automatically) was UK, didn't make a change, and then checked the power range values again, and they have changed in the background??..: I can only guess there is a slight delay with the 'defaults' being applied, and then them being adjusted depending on country network is assigned to. ... View more

Thanks for the quick reply. Maybe someone 'accidently adjusted' the power rating for 6Ghz for the network I checked earlier. I created a new network, associated an AP and  checked the power rating...and turns out someone did (Finger pointing to commence shortly). Thanks for confirming the expected default power range. ... View more

Just the usual four tabs (Summary, Ports, Location & Tools):   ... View more

I enabled the EA feature yesterday. I looked at the dashboard last night and still didn't have a configuration tab for any of the on-boarded switches (switches on-boarded since we could on-board them a year or so ago). I made a configuration change to one switch this morning, and while I can see that change reflected in the live dashboard, still no Configuration tab on any of the switches....Is it possible that this feature is only available in certain regions even though anyone can enable the EA feature?? ... View more

Nice spot. I also found the next slide interesting. While this looks to be only for the Catalyst monitored switches, I think it would be a great feature to include for the whole Meraki switch line, to be able to compare configurations between two different time frames. I appreciate that it's possible through the use of API or a appstore service, but including it within the dashboard seems to be a good thing.   ... View more

I concur, just looking for an official answer from Meraki and potentially info on it's release date, be that EA or GA.  ... View more

Good Morning. All of the suggestions above are very valid, but I'll through in another one/two/few. We had similar issues with Intel chip wireless nics as @fcsokie1 had with Realtek adapters, we updated them and resolved some unnecessary roaming. While it's not a wireless survey, the 'AP Neighbors' EA feature, can show co-channel interference and gives an indication of neighbor signal strength. Lastly, we switched off the client load balancing and band steering functions within the Meraki dashboard and that alleviated some unnecessary roaming. Just my useless two cents. ... View more

No update sorry, I never raised a call tbh and haven't checked to see if it's sorted yet. I'll try to do that later this week and get back to you. ... View more

Just enabled the feature on our networks and it's great. However, just a small issue, the packet loss numbers for an AP are the same across all of it's frequencies/radios, as can be seen below. Could this please be fixed asap, as I want to use this information to get my point across to management... 'STOP USING 2.4GHz!' 🙂    ... View more

I hadn't performed the initial steps and still haven't yet, but what is odd is that the Radsec option for SSIDs is visible again for me on the SSIDs that are setup for radius authentication. I have no explanation for why it disappeared and re-appeared, but lets just put it down to either my browser cache or temporary gremlins. ... View more

Good Afternoon. Firstly I'm not trying to be patronising or insult your intelligence, I just want to make sure I'm not misunderstanding anything or assuming anything... The configuration of the switchport that the AP is connected to, is it set to trunk or Access and which vlans is it allowed to pass? I think you make reference to it using vlan1, so I'm going to assume that the AP and the client are on the same subnet, lets just say it's 192.168.1.0/24, and the default gateway is 192.168.1.1. I'm assuming that the DHCP server itself is on the same subnet, as you state that it is a local DHCP server, so lets just say that it's got an IP of 192.168.1.2. If the AP is on the same subnet, it is getting an IP of 192.168.1.3 (Assuming that the client and the AP are using the same Vlan/subnet, if not then the access port would need to be a trunk with allowed all or specific VLANs, but you said there was not L3 going on, but is that in reference to the wireless config??). You state that the client gets an IP, so lets say the client gets the IP 192.168.1.4. You said that it can't ping the DG (Which I've said is 192.168.1.1 in my example). I assume this is a router or firewall or something else. I'm also going to assume that the DNS values are NOT on the same subnet as everything else, lets set that too 192.168.2.2.  Some pings would assist. Can you ping the client from the DHCP server, or from the AP? Can you ping the DHCP or AP from the client? The 'No Internet' indicates that you can't route out to the internet, yet I'm assuming that you can from the DHCP server. Does the Default Gateway which is assigned to the client have any ACLs which restrict access out to the internet or any destination? I assume if you perform a traceroute out to 8.8.8.8 you get no response from any hops along the path from the client endpoint? ... View more

I don't want to assume anything, so if it's ok, can I confirm a few things first. When you say that it is using a custom radius, is the option selected 'my Radius server' from the option under Security>Enterprise with in the Wireless>Access Control part of the dashboard?    If so, I assume that under the Radius settings you have it configured to point to the radius server, which is what I'm ultimately trying to lead you too. This could be an ISE appliance/Service or any other Radius server, but this is where I think you need to start your actual investigation as it is the configuration within the Radius server which will tell you how clients/devices are authenticating the network. Which protocol is the policy that your clients should be matching to within the radius server (Apologies I'm using ISE terminology (I think)) EAP-TLS, PEAP, MS-CHAP...etc. How are clients/devices to authenticate, with a username/password or with a certificate, potentially both. The protocol will kinda determine which authentication method is to be used. I know that you have said that entering credentials allows the users to login, but it may well be that users/devices are actually supposed to authenticate with certificates, but the radius also allows username/password. I've had issue previously where computer accounts weren't located within the correct OU in AD, so a GPO which assigned the configuration for the wireless connection haven't been pushed out. My advise is to start at the radius server, look to see how succesfull clients/devices authenticate, and look to then see why your failed clients don't automatically...I do hope that this does assist you in your investigation.   ... View more

Thanks for the information, but just to make sure I'm not misunderstanding, the group policy itself will not determine whether the client should breakout locally from the SSID or tunnel back to the MX, it only sets the local vlan override, L3/7 FW and traffic shaping. If that is the case, then I guess @PhilipDAth can change his 99% too 100%. 🙂 Thanks all for the responses. I'd raise a feature request but suspect I'd be the only client requesting it. ... View more

Thank you for your reply. When you state Content filtering do you just mean URL filtering including safe search enforcement and AMP? I assume that since the traffic won't technically cross vlans as such (i.e. the client will leave on the vlan that they logicially exist on but not through the MX, but the traffic will since the tunnel from the AP comes in on a different vlan), then IPS won't even be applied? I would like to use as many of the advanced features to add to the security of the network and the devices attached to it, but don't want to go spend a significant amount of money without knowing what will and won't work in my scenario. ... View more

I would like to use all of these features, but I don't know which of these only work if traffic leaves on the WAN or cross-vlan. Can you advise please. ... View more

Thanks for your reply, but I was hoping that I could use the features as it would add to the protections applied to the network and attached devices, security in depth and all. ... View more

Good Morning @GiacomoS. Thank you for the update and I appreciate that either you may not have all the information available to you currently or that you may not be allowed to release all the information. Hopefully further insights can be provided into why, what and when a change was made to 'restrict' the MX85 throughput from 750Mb down to 500Mb with all features turned on? I am curious though as to the testing feedback that @PhilipDAth stated, which seemed to indicate that if the resource being accessed is IPv6 then the MX85 will provide 750Mb but if it's an IPv4 it drops to 500Mb. It almost seems that there is a feature/function that restricts IPv4 which doesn't apply on IPv6? Are all features/functions supported on both IPv4 and IPv6. I'm thankfully not affected by this change, as I currently only have MX450s to support, but if there has been a change, of which there does see to have been, any restrictions/reductions in performance should be included in release notes or notifications in the dashboard (Sorry not meant to sound like a rant, just want to make sure this isn't another change similar to Apple battery/performance change in the background for the 'benefit' of the user). Please continue to look into this, as I'm sure all those who have taken part or read this thread are curious as to the cause. ... View more