disabling AMP might be a workaround, but it should not be the "accepted solution" ... View more

as long as the catalyst does not transport ALL VLans you should create one. But i'm not the catalyst expert... ... View more

The MS switches can do ipv4 ACLs also - just keep in mind it's not stateful. CIDR would work for isolating your OUs - just setup dhcp scopes per OU to match whatever your vlans for each OU are and you should be good to go. I've done that where I am now a for a few networks and it's working well. You have to know what traffic needs to get to where so you can configure the static routing but as long as the network isn't sprawling it's not too bad. ... View more

I agree with @MilesMeraki.  I would also upgrade to 13.28.  There are so many improvements and fixes. ... View more

Thank you for all your help!! 🙂 ... View more

Wow, I wasn't expecting this much of in depth answers. Thank you very much for all who helped me in this.   Does anyone know how much maintenance does Meraki devices require per year? As you can see we have a lot of remote offices (and they move locations a lot due to nature of our business) and they are all over the world and our company can't offered to have IT at each remote site yet. (This is in fact the main driver for us to look in to Meraki as my understanding is that Meraki devices can be managed from HQ thru cloud.). We also looked at Cisco ASA and while it looks very nice, it seems to me that it is for a large company with more structured IT department.   Lastly, we would be also setting up a Microsoft Active Directory on our network and all our machines will be joined to the domain.  Would this setup support RADIUS authentication (even in the remote sites) for WIFI connection? (Can MX64W do the RADIUS authentication with AD in HQ?; assuming the VPN connection is configured correctly)   Thank you very much! This community is one of the best place I've ever been! ... View more