Congrats everyone! ... View more

I noticed this has been published in the Automation Exchange "Move Network to Another Organization" and it notes there is a private beta available for cross shard moves. Something folks may want to check out. I'm certainly reaching out to my account folks! Apologies as there is no way to direct link, but a search should pull it up. ... View more

I've not observed anything specifically like that, but a factory reset definitely would by my recommended next step for symptoms like that. Failing that, you'll be looking at RMA. ... View more

I think the simplest answer is Essential basically equals Advanced Security and Advantage equals SD-WAN+, there is no option to have Enterprise licensing with Subscriptions. The documentation linked to shows the exact features. ... View more

The recommended solution would be to get Secure Client (AnyConnect) licensing and use that: https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client_VPN/AnyConnect_on_the_MX_Appliance ... View more

Yes correct. ... View more

What part about adding the second iDP can you not get your  head around? You just click add and put in the second iDPs details.   ... View more

Must have been released a bit early, it's gone now as an option ... View more

This is the closest thing I can think of: https://developer.cisco.com/meraki/api-v1/get-network-topology-link-layer/   Its not exactly what you want but beyond that Im not aware of other options. Topology info is usually done visually so Im not sure there is much demand for an excel compatible format. ... View more

It won't even let me actually activate it yet, but based on the description it sounds extremely useful for buy/sell/merger situations. I want to know more ASAP as I have a situation coming up in the next few weeks where this could be useful. I wonder if this is related to making that newish API call for cross org network moves work cross shard. ... View more

It could be a bug and I'd recommend opening a support case and asking for clarification. ... View more

The current clients is live connected clients, the performance tab is historical information.  if you have a large environment with a lot of roaming I could easily see where the performance tab could show X clients in its window of time vs the Y live connected. ... View more

Not with just the native authentication. You need to either use radius or more ideally get licensed for Secure Client (AnyConnect) that will have a better end user experience One example For Microsoft Authenticator with Radius: https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN_IPsec https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension   ... View more

Hey look my old post about this! We created a dedicated API user and key for the clients we manage to work around this. It was causing all sorts of problems with our tools because most of our nightly/weekly routines run get orgs as the first step. ... View more

Meraki Group Policies are applied on the network level on either a client or vlan basis and your vSwitch being tagged or untagged has no relevance.  If you have a  Meraki group policy on vlan 255 it will apply to all clients on that vlan no matter how they arrive on that vlan. They can be on an access port on 255, they can be on a trunk port where the native vlan is 255, they can be on your ESXi host if you had the native vlan set to (as an example) 299 and vSwitch with vlan 255 tagged. There are few more possible combinations as well. The native vlan going to your ESXi host will work fine for a vswitch, That vswitch would just not have the vlan field defined. It may behoove you to work with your partner (either Cisco or VMWare) or a more senior coworker if available so they can go through this with you in your environment and show you what this all looks like live. Your goal of a management network that is isolated is generally a good one but I'd recommend consulting as I stated above or at least reading and labbing more with both the Meraki and VMWare documentation at a minimum. ... View more

Great Job Everyone! ... View more

Yes you can't tag packets with VLAN 255 if your native vlan on the switch side is 255. You either need to move the VMs to the native vSwitch or change the native vlan on the switch ports to be a vlan you aren't using tagged. ... View more

You can split off networks into their own orgs, but you can not easily merge networks from one org into another. Unless your setup is small and simple, the API is going to be the best way to do this. There are Marketplace products that do this: https://www.boundlessdigital.com/product/migration/ as an example. There is an early access API that Meraki has been developing https://developer.cisco.com/meraki/api-v1/create-network-move/ but as far as I know it's still restricted to orgs on the same shard which makes its use limited. Lastly see here for a general overview of everything with moving: https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Design_and_Configure/Organizations_and_Networks/Best_Practices_for_Merging_Networks_and_Organizations ... View more

It does apply as far as compatibility goes and can be tested on the existing lineup. Supports recommendation was probably based on the specific issue you were having and knowing it was fixed OR the fact that the old CS firmware is basically not getting anything done to it at this point and the IOS-XE native firmware could either fix the issue or at least allow it to be investigated and fixed much more easily. ... View more

I believe it's only considered stable for the 9350 switches for which 17.18 is the minimum release. That may also include the other models that got cloud connectivity in 17.18 as well. It's in the other available versions category on my dashboard which is where special releases sometimes go that don't apply for all HW skus. ... View more

Just open a support case. They will send you a disclaimer that its permanent and they can’t tell you exactly what your new expiration date will be and you could be expired when done and then do it.   Ive done a few and its worked out okay  ... View more

You can as of a few weeks ago transition PDL back to Co-Term and once you are there you have an easy path to switch to subscription since everything will now expire at once again. ... View more