Hi mr181,   Were you able to see clients disassociations from the Dashboard for the MR18? I'm curious if the 2 MR16 had any issues as well, possibly some type of interference. What was the error that occurred at that time, was it unable to authentication or clients didn't see the SSID broadcasting from the MR18?    This kind of question is difficult to troubleshoot or narrow down after the fact, but going forward I would recommend first checking event logs on the Dashboard, possibly do some captures, and then if all else fails reboot it (while being mindful of business needs).   Cheers, nwu1 ... View more

Hi Pennywise,   If you have an MX appliance, you could create Group Policies and apply them, but they don't allow much granularity. https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Policies#Creating_Group_Policies   But I believe what you're really looking for are Windows GPO: https://www.techrepublic.com/article/how-to-manage-your-organizations-microsoft-store-group-policy/   Cheers, nwu1 ... View more

RVilhelmsen,   I agree, to truly verify security vulnerabilities you could have independent 3rd party analysis done and work with them.   Cheers, nwu1 ... View more

Trunolimit,   It' doesn't look like Dashboard has a custom alert that you can set up to see when a wireless client associates/disassociates from an AP. I would recommend looking at the Network-Wide > Clients section and filtering for the 4 specific devices that are having issues. You should be able to then see the even logs for those devices.    Lastly a wireless packet capture from the AP as well as from another client devices using a wireless monitor capture would be idea to narrow the scope of your issue.   https://documentation.meraki.com/MR/Monitoring_and_Reporting/Capturing_Wireless_Traffic_from_a_Client_Machine   Cheers, nwu1   ... View more

Hammer.   From a mile high overview, there is no option to view wireless devices that support 802.11w from Dashboard.  https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11w_Management_Frame_Protection_MFP   You would have to take captures on the wireless interface in order to view negotiation between the AP and client. Most new 802.11ac supported devices "should" also support 802.11w, but verify with the manufacturer specifications.    https://gigawave.com/2016/05/10/techtip-802-11w-protected-management-frames/   Cheers, nwu1 ... View more

Terry_C,   We implement MR33 and MR74 in our wireless environment, and have a corp-wireless and a seperate SSID for guest. It's straight forward to do from the Dashboard side, the corp-wireless is put back onto the wired network, while guest-wireless is isolated on the 10.x.x.x/8. Only caveat I would say is if your network is using the class A subnet, you could potentially run into a conflict, but that's rare (MR assign a random IP based on an algorithm).   https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Configuring_Simple_Guest_and_Internal_Wireless_Networks   Hope it helps, nwu1 ... View more

Hey Zilla,   It sounds like there was some limitations on the trial units from AT&T, possibly not activated? I've seen instances where APNS would also need to be configured on the Z3, but the new cellular units are supposed to address/eliminate this extra configuration.   You can also pop the trial units in one more time and call Support and they can look at the backend logs.   Cheers, Nick ... View more

Toor,   I would recommend having the user/IT personnel test this at the location, and calling Support to troubleshoot on the call. They could take a look at the logs and where the destination traffic is heading to/from. Taking a closer look at their documentation, they put this disclaimer for all it's worth:   https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Blocking_P2P_And_File_Sharing   Note: File sharing programs, such as BitTorrent, are now able to be configured to encrypt traffic as secure HTTPS, potentially bypassing P2P traffic shaping rules that have been configured. Cisco Meraki MX Security Appliances and Wireless APs are capable of detecting some of the encrypted P2P traffic on the network. When encrypted P2P traffic is detected, it will be matched to any configured P2P traffic shaping rules, and honor the limitations that have been configured.  However if the traffic is encrypted, it may not be possible to accurately classify all of the offending traffic.   Cheers, Nick ... View more

Hey TimBisel,   Are you seeing anything in the VPN status of the MX, at the DSL site and the other end? I haven't heard of the type of connection affect VPN, as you have the correct ports open upstream (Verify your specific network's connection to the Meraki VPN registry by going to Help > Firewall Rules). To answer question 1 as well, double NAT can cause flapping in previous cases.   Finally I would recommend looking at the things listed here and see if you experience the same issues: https://documentation.meraki.com/MX/Site-to-site_VPN/Troubleshooting_VPN_Registration_for_Meraki_Auto_VPN     Cheers, Nick ... View more

Hey Jonas,   I know that on Cisco WLC you can use the WebAuth feature so that the controller can redirect HTTPS traffic: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html#anc6     The limitation on the MR can be addressed by using a web proxy on the network and decrypting it, but that would require additional hardware/software.    Hope it helps, Nick ... View more

Hi arpitshrm84,   Could you possibly upload your topology and desired here so that we can take a look and provide a suggestion? Your correct in that the MS can only have 1 default route.   Ultimately, you may want to speak to your SE about this design issue.   Cheers, Nick   ... View more

Portuguez,   Could you clarify this section: "... once there, they have different vpn connections to our customers. We need a solution where the connections to our customers uses IP addresses from our main office."?   If consultants are working from home(remotely), and they're using client VPN into the main office then they'll be the configured subnet. If they are directly connected to the customers network, and they VPN into the main office, it would be the same subnet.    If consultants are connecting to the customers network via another VPN, you cannot VPN from that endpoint back to the main office as there would be erratic routing issues.   Cheers, Nick ... View more

Hi Jonas,   I would recommend possibly replicating this issue on a few wireless test devices, systemically on iPhones, Macbooks, Windows laptops and Android. During the authentication, take a packet capture from the MR on it's wired and wireless interface, and take a look at the URL (http) redirects.   This is a good flow of the mechanism: https://documentation.meraki.com/MR/Splash_Page/Splash_Page_Traffic_Flow_and_Troubleshooting#Splash_Authentication_in_Dashboard   Cheers, Nick ... View more