I have understood that for automatic address assignment in Site-to-Site VPN I have to use a template. With it each site gets its own IP addresses from a defined pool. For a hub and spoke network I need to configure the MXs as spokes. the hub site as I see it cannot be part of the template because of the selection of the type "Hub".   If I want to select an IP address for a VLAN on the hub out of a range in the template that is used in the spokes: does the dashboard track the used IP subnet so that it is never assigned to a spoke? Or do I have to assign IP addresses in a different IP address range? (reason for asking: FW rules would be easier in general if IP addresses for VLANs with the same purpose could reside in a common address range) ... View more

I am trying to understand how Meraki handles firmware updates. The documentation on some topics is quite clear, other stuff is a bit difficult to understand. That's why I want to ask a few questions:   -Is it true that all devices of the same type (MX, MS, etc.) bound to a network with a template upgrade their firmware at the same time? -Is it true that firmware updates of all types of devices can only be delayed a certain amount of time but not suppressed totally? -When trying to set the date of the firmware update to a date two weeks from now the dashboard tells me that  the " Firmware upgrade date must be set in the future ". Bug or feature? Or did I overlook something? In this case it concerns switch software (" New firmware is available for this network. However, an update is not scheduled. ") The date correlates with the  Upgrade window that is set above. -The dashboard tells me "Upgrades may be staggered...". Is it true that this feature is in BETA? How do I access it? -For the whole firmware upgrade process: is there any integration in the API planned/already implemented?   Any hint or reply is greatly appreciated. ... View more

In bridge mode Meraki allows to use VLAN IDs with tags. This gives the possibility to use templates and add the APs to the corresponding tags (and with that to the corresponding VLANs) afterwards. With SSID Tunneling to VPN Concentrator there is a possibility to use VLAN but only a single VLAN can be assigned.   I have the need to separate the sites/networks on the central VPN concentrator into one VLAN per site. With the existing configuration logic on the dashboard I have no possibility to do this in a template, resulting in a second network per site only for the access points.   I don't want to complain, please don't misunderstand me. But with the extension of the tag concept to the SSID tunnels I see a possibility to allow this configuration in templates as well. And in my opinion this would simplify the configuration overall.   Anyway, I can do what I need to do, so I'm happy. Consider my post a  a suggestion for future developments. ... View more

Another basic question (after having brought up the one armed concentrator with SSID tunnels): Is there any possibility to see how many SSIDs/Access Points have active tunnels to a MX VPN concentrator? I did not find anything in the portal so far, maybe API? ... View more