Is there a document showing how many users an AP can support at maximum? They only put the ideal or optimal number of users that it should support. I have the MR33, MR36, MR44, MR52, MR56, MR86 models on our network. ... View more

I went a bit further and I taught I found a solution, but I ended up to the same scenario. I was thinking to host the splash page locally with hope that the RADIUS request will eventually be sent through the splash page to the internal RADIUS servers avoiding clear-text messages over the internet. Unfortunately the documentation makes it clear that the RADIUS messages will be sent to the Meraki first, then to the public RADIUS server. Source: https://meraki.cisco.com/lib/pdf/meraki_whitepaper_captive_portal.pdf Unfortunately I was not able to find a workaround to this. Currently this is a blocker in our network and we are force to use the WPA2 with pre-shared key authentication model. I was really hoping to use an enterprise model for WiFi authentication. Not sure if its worth opening a case, but I wanted to post these messages in case anyone else has this problems. ... View more

Thank you for your answer @SoCalRacer  Somehow I did not found that page. I've read many pages but that one I didn't saw for some reason. Following the instructions and notes from that page I was able to find what I was looking for. Now I have to decide if I want to do port forwarding or if I actually want to assign public IPs to my RADIUS servers. Thanks again for helping me! ... View more

I have Hostname Visibility enabled, but unfortunately it doesn't provide much info. I only see gigs of traffic coming from iTunes without any additional informations. Thank you for tour answer ! ... View more

Thank you for your answer! Indeed the authentication with certification on both server and client using the EAP-TLS framework is the best security model. Unfortunately is the hardest to manage and it is not scaling well with my network. As a temporary solution I will create users for all the devices, which will allow me to monitor them for suspicious activity easily. ... View more

Back again with some results. I set the 2 Wireshark instances to collect data from LAN and WLAN. After 6 hours of collecting data I filtered the output and found no CDP messages over WLAN but found a lot of them over LAN. I am not sure what generate the CDP messages over the WLAN, but it seems they are not send anymore. I still don't understand why these messages are send via LAN? are they required in a mesh mode, or can they be disabled?   Thou they can only be captured inside the LAN (everywhere in the LAN, since they are broadcasted/multicasted), and they don't seem to contain critical information I would like to reduce the number of messages that can be used to gather network information. I know these messages represent a low/minimal risk, but if they can be stopped I would like mitigate the risk. I know I started this thread to let you know I saw the CDP messages on WLAN. It looks like the scan I did over a work shift didn't reveal any CDP frames over the WLAN. I would do further scans and I intend to let the Wireshark capture packets from WLAN for a week and I will analyse the results.   Below, I attached a picture with the result I collected from LAN with private data hidden. The source of these messages are the Meraki APs: Wireshark CDP packets captured ... View more

Thanks for your response   I made a wish for that column in the dashboard and I'll wait for their response. Also I have enabled SNMP for monitoring hoping I'll find there an OID for system uptime, but I just found these:   SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.3 = Timeticks: (2) 0:00:00.02 SNMPv2-MIB::sysORUpTime.4 = Timeticks: (2) 0:00:00.02   These metrics are not helpful at all. Also I think I found a bug on SNMPv3, where it says "Decryption error" even thou I place every password correct in the snmpwalk.   And yes, the system uptime is an essential metric for every equipment, especially network equipment. Thanks ... View more