I would be happy if that option disappeared. One click less to go to AnyConnect. ... View more

I think I just got this.  Are you trying to create a non-Meraki IPSec VPN from the WAN2 interface on the MX?   You can't do that.  It always uses whatever the primary WAN interface is. On the Fortinet side you can probably configure both VPNs, but only one will be up at a time. ... View more

Hmm, I don't believe the EOS UADP 2.0 switch will receive full cloud management support since these will at some point no longer receive updates, but of course we can't be sure. I believe changes are higher that device configuration would be possible though. I believe for full cloud management you need C9500 high performance switches (UADP 3.0 chip) or at a later time the newer Silicon one chips. ... View more

The CPE of the main ISP only allows for a single uplink. So I had to go through a switch port to set this as there is a spare MX too.   Setting failover mode to Immediate doesn't help at all, I tested that. ... View more

“Will this change impact the existing configuration currently running in VPN concentrator mode? Since all on-premises connections are flowing through this vMX, do I need to update the route tables on the Azure side as well? If you could share the detailed steps, it would be very helpful for me.” ... View more

My understanding (from that page/table I first referenced) shows that syslog is only available from the Meraki devices directly, i.e., I need local (or at least network-reachable/routed) syslog-collectors for each. And, that syslog from the devices will not include config-changes or "critical" security-events. Thus the reason for wanting to collect everything from the mgmt-console.   (We are, in fact, already collecting those logs from our 800 Meraki APs via syslog. So I am familiar with their contents.)   re firewall/connection logs, I believe we are only seeing the AP auth/deauth events. So it's busy but not crazy busy. (By comparison, our public-facing firewalls generate 400M events/day!)   re the 'getnetworkevents' API call, it sounds like I do need to script some sort of saved/on-disk 'state' for the Last Received Event. Bummer, more to script, I guess? ... View more

Actually, you are right. There should be not dependency between Named VLANs/VLAN profiles and IPv6.   However, I'm a bit confused about this part "In my setup I can't get an IPv6 address via DHCP". Did you mean SLAAC and not DHCP(v6)? There are not many clients that support DHCPv6 and SLAAC is a preferred method of IPv6 assignment. There was a known issue with W-Fi 7 APs but it was resolved in MR 32.1.4:     It would be helpful to take a packet capture on both wired and wireless interfaces to ensure that the AP passes traffic back and forth between an DHCPv6 (if this is indeed in use) and a client. ... View more

Who hasn't made a mistake in their life, right? 😅 ... View more

We just had a vendor that was adding more Z3s to our environment that accidently selected our main network when adding to our template config for our Z3s, which wiped out the entire config on the MX for that network.  We lost all of our firewall rules, nats, vlans, everything!  And since it was a config change, we had to rebuild all of this manually.    It would have been really nice to have a backup to restore from instead of having to rebuild everything in the middle of the work day.  The solution I came up with is to just create a template from each branch that I can update on a schedule so if this type of thing happens again I would be able to just apply the network to the correct template, let it apply the config from that template.  Then once it is back up and everything is good, I will remove the branch from the template and retain the config.   I hope this works as I have not put this into practice yet but am working on currently. ... View more

Latest dashboard issue I have found is trying to change an AP from static IP to DHCP.  The drop down opens behind the main dialogue box so you have to know what key combinations are required to change it, with it being completely hidden...  The same applies for the IPv6 mode...   ... View more

Hi @BDE69420 , I've upgraded my network and its associated template to MS18.1.2 and have also opted-in to Traffic Mirroring in the Early Access Features. However, I still do not see the Traffic Mirroring section under Switch -> Switch Settings on the Network or the Template either. Has anyone managed to get this working with a templated network? ... View more

The guide that the @RWelch  sent you doesn't mean you have to integrate with Zscaler, but rather how you should configure the tunnel to achieve what you need. ... View more

Yes. But that wouldn't specifically address the OP's scenario of wanting to use WAN 2 for Guest while WAN 1 is up, but then deny it when WAN 1 is down.      That feature would work as long as the OP wants Guest to use WAN 1 normally then deny it when WAN 2 is active. ... View more

after more investigation it seemed the issue is more on the switch side rather than AP. we had to upgrade our MS150 switches to MS 18.1.3.1 firmware. this is beta firmware so there could more underlying issue. However since upgrade its been stable. we have not tried wifi7 yet. ... View more

Historical views are only available for clients. As long as that client was not seen on another port it will show the client as being disconnected and on that port. So you could go to networkwide -> clients and make sure the switch and switchport column is showing and try to find that port. ... View more

MLO doesn't need three bands. And most clients only use two bands for MLO. If I remember right, the Qualcomm client chip can do three bands, but most mobile devices don't. For the CW9171: Is that device already shipping? I would expect that it will be supported natively in Meraki when available. ... View more

I wanted to block wireless only clients from talking to each other. But wired to wireless should communicate (Like PC on Wi-Fi to Printer on Ethernet). If I turn on Layer 2 LAN isolation, the printer becomes unreachable to wireless clients. ... View more

Are you running a current stable or better firmware?   Do your hubs have the public IP addresses directly on their WAN interfaces, or are they running through NAT? ... View more

I've done some further testing with a MX105 as a concentrator and CW1196I AP, I still get 250Mbps throughput when the SSID is set to "Layer 3 roaming with a concentrator".  This leads me to think the SSID tunnel must be shaped on the MX, I've raised a case with Meraki support to see if they can confirm. ... View more

Hi Glden & Mloraditch,   Thanks for your reply. After reviewing some documentation, I believe that the current Meraki solution has difficulty fulfilling this requirement. Thank you for your sharing your idea again. ... View more

Got on today and the only network showing this is indeed the one with a 17.18 Catalyst switch in it.  I'm guessing I was just dreaming the other one! ... View more

You can do this WITHOUT a MCG. You can tunnel SSIDS to an MX directly as long as the MX is in the same org ... View more

Combing through the wireshark log - I determined that I need to separate out more of my traffic.  The ports look like they are being flooded by other traffic than my voice vlan traffic.  I created a test vlan and tested it on a handful of phones.  Those phones stayed in the voice vlan and have successfully stayed connected.  Thank you all for your help and support. ... View more

These switches always run IOS-XE in the background and I would recommend going over to IOS-XE version. If you are still running CS17.x then you are running IOS-XE but with a container running on the apphosting part of the switch to translate your config. The reason I say this is that when you run IOS-XE without the container you will have access to the CLI via dashboard cloud cli.  And when plugging in your Cisco DAC cables you will be able to do show inventory and show interface to see your DAC cable will work just fine 😉 ... View more