Yeh you're right, might need to pursue a client agent to pass the user context through to the firewall instead ... View more

>Can this account be a TACACS account?   No.  It must be a local account.   > can the local account used for onboarding into Meraki Cloud Management be deleted   I believe a new local account is created that uses an SSH key.  Not sure. ... View more

Still testing?  what's happening with this version? ... View more

In this Article from Ekahau ( i guess you might have looked at this) Ekahau Zero-Touch Meraki Dashboard Provisioning How-To Guide – Ekahau Customer Support there is more and quite good info about how to.. and what you need to do it..  As @ammahend says above..  Then in AI pro project. just go to Action and paste API Key.. choose Correct Region, Customer and site.. And you are good to go 🙂  a tip is to make shure the floorplan name is the same and that the building also has the same names.  ... View more

There really should be a documentation of all these "can be enabled by support" gems. Knowing of this option enables some new opportunities for me. ... View more

Update from Fortinet re this integration Cisco 9300 managed by Meraki Cloud displa... - Fortinet Community This article describes the behavior where a Cisco C9300 switch displays as a '?' in Inventory when managed by the Meraki Cloud, as well as how to resolve this discrepancy.     ... View more

@IronNel , I wouldn't mind working on this one further and trying to crack it.  Are you still having the issue? ... View more

Dear All, We have established a site-to-site VPN between a non-Meraki peer, specifically a Cisco 800 series, and a Cisco 900 series device. The VPN is configured using IKEv1 with dynamic names, as we do not have static IPs. Our headquarters is identified by the dynamic name MX105, and it is also using a cloud dynamic name. Both sites connect perfectly; however, after approximately 10 hours, the tunnel drops. When I checked the status with the command "show crypto isakmp sa," I noticed that the source and destination are in QM-IDLE, with both phases 1 and 2 still up. It appears that the Meraki device is not sending any traffic. After I disabled the crypto map and reinserted it, the tunnel re-established successfully. Meraki advised me to upgrade the firmware to the most current stable version, which is MX 19.1.10, but the tunnel still went down after the same 10-hour period. I have since raised a follow-up ticket for further assistance.As my router does not have NAT TRAVERSAL and NAT T is automatic on Meraki i believe disabling no nat or nat exemption will solve the problem.   please let me know if anyone has resolved the problem. ... View more

On regular MS switches all the possible VLAN numbers are created automatically (1 - 1001, 1006-4094).  So you can just use the VLANs on your ports.  This however can be seen as a waste of TCAM space. On a Catalyst switch the TCAM allowed for VLAN definitions is smaller on C9300 and C9200 switches.  This is why by default the Catalyst switches create vlans 1-1000 (and now 1-995).  If you run IOS-XE native you can actually see the VLANs that are created by using the Cloud CLI. However if you want to use VLAN's above the 1000 number you should use the VLAN database feature @Slayton already explained.  In fact if you can always use the VLAN database and only create the VLANs you actually need.  Then you are sure to not run out of space if you like to put your management SVI in VLAN 2002 like I do 😉 ... View more

@n01048 -0. Good to hear from you.   I tried this option five months ago, but it didn't work out for me. Issue with both MAC and Windows laptops.  We are receiving strong interference from a neighbor on the 5 GHz band. Playing with Low Power on the 5 GHz to see the RF interference.  So far, I can see a 10% improvement.  However, I am still having an issue with the client bouncing between the APs.  The problem is that the client is accepting the weak signal and bouncing back to a strong signal.    ... View more

If you mean the CDP/LLDP from connected devices then I can confirm there are no issues on native IOS-XE version on C9300-M switches. If you mean that you can't see any hostnames of clients that are connected to a C9300-M switchport then yes that appears to be an issue.  I can see the mac address and the IP.  But the typical hostnames like you can see on native meraki switches is not shown.  So I believe you are referring to missing info on the clients themselves. I am currently running 17.15.3.1. I do see in the 17.15.4 release notes that there are two related fixes where one is closest to the issue you are describing: Resolved an issue that prevented some clients from being correctly displayed on the Network-wide > Clients and Switching > Switch Summary pages Maybe check this version out.  Do mind that if you are running CS software the change to native ios-xe is impactful and needs plenty of downtime. ... View more

This is normal behavior.  Usually the tunnel will re-establish sooner than the seconds expiry.  I believe there also is a data limit but the MX will rekey sooner than the configured and this should be relative to the amount of seconds configured. So your logs will show initial IKE_SA where the CHILD_SA is instantiated in the same message which means you will probably get a log for the initial CHILD_SA.  And then after a while you will get the established for the new CHILD_SA and a closing of the old CHILD_SA.  You will also see the sequence numbering <remote-peer|90177> count up in the newer SA.  The log does show separate entries for inbound and outbound CHILD_SA. ... View more

👋 ... View more

You sure?  I haven't caught anything about that. I know about the org-wide GPO since Cisco Live EUR 2024 already. They could just fix the GPO's to apply it statefully on the MX. ... View more

The documentation now lists MS 18 as the minimum required firmware. Has anyone installed this Beta version and tested yet?  ... View more

ooops double post  ... View more

Possible solution    Meraki access manager + cloud pki   Check out this solution    Meraki access manager + cloud pki    https://www.hypershift.com/blog/meraki-intune-cloud-pki ... View more

Take a look at this solution.  Meraki access manager + cloud pki   https://www.hypershift.com/blog/meraki-intune-cloud-pki ... View more

Take a look at this option   Meraki access manager + cloud pki   https://www.hypershift.com/blog/meraki-intune-cloud-pki ... View more

I have been by Cisco folks that this is exactly what happened. ... View more

MS 18.1.1 Beta firmware release notes indicate a fix for this issue. I haven't tested it yet though. ... View more

Has anyone attempted to use this for multiple SSID's? There doesn't seem to be a way to scope users/groups to different SSID's with this method. ... View more

These were completely non cisco, but I meant speed wise as that was the reference I made. These were 10gb sfps in 1gb slots ... View more

Ok adding to this, seems like when someone is connected to the AnyConnect the customer loses connection to the far end of the S2S VPN locally. AnyConnect user doesn't seem to lose connectivity to the S2S VPN at all just local LAN (Wi-Fi) users. Can see lots of logs of DNS failure on the Wi-Fi during that time, DNS server is at the far end of the S2S VPN. Anyone seen anything like this before?    ... View more