It doesn't have to be a switch - but it does have to be some kind of layer 3 device.  Because you said you are using a dynamic routing protocol - you must already have this. ... View more

It would be extremely handy to be able to configure it but it is not so 😉 ... View more

Whenever you have to automate across multiple networks or templates in your case the sole answer will always be.  Use the dashboard API.  You can start here and try to find the correct resources to call: https://developer.cisco.com/meraki/api-v1/introduction/ But I do have to question why you have 30 templates.  Since you do have local overrides per network, could a refactoring of your templates be in order? ... View more

This picture shows it quite well:   ... View more

SOLVED my issue: Got An issue when LACP from FG to MS.  the PO (spanned across X1-x2) in the FG side has 5 subinterfaces and the meraki side has an aggregate interface and it was configured with VLAN 1-1000.   This configuration caused all the subints in the FG to be down (red).  When I modified the MS side in the aggregate interface to have only the VLANs required, like 10,20,30,40,50 and deleted the 1-1000, the Ints at the FG went up and have been steady ok for a while.   in other words, the Vlans numbers in the MS  should match the sub ints in the FG. ... View more

Server errors do happen after some changes via API. You'll need support to check what is causing the issue. ... View more

Just add your order ID to your dashboard if you have co-term licensing and then you will have added both the switches and the license. If you have already claimed other switches or licenses from the same order then you have to enter them manually by serial number. ... View more

Thank you so much for verification. This help clear thing up a lot. ... View more

Found the issue: IOS-XE mode switches do not include the Message-Authenticator attribute even though in CS mode they do (MS switches also include it).  ... View more

If you're tagging the VLAN inside the group policy itself you won't be able to make a difference between users. If the tag is on the SSID config itself you can select a different VLAN for AP's containing a specific tag. ... View more

I believe he wants an ISSU style upgrade which to my knowledge is not possible on an MS425 stack. ... View more

I can only confirm that this was the behavior I noticed. However it is important to note that this was matching traffic by regular L3/4 rules, not the L7 application layer detection. So I cannot guarantee it 100%. ... View more

Perhaps spanning tree took a bit longer than usual... 🤔 ... View more

I've been replying to the case every so often looking checking for an update, surely the support teams are given the same training on both phone and email, so surely I'd get the same response on the phone, right?   I'd be shocked if a company the size of Cisco has such poor customer service that they "binned" tickets that were too difficult for their engineers. ... View more

Same issue here but only with 802.3af devices, 802.3at works as expected. Meraki support confirmed to me that it is a known problem and that they are working on it but have no resolution timeframe. when I told them that this problem is impacting the business of the company I work for, they simply stopped responding and never contacted me again. ... View more

You can always link a non managed switch to an MX but make sure you don't use VLANs in that case and don't double downlink your MX or you will cause a loop. ... View more

This was also added to the change log :    Added support for Catalyst and Meraki SD-WAN fabric Interconnect ... View more

If your voice solution is using regular SIP with regular G711 codec you can even capture and analyse this with wireshark.  You can always perform a packet capture on the LAN side or the WAN side of the MX and then see in the telephony analysis if you are having packet loss or jitter.  You can even playback the audio which is cool. ... View more

The VPN is now working, there was firewall policies in Mikrotik which had be prioritized( placed on TOP below srcnat(Internet access rule). The traffic is getting back and forth now, thank you for your suggestions. ... View more

@Ulfen I think the pertinent word is 'should'. ... View more

Also it is best practice to have at least one switch in your stack with dual power supply.  It is not intended to work with all stackmembers only having a single psu. ... View more

Nice to hear.  So essentially it is up to the intelligence of the client driver to have a good experience. ... View more

I'd follow the below troubleshooting steps: Configure a port on the MX in access mode for one of the client VLANs that isn't working. Connect a client to that port, if it fails the MX is the issue, if it works... Configure an access port on the switch, test again.  If that fails, it is the switch, or the link between the MX and the switch. ... View more

Make sure the AP's are on a network that can reach meraki cloud on UDP/7351.  And if you are on a newer firmware version also have them allow TCP/443 outbound.  And if you are using a firewall that does SSL decryption, don't let the firewall do that because it messes up the connection. ... View more

It would be best to open a case.  From your description this all looks okay.  Feel free to post screenshots of your SGACL and the assignment on both ports. ... View more