Oh no, there are 2500+ devices per site, 99% of them are mobile users - I don't see that is doable. ... View more

Thanks for your reply @Uberseehandel But how to implement it in Meraki MX scenario? ... View more

This document explains this well: https://documentation.meraki.com/MX-Z/NAT_and_Port_Forwarding/Blocking_Inbound_Traffic_on_MX_Security_Appliances ... View more

I hope your DSL Modem can do the PPPoE job and provide DHCP IP on its LAN. Use a small switch, as known as 'WAN Switch' or 'Perimeter Switch' and terminate your DSL Modem there. Many DSL Modem have built-in switchports on its LAN. Connect both MX 'INTERNET' ports on the switch. If DHCP is Enabled, both will get IP and connect to cloud. If DHCP service is not available, you should configure manual IP as a destination to internet towards your GSM Modem. Configure first MX as you need, then add second MX as 'Warm Spare' from 'Appliance status' page. ... View more

But I have one client who has done similar setup where directional antenna is connected with low -loss extension cables on roof top and WiFi coverage below with omni antenna. Reason was unavailability of data points. ... View more

Yes, you can. Setting from 'Radio Setting' doesn't affect the performance I believe, though Meraki can confirm on that. One AP can get receive signal from base through sector antenna and emit through omni antenna. ... View more

Did you check from 'Security Appliance > Addressing & VLANs' if you have below configs: - route created from MX64 (Meraki Spoke) towards ASA/FG (non-Meraki Spoke). It should be dest: 172.16.0.1/16, gw: MX100 IP from 192.168.0.1 subnet - if the route is advertised by selecting 'Yes' for 'In VPN'.   Screenshot added FYR.   HTH. ... View more

MPLS provider should provide a static routable IP on each site - you must need to configure it manually on each MX.   We have recently rolled out 200+ MX for one client and below procedure is based on my experience: - Get list of IP addresses for each site from service provider. For us it was PPPoE credentials. - Prepare a worksheet columns with: MX name (i.e. site name), IP subnet (we did use /27 for each site within class B), fixed IP on LAN, WAN IP - Engage one technician to configure those MX one by one. Same procedure, 400 times for you. But on the same desk. - You should define MX name (i.e. site name) from dashboard, each site will be one network with same name. - Deployment would be much easy - plug & play. ... View more

Kudos for your post @PhilipDAth ! ... View more

Did you try with OPENVPN client? It's an open-source & community driven client supports L2TP/IPSec. It also have VPN server capability but you can shutdown the service. ... View more

Hi, you should modify it from 'Splash Behavior' under 'Wireless > Splash Page'. Is it a RADIUS server you are redirecting to? Then the RADIUS server should define this URL, please check in their documentations.     ... View more

Hi, the design should be different. One SSID can be tagged with a single vlan (ideally). MR gives you an option to tag AP to attach with different vlans. Example: SSID Sample1, AP#1, VLAN10 SSID Sample1, AP#2, VLAN20 SSID Sample1, AP#3, VLAN30 On ideal case: SSID Sample1, VLAN10 Hope that clears! ... View more

Usually I don't recommend to upgrade the switch from a stable firmware unless to adopt new features or to fix any potential bug. I have experienced this issue and called Meraki support team to downgrade to old stable firmware. Same goes for MR AP. ... View more

So you are looking for client-to-site/remote access VPN connection using MX. No you can't do it, it supports site-to-site VPN only.   You don't need UserID or Username for a site-to-site VPN scenario. Preshared key with encryption methods in phases should suffice. You can ask your VPN provider to provide required site-to-site VPN parameters, if they allow.   I dont see any standard firewall also supports it. Only option left is using DD-WRT, Tomatoe firmware, etc. Cisco ISR can be used as well. ... View more

It should be simple: 1. Add a local VLAN from 'Addressing & VLANS', you already know how to do it 2. Create a non-Meraki VPN Peer from 'Site to Site VPN' 3. Permit the new VLAN to communicate over the non-Meraki VPN, under 'VPN Settings' on previous page. HTH. ... View more

In high density area sometime I suggest to increase the bitrate to more than 12Mbps for faster & effective roaming. Also leave the Radio Power to automatic. Encourage everyone to use 5GHz radio instead of 2.4Ghz if configurable from endpoints. 2.4Ghz imposes noise on wireless networks. ... View more

I have similar issue and couldn't find fix yet. I have first gen. of Chromecast. ... View more