Meraki

KarstenI

Using the same license is possible while you are still in tzhe CoTerm licensing model. The moment you move to Subscription, these APs need different Licenses. For your coverage Area: Yes, different APs have different radiation patterns. That's the reason a new wireless design should ideally be done for the new intended AP model.

KarstenI

@Tony-Sydney-AU: Bring back Miles! 😉 And congratulations everyone.

KarstenI

Oh, good point. Easy to forget when you have never seen 99% of the devices you manage. 🙂

KarstenI

Actually, I was thinking about going from one MR model to another, like you had the MR32 and go to MR36. Same procedere. For MR-Enterprise, do you mean CoTerm Licensing? Then everything stays the same for the licensing.

KarstenI

The most important thing is that CW917x needs a different license when you are already on Meraki Subscription. That's a real Pita. Other than that, just swap them as before with MR-X -> MR-Y.

KarstenI

https://documentation.meraki.com/Platform_Management/Product_Information/Licensing/Subscription_-_MX_Licensing

KarstenI

Which link speed are you referring to? What the client is reporting? Then the different profiles could be a reason as they can be configured differently for the channel bandwidth. But if you see something around 1Gig, you might have too wide channels configured and depending on your density a smaller channel-width could me more useful. But most importantly, it should be consistent amoung all APs.

KarstenI

First: Try the script from @PhilipDAth https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html And even better, get some Cisco Secure Client Licenses and use AnyConnect. That is much better and more powerful.

KarstenI

Changing the Beacon-Interval is the key to a locked can of worms. Keep it closed unless you are 200% sure what you are doing.

KarstenI

The mentioned "Block Client" is the way to go. But be aware that MAC blocking alone is often not enough, as users can change their device's MAC address and still gain access. If you really want to control network access, implementing 802.1X is the way to go. EDIT: @GIdenJoe is, of course, right; it was too long ago that I had to deal with that. The consequences are still valid!

KarstenI

Whoa, someone at Meraki decided to make a feature public, knowing it would provide wrong information.

KarstenI

Just in case you use the dashboard to determine if your devices are End of Sale or Support: It's not always accurate.

KarstenI · ‎Dec 26 2025

The most important question is why you want to use the NAM nowadays. Other than MacSec, there is IMO no benefit compared to the native supplicant.

KarstenI · ‎Dec 26 2025

The CW9172 is compatible which is shown on the data sheet: Maximum power requirement : (PD: 25.5W max 802.3at) And with the entry APs, you will never go beyond 1Gig on the Ethernet side in real world deployments.

KarstenI · ‎Dec 26 2025

The MR46 is equally old. And in real world it's likely not performer than the MR44 as the only difference is the 4*4 radio on 2.4 GHz. And you don't need to use Wi-Fi 7 even with a Wi-Fi 7 Access-point. But nowadays, having a 6GHz radio is the game changer if regulation allows the 6GHz usage.

KarstenI · ‎Dec 26 2025

I wouldn't go for the MR44 any more. The new Entry-model is the CW9172. It will be supported much longer than the MR44 (which was also a great AP, but now, it's just to old to buy that device for a new deployment).

KarstenI · ‎Dec 25 2025

The AP has to query the RADIUS server after the first auth frame from the client. The 9800 also supports it, so it’s not really difficult.

KarstenI · ‎Dec 24 2025

I don't see a real usecase for OWE with MAB. But I am really waiting for WPA3-SAE with RADIUS-based MAB/iPSK.

KarstenI · ‎Dec 11 2025

This is something I am missing and which is very important. A backup in every other solution is also there to protect in case of a malicious insider. In the Meraki dashboard, if someone deletes a network or even the Org, there has to be a way to restore it from a backup. Cloning Orgs might be a way, but I would not consider this a solution.

KarstenI · ‎Dec 10 2025

The wording is different to an org without this early-access feature, but only the usual info:

KarstenI · ‎Dec 10 2025

No idea, if I go to the Stage 2 Pre-Sale I directly get redirected to "no Access" and seconds later to "Need Access?" which I have never seen. I would assume that they are changing things at the moment. I would try to contact the Blackbelt team (question mark in the top right corner) and ask them.

KarstenI · ‎Dec 9 2025

When did you finish it? In the past, it was available for download on the learning.meraki.net page, where you completed the CMNA. On the right side was a link to download the certificate. But when I go there now, it says this course expired on the 3rd of December 2025.

KarstenI · ‎Dec 7 2025

I would be happy if that option disappeared. One click less to go to AnyConnect.

KarstenI · ‎Dec 7 2025

The Secure Firewall Thread Defense just now went back to 2010 ...

KarstenI · ‎Dec 5 2025

Resolved an issue that caused some wireless clients to lose connectivity when roaming between access points connected to different members of the same switch stack This one hit us quite hard.

About KarstenI

KarstenI

Karsten Iwen

Community Record

Badges