Mx doesnt use dscp itself, Except for packets with dscp 46 that will be using the Realtime queue You could tag traffic with a dscp, but it depends on your lan/wan design, configurations, components.
... View more
You could make something like subnet/vlan2 = high Subnet/vlan1 = normal Other subnet = low https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#Rule_Actions https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Traffic_Shaping_a_Local_Subnet_or_Host https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Simple_Traffic_Shaping_Strategy
... View more
It starts trying to connect the cloud via the configure ip gateway. If it cant connect the meraki cloud it cant get its config and won't work properly.
... View more
If it has a factory config it broadcasts a ssid you can connect to and set a static ip https://documentation.meraki.com/MR/MR_Installation_Guides/MR46_Installation_Guide#Basic_Troubleshooting
... View more
If you have a internet firewall on hq you could use one armed mode. If you want to use the mx as hq internet firewall you run routed mode. MX ospf doesnt learn routes. If possible use bgp for dynamic routing
... View more
If you just have one mx i would use this. https://documentation.meraki.com/MG/General_Configuration/MG_IP_Passthrough This way you dont have double nat and it would be easier to active a service like client vpn. If you just provide basic internet or have a warm spare setup nat mode on mg would works fine to.
... View more
With adv sec license you can use content filter categories. You can also block urls manually. There are also pre defined add block lists on internet that you can put in manually Meraki doc: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering
... View more
You can create a static 0.0.0.0 to your firewall at the hub. And enable that route to advertise in your autovpn. But all your local hub traffic also follows that route
... View more
So you could not use a general vpn default route . And then use source based default route for the vlans that want to use mx250 as default route
... View more
Regarding the stp. Are you running mstp on the 3850? https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Configuring_Spanning_Tree_on_Meraki_Switches_(MS)#PVST.2FPVST.2B
... View more
After 8 hour https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Behavior_during_Connection_Loss_to_Cisco_Meraki_Cloud#MX_security_appliance
... View more
No, you could work something out using a scheduled api call. But it would be better to fix the issue, maybe firmware related? What firmware version are you running?
... View more
MS switches can dynamically assign a VLAN to a client device by configuring the switch port to use the VLAN ID received via the RADIUS attribute Tunnel-Pvt-Group-ID https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772124(v=ws.10)?redirectedfrom=MSDN https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)#Dynamic_VLAN_Assignment
... View more