Awesome, thanks for sharing.  I'd love to checkout HQ at some point.  ... View more

Thanks, I've been trying to be more active.  This community truly helps me keep up on everything Meraki.   ... View more

@MRCUR That's right, it's all coming back to me now.  We did that for printers at one point for one of our sites.  Ultimately it was easier to just set port security on the switch ports with stick mac whitelist and whitelist size limit of 1.   ... View more

So can you ping and get replies?  And I'd mostly referenced looking at the VPN logs.  ... View more

Hello @KayouMT, I'm a little confused.  If you are using Mac based authentication then don't you just have a whitelist of macs on your NPS server and when it authenticates using that mac it passes.  There shouldn't be any username/password unless you are doing user based authentication?  ... View more

I agree with @Uberseehandel, loan switches are the only way to know for sure.  We have MS250's as the core in one of our environments and they work without issues.  We had some issues early on with our MS425 stack but sounded like most of that has been resolved with firmware.  When you have stacked switches it always makes firmware updates a little more tricky too.  ... View more

If interoperability is your primary concern why not get Meraki's POE injectors? MA-INJ-4-US   Edit:  Actually looks like the devices you are using are waterproof, I assume an outdoor use case? ... View more

Will the ASA and the new Meraki be at the same IP or will the Meraki be at a new IP?  Also double check any error logs on the Checkpoint side to see if any indication of the subnets stuff. I'll check with my contact to see if he can remember what we did to clear that up.   ... View more

We tunnel our MX100 to a Checkpoint.  I don't have control over the Checkpoint side but I remember them saying they had to make sure the subnets matched.  On your side reference Security Appliance>Site to Site VPN and check what you have specified as the 'Private Subnets' and compare that to the Checkpoint Side.  If you don't make much headway let me know and I'll ask them exactly what they had to set on their side.  It was either the same subnets or supernetted.    https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Troubleshooting_Non-Meraki_Site-to-site_VPN_Peers#Event_Log:_.22failed_to_pre-process_ph2_packet.2Ffailed_to_get_sainfo.22 ... View more

You'll likely need to use layer 7 firewall rules to block the IP ranges or DNS names the service uses.  There isn't a predefined category for that type of service since the "Internet Communication" category includes Gmail and Facebook messengers.  ... View more

If the locations have an MX they can do a VPN tunnel back to your core where the Radius server lives.  Then you can give the APs static LAN IPs to use to add to RADIUS.  Should be more secure to keep all that sensitive traffic in a tunnel vs traversing the internet.  ... View more

Are you wanting to add multiple admins from a single client or are you thinking about having to add admins as you loan it to different clients.  In that case I'd remove the prior admins and add the new ones so you don't get prior clients tinkering with a new clients experience.  But as far as I know there isn't a limit to the number of admins you can add.   ... View more

The event logs in the Meraki dashboard are somewhat useful but there can be gaps during device reboots and I've also noticed summarized events if an event is recurring.  According to this you should be able to get to stuff > 30 days old but even Meraki suggests syslog for more detailed needs. https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Viewing_Old_Event_Logs   ... View more

I like this upgrade, thanks.  ... View more

True @Uberseehandel, I guess I only really refer to uplinks as any port that has the up arrow on it in the dashboard.  Everything else I just refer to as an access or trunk port.   ... View more

PM'd @MRCUR we can start an offtopic thread if desired.   ... View more

I agree @mike318 it has been on my wishlist for a while to have a shared blocklist/whitelist for an entire org.  I still like being able to individually set a blocked or whitelisted item but would be nice to have one master one as well rather than having to go through and manually add it to my 20 different networks.     Edit:  We now mostly use OpenDNS Umbrella to do centralized blocking through our org.   ... View more

Agreed @Uberseehandel but I think @rarodrigo was trying to schedule an uplink.  Interesting on the WOL observation.  I haven't used that much.  ... View more

I don't think you can theoretically schedule an uplink because the device doesn't cache the schedule to turn it back on.  The device would go offline and not come back on if you were able to schedule uplinks.  I've never tried it but that would seem like Meraki logic.   ... View more

If someone else doesn't know off the top of their head I could test this on my home network later.  That is the only Meraki network I have setup in Bridge mode.  Would be pretty easy to confirm.  Just add a layer 7 firewall rule to block a specific website and then try to navigate to that website from the wireless network.   ... View more

@rarodrigo by trunk port do you mean the uplink?  Typically this port will show up in the dashboard with an up arrow.  ... View more

@DunJer622 can you include a screenshot?  WAN Static IPs can be configured from the local status page.    ... View more