I have a scenario where I want the wireless guest clients to get redirected to the wguest portal through CWA policy which is hosted publicly on Cisco ISE and locally break out the internet traffic through MX internet link ?  Is this possible ?   I have tried to do this using CWA policy..I checked, guest machine is able to authenticated through this CWA policy & when user is trying to open any site, page is being redirected to wguest portal usr..but url is not working.Even guest machine is not able to reach out public hosted guest portal URL (XX.XX.XX.XX). Even guest's machine is unable to ping own gateway IP. tried to telnet guest portal url but traffic is not coming on our external firewall. It looks like traffic is not passing through MS/MX. Also verified the local ACL, everything is allowed on MS/MX. Also tried to check guest portal from internet, it is working fine. No issue with guest portal url.             ... View more

RSTP is not working properly in below topology.   MX1 : Primary (Active) MX2 : Secondary (Spare) CSW1 : Primary (Root) CSW2 : Warm Spare Test Machine : Connected with ASW1   I have created port channel between CSW1 & CSW2 using port 23 & 24. If I disconnected the Cable from CSW1 to MX1, my test machine is still able to ping to other location machine through (site to site VPN). But If I disconnect the cable from port 23 or 24, then unable to ping the other location machine from test machine. I checked, when ports (23 & 24) are in aggregate then both ports are up & working fine. As I disconnected the cable from port 23 CSW1 then port 24 gets in blocking mode on CSW2 & same port is on forwarding mode on CSW1 (Root). Please suggest, why port 24 gets in blocking mode on CSW2 due to this traffic is not passing through from one location to other location.   ... View more

I am planning to deploying 4 MS410-16, two stacked switches in each datacenters (A & B) and must have a VRRP between them.Will warm spare functionality work between DC A stacked switches and DC B stacked switches ?? If not then what is alternate solution to make redundant between 2 DC stacked switches.        ... View more

Is it possible to configure a dynamic vlan allocation via Cisco ISE (Radius Server) for wired clients (MAB/8021X) ?  If I configured a SSID on Cisco MR & having an option "RADIUS override", to get the VLAN-ID from my RADIUS-Server. On Cisco Meraki Switches unable to find such any option. Do you guys know if the "RADIUS override" option (or something similar options) is configurable for wired clients on a Meraki MS-Switch? ... View more

I am doing POC on MX devices to create Site to Site VPN (Hub/Spoke).   Topology : HUB:   Huawei 4G Router ---> MX67 ---->  MS ---> Test machine  (Public IP)             (WAN IP Private IP)                                  192.168.1.XX through DHCP Spoke: Huawei 4G Router ---> MX67 ---->  MS ---> Test machine  (Public IP)             (WAN IP Private IP)                                  192.168.2.XX through DHCP   I am able to see VPN status is up & local routes are being exchanged with each other but showing in down state means unable to ping test machine from HUB to Spoke or vice versa. Even MX to MX is not pinable. I checked logs through packet capture Wan IP (192.168.1.X) is trying to communicate with other site Wan IP (192.168.2.X) & Public IP (76.XX.XX.XX) but unable to see any reverse traffic from other side. Same pattern is also seeing other HUB side. Someone please let me know how can I fixed this issue & is it possible to make Site to Site VPN with upstream 4G Router.  ... View more

Local routes are not being exchanged through Site to Site VPN (Hub/Spoke) topology. We are using Huawei 5G router for Internet connectivity at both side for MX67. Please let me know what needs to be done to communicate the local routes with each other. ... View more