Sorry to reopen this thread, but I want to see if I understand how UDLD and STP guard should be set up on my topology. Here's the high level image from the dashboard. Very simple hub-spoke. Single uplinks from IDFs (either a stack of two or just a single switch) run back to MS425. Do I enforce UDLD and loop guard both ends, or just the uplink port for the IDF?   ... View more

If this is using the Microsoft VPN client, you can also create a group policy (in the Meraki Dashboard, and create firewall rules in it) and apply it to the client VPN users.   If you use RADIUS to authenticate the client you can also pass back a Meraki group policy to apply to the use with the Filter-Id RADIUS attribute.  The below article is for MR - but it is the same for client VPN on the MX. https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Using_RADIUS_Attributes_to_Apply_Group_Policies  ... View more

I would wait until he leaves and migrate it onto the exisiting hardware and just isolate using VLANS and ACL's. I run multiple isolated subnets on one of my networks and it works a treat.    I would suggest sitting down and planning the migration to avoid any issues, just makes sure your current hardware will handle the extra traffic. As @GreenMan said its old school thinking and I have come across it plenty of times. ... View more

The case is still open. Was told that engineering is looking at it. ... View more

See here: MX Uplink Settings - Cisco Meraki The live data graph provides a real-time view of the uplink traffic that is passing through the MX to and from the uplink interface. The graph breaks down the total and download traffic into two separate, color-coded lines. The Historical Data graph will give latency and loss statistics that can be used to determine your Internet circuits suitability for VoIP. Further to that, you look into trialling Meraki Insight and using the VoIP Health monitoring features: MI VoIP Health - Cisco Meraki While we're talking about VoIP and you mentioned you're full stack, if you're thinking of VoIP over Wireless, read this: Wireless VoIP QoS Best Practices - Cisco Meraki ... View more

For 1. go to the switchport that you want to monitor and you get a status section showing current usage:     ... View more

Presuming you have a MX as your edge firewall what does the WAN link utilization look like during the streaming events? You can configure traffic shaping rules on the MX and QoS on the switches to prioritize the VLAN or the specific host IP and port(s).   I'm not entirely sure how the NFHS system works, but it appears your camera streams to their site and folks watch it from there? ... View more

The changes were completed by 11:30pm on October 1.   I know Meraki says client statistics take 24 hours to update when changing to unique client identifier (not perfect BTW). But I don't think that has a bearing on topology view.   The other time when topology was screwed up was when I didn't have my STP bridge priority set correctly and we lost power for a couple days. An edge switch came back online as the root. Not fun.   But everything looks to be configured correctly. Maybe a bug? ... View more

Yes. ... View more

You don‘t have to specify a VLAN. Just create a group policy including the QoS settings and assign it to the specified client. ... View more

A little late to the discussion, but I can confirm JumpCloud does indeed work with Meraki. We authenticate some users through their RADIUS service. It's pretty slick and doesn't require an on-prem AD. ... View more

Is this a completely hands-off deployment or do you still have to use the remote to walk through the first few steps? ... View more

hih i am running MX version 13.33 and no "cloud logs" for url logging only available via Syslog ... no idea if firewall and url logs will be proposed as a managed S3 bucket (like cisco umbrella does) ? that would be great !   regards, Guillaume   ... View more

@wirednot wrote: Beyond roaming- I have no concerns with any of the limitations. Bonjour is $hit, shouldn't be used on business networks to begin with, Fastlane is a gimmick, we generally avoid multicast on the WLAN. Still curious about the "high load" thought- given that CPU/memory can't be really seen. "Bonjour is $hit" I hear it is being renamed Liberty_Hi (it worked for French Fries) Ban it and the screams of fanbois will be heard around the world . . . In professional office suites and home offices, Bonjour and Chromecast are becoming common. When somebody is working late, a little music in the background often helps.  The problem I have found is that it does not appear to feasible to put, say, ChromeCast players, on their own VLAN, even explicitly allowing the trusted devices on the secure VLAN access to the player VLAN, using the ports and protocols supplied by Google. I think the issue in this case is multicast. ... View more

I another community I surf sometimes said that method does not work, but I hope it does. While that whitelist profile is nice to stop students from joining hotspots in school, it can also be a pain!   I am wondering the following - you can only join managed wifi installed by a profile, would it be possible to add a wifi payload using Apple Config? Might be another work around. Going to give it a test and report back.   Jared     ... View more