If I understand your question correctly - this excerpt from the documentation explains what to do -   Controlling Remote Access to the Local Status Page On MX/Z1 series devices, by default access to the local status page is only available to devices via the LAN IP address(es). However, it is possible to allow access via the WAN/Internet IP as well. Navigate to Security Appliance > Configure > Firewall > Layer 3 > Appliance services. In the field for Web (local status & configuration), enter "Any" to allow access from any remote IPs. Or enter address ranges in CIDR notation, separated by commas, e.g. 192.168.13.73/32, 192.168.47.0/24 Click Save Changes. Make sure you note the username/password you have set for accessing device local pages. ... View more

@ThomasB wrote: Hi,   i've try to configure the port in trunk mode and it doesn't work ... An interessant thing, when i configure DHCP server on Fortinet Firewall instead of DHCP relay, it works.   I don't understand 😞 When you say "i've try to configure the port in trunk mode and it doesn't work" what exactly do you mean? At this stage the port should be configured as a trunk port and VLANs allowed set to all. This will ensure that whatever IP address is offered, it will get through to the switch. At the simplest level, the AP needs a VLAN for management purposes and a VLAN for each SSID. If VLANs are not explicitly declared, then the default VLAN will be used for everything.  As far as the the way the DHCP relay functions on the firewall, I have no experience.   ... View more

@BHC_RESORTS wrote: IGMP proxy (for multicast) I'm curious on your use case for this. Hardly ever see multicast used in most environments. @BHC_RESORTS Well different technologies in different parts of the world.   In North America corporations make extensive use of video conferencing over internal networks. Multicast makes a lot of sense in this situation, it helps prevent duplicate streams overwhelming the network (not unlike Akamai). In Europe and East Asia a slightly different configuration is used to distribute premium subscription TV content. As the telcos, who also happen to be content distributors, like to make efficient use of their own networks, they chose to use multicast. These telcos, mostly the original PTT incumbents, also provide managed services. They need the equipment they use to provide and mange services to be able to handle fixed, mobile, VoIP, broadband and television subscriptions. If it can't do VoIP and television, it is not nearly as popular as it could be.   I will be watching the Winter Olympics live from Korea in 4K TV, not having multicast for something like that is very expensive for the carrier/ISP. The most popular sport on television in most of the world is football (soccer in the USA). The most watched leagues globally are the Champions League (top European teams) and the premier leagues of the UK, Germany, Spain, Italy and France, even in East Asia. Getting 4K TV is a big part of this.   Delivering managed services to bars with premium sport on TV is big and profitable business.   These premium services go beyond sports, so many professional practices will have multicast capability as part of their corporate infrastructure, but also they are able to handle the version that the subscription services make use of. Certainly I saw the the TV in the doctors waiting room showing multicast channels.   ... View more

@redsector wrote: But, for the first "hello" the accespoint needs a IP-address with connection to the cloud, if there are some VLANS with DHCP how do the accesspoint know which vlan it has to take when you don´t give a native VLAN? @redsector   When you configure the SSID you assign an appropriate VLAN; This VLAN should have a DHCP server. ... View more

@redsector wrote: Trunk Port and a native VLAN which provides a dhcp server on the port where the accesspoint is connected to. It works perfectly well if we do not use native VLANs per se, and is more secure. I have found that everything functions perfectly well if all VLANs are explicitly declared and trunk ports only handle nominated VLANs. Believe it or not, I did actually find traces of a suspicion-raising device turning up on an uplink, without leaving footprints on the AP or the switch. However, I've not seen it since I stopped using ALL for trunk ports/up-links. ... View more

@Mathias_Morning wrote: Thanks for your answer. I wanted to be sure that there is no easiest way before starting to script. Long time not doing it but it's always nice to get back to programming so let's go 🙂 Have a nice day @Mathias_Morning If you are an old school programmer, you will find Python very "picky" and lacking physical delimiters, but it is worth persevering. Be sure to install python 3 not v2. There are tools built into VS Code that help you not only create and debug programs, but to conform to the accepted pyhon style standards. Python also has its own stylistic preferences. I have noticed that the developers at Cisco who write code that access the Dashboard API, and do the location analytics do take the trouble to write code that is what is known as "pythonesque". Such is life. The same developers also use node.js and NodeRed. NodeRed is a tool I use a lot when working with non-programming engineers as it is graphical in nature and one joins up the data flows. I first used it for autonomous hydrofoil control, so it is powerful. ... View more

Make sure that the switch port the AP is attached to is configured as a trunk port and that it passes all VLANS. This will remove the possibility of a VLAN mismatch between the AP and the switch. Similarly, ensure that the up-link from the MS switch passes all VLANs. However, it is entirely possible that there is a VLAN mismatch between the Avaya switch and the MS. ... View more

@RoutesAreThere wrote: I suspect the answer is no, but does there happen to be a way through the Dashboard API to not only list client info, but also have an MX send a WOL packet?  @RoutesAreThere   It is easy enough to do this from PowerShell. It can be scheduled if required. The latest release of PS is multi-platform. If you needed to, you could use the API to get the devices ... View more

Theoretical values for WiFi signal permeability are not much use when the wallboard turns out to be foil backed. Personally, I find it preferable not to spend time pouring over plans and making assumptions that may or may not be reasonable. Better to wait until site access can be obtained, or 2nd/3rd fix is in progress and then spend time planning based on real world data. Likewise, empty buildings have quite different WiFi characteristics to those that will prevail once the building is fitted out, furnished and occupied. ... View more

@Dark239 wrote: My company has acquired a few MX Series devices. Our main office uses a Cisco ASA. I want to use the MX devices as edge devices for VPN Purposes. It seems that you can not make a separate PSK with the same Peer IP. Is there something I am missing.  I have only been able to get the ASA and MX to work together in a HUB Fashion. Can someone point me to an article or a walk through on how to do this with multiple MX devices (that I do not want to VPN to each other).  It seems as though this part of the product needs to be matured a little more if you can not do this. Hi You may find it simpler and faster to use strongSwan  ... View more

Meraki staffers frequently suggest using Ekahau. There are free versions and paid versions - what is not to like? ... View more

Welcome to quantum qualifications.   CMNO and CMNA are functionally equivalent and not equivalent.   They are the Schrödingers. Or, if you must, the Erwins.   At the end of the day it is all about massaging the egos of the folk who do the marketing.   There should definitely be qualifications for people who obtain proficiency in using the API and writing the code appropriately. And by that I mean that it should go beyond a basic understanding of what the api calls do, and embrace the generally accepted coding practices for the language concerned, be it Python, Node.js or NodeRed. Location analytics is probably another specialty worthy of its own qualification. ... View more

At the moment the MX range is like a premier league player's WAG.  To explain, the northern county of Cheshire is is very pleasant and full of desirable properties (like Greenwich, or Scarsdale or Bronxville for East Coasters) so is choc full of flash money. Dry northern humour says of these otherwise admirable women, something along the lines of "that's all fur coat, no knickers" it is even in the Oxford dictionary.   Back to the MX, too much it doesn't do -   in no particular order and with no pretense at being comprehensive   IGMP proxy (for multicast) can't provide access to Chromecast devices from a different VLAN (unlike Bonjour) no IPv6 (and don't even contemplate tunnelling, please) can't put a local IP address on WAN uplink no IKEv2 (forst published 2005 - Internet standard 2014) as the dictionary definition says - Have an impressive or sophisticated appearance which belies the fact that there is nothing to substantiate it. The MX is in need of love and attention. Cisco manages to do it.       ... View more

@Mr_IT_Guy wrote: I've gotten a couple questions. He is a Pom-Chi and his name is Maui.  He has bulked up a bit ... View more

@TravisN   I have had several issues with setting up VLANs and have had to sort out what seemed a little odd initially.   So my comments are based on making it easier to to find a configuration that works.   The first thing I did was to set up all the VLANs and DHCP servers on the MX plus a separate management VLAN. Then I set all the switch ports to be trunks and have the each of the switch ports,  handle all VLANs.  If this is done carefully all devices should have connectivity whichever the port they are attached to.   Then set the network devices to use the management VLAN, and check that there are no issues. If there are problems you may have to reset the switch, which will require full reconfiguration, if everything isn't right then there will be orange or red warnings on the dashboard. The switch may be confused as to which DHCP to use to get its IP address lease from.   Once this is functioning correctly you can change those ports on the switch that are access only to the appropriate VLAN and make sure that the uplink ports will handle only the VLANs you intend them to pass.   If you want some screen shots of what I have, let me know and I'll post them, in the morning (UK time). ... View more

@NickZ wrote: I am looking for more information to help me make a decision on an SD-WAN provider, the company we have our MPLS with is pushing velocloud stating that it is more capable than the Meraki.  Im trying to get some outside opinions as to which would provide a better solution.  this would be for voice and data across the MPLS. "voice and data across the MPLS", is rather a thread-bare and not very helpful set of requirements.   If you want to make this kind of enquiry, you may be better off posing the question at one of the sites that run a forum for network hackers and administrators rather than on a manufacturer's site.   ... View more

and the moral of the story is   Don't order licences until you need them.   This doesn't  prevent users from having a separate VPA with their supplier. So for example one agrees to 800 licences purchased in the next 12 months, and receives a certain level of discount based on that volume and then places orders through the year as required. If there are any overs/unders at the end of the year, then a wash-up can sort out the imbalance. ... View more

@ww @PhilipDAth   I would find it quite convenient to be able to give the PPPoE link an additional local LAN address so that I can monitor the modem. BT keeps screwing up the SNR and I can adjust the modem to partially remediate the situation. It drops download speeds by upwards of a third.   ... View more

@TommyD   Based on what your code appears to do, after the VLANs are returned in vlan_list, all that is required is a filter function select_vlan (vlan_list, criterion) that returns selected_vlans, being those that contain the word STORE.   Some examples here https://stackoverflow.com/questions/5319922/python-check-if-word-is-in-a-string    If you want to keep it simple just use the in operator, but you might get false positives.   ... View more

@PhilipDAth wrote: This is not possible.  Outbound traffic is always NATed to the IP address on the WAN interface. Dumb question because I've not tried it yet on an MX, but can we give a WAN link more than one IP address? This is a handy way of doing all kinds of stuff.   ... View more

@MRCUR wrote: @Uberseehandel I think the first issue is that the AP can't connect to Dashboard...  Whilst we could just point @StOPS at Firewall Rules for Cloud Connectivity I'm taking a belt and braces approach and anticipating one or two questions that have not yet been asked . . .  ;-[]   ... View more

@StOPS   We need to know a little bit more about your network and how you want the Wireless Access Point (WAP) to fit in and operate. So, for starters - How is the network connected to the service provided by the Internet Service Provider? Apart from the Kerio firewall, what other equipment is connected to the local network? Do you have an existing operational WiFI network, if so, what channels and how many SSIDs are used? Have you been able to set up an account at Meraki?   Once we know more about these points, we can start offering some practical advice ;-[]     ... View more

Hi   If you are at a school with a network and no network tech support, have you considered asking around to see if there is a parent who can help? People in this community tend towards the dark techie side, they have forgotten that non-darkside normal folk don't always know what the techies are on about. So we unwittingly make assumptions about what non-tech people are familiar with.   Is that a Kerio firewall?   Progress would be more certain, if you could find somebody to assist who talks tech.   ... View more

These days, I use Bria mobile and Signal, and everybody has free VoIP numbers.   ... View more