Yes, existing config will be removed. If you unbind the network from the template, you have the choice: Restore the (pre-template) configuration or keep the template config. ... View more

I have to give the answer myself. The section "Networks & sites" is not named very clearly. The Documentation show a screenshot of this section, there it is named ""Poor networks & sites" - that's it. This section shows "No data", when everything is fine. Only if there are critical alerts, it fills with data. ... View more

Interesting feature ... I tried it, but I have "No data" in the section "Networks & sites".       What am I missing? Thank you for any hint,   Peter ... View more

If you have registered an Meraki account, 2FA settings are stored in this account. Nobody else, than yourself, can change the settings. ... View more

It depends. If you have registered an Meraki account, 2FA settings are stored in this account. Nobody else, than yourself, can change the settings. If you were added by e-mail address to the organization and you have not created a Meraki account, another org admin can delete you from the org and then add you again. Your 2FA settings will be resetted. ... View more

Subscription licensing and per-device licensing are two different licensing models, which are not dependent to each other. Conversion to per-device licensing (PDL) is not possible any more, this licensing model is end-of-life. Existing orgs with PDL will have to migrate to subscription licensing. If you have Co-term, which is the default licensing model, you can migrate to subscription licensing. It is possible, when the co-term ist expiring. Just order subsciptions and claim the licenses. The migration will occur automatically. ... View more

Since L3 Roaming (without concentrator) tunnels the user traffic directly from AP to AP, this feature depends on direct communication between the APs. The communication occurs on the management VLAN. ... View more

According to the documentation only HTTP is checked. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Advanced_Malware_Protection_(AMP): "The MX Security Appliance will block HTTP-based file downloads based on the disposition received from the AMP cloud." ... View more

AMP works only on downloads by HTTP. No POP, IMAP, SMTP, FTP, no TLS. You use https://, the MX cannot analyze TLS encrypted flows. You need to decrypt the connection. The MX does not support (and will not support) TLS decryption. You have to use a SASE solution like Umbrella. ... View more

My dashboard shows the nearest "Other SSIDs" with the lowest dB value. I think, it is not the RSSI. As other mentioned, this should be expressed as dBm and should be negative. Just take a look at Network-wide > Monitor > Clients. Choose any wireless client and click on it. You see a metrik "Signal", expressed in dB. This is, according to the documentation, the SNR. I think, the value given by Air Marshal is the SNR, too. ... View more

I try to avoid the term priority when talking about Meraki and QoS. There are not any priority queues. It is a bandwidth management, no prioritization. ... View more

PDL is EoL and not available for new orgs since September 2023. You can choose between Co-term and Subscription licensing. For Subsciption licensing you buy licenses with a defined start day, if I remember correctly. https://documentation.meraki.com/General_Administration/Licensing/Subscription_-_MR_Licensing ... View more

API references should not be affected. The API uses the organization ID, not the name. You cannot change the ID, but the name. ... View more

A DELETE action is not documented. You can use DELETE only on Endpoints you have created with POST. ... View more

I agree. The first one is the setting of the upgrade window for the Meraki-scheduled upgrades. In the dashboard it is set under Network-wide > Configure > General. The time zone is set above on the same configuration page, too. The upgrade window is the network local time. The second one is the setting for the custom upgrade setting, in the dashboard just below the upgrade window setting. It is set per product. Surprisingly, the API call shows the time zone. Seems you can set it via PUT /networks/{networkId} and via PUT /networks/{networkId}/firmwareUpgrades. ... View more

The API documentation https://developer.cisco.com/meraki/api-v1/update-network-firmware-upgrades/ shows several parameters like timezone and products. The section "products defines" which product you want to upgrade, and the time you want to upgrade. You cannot update a specific device. You can only update all cameras, all accesspoints, etc.  Switches can be upgraded in groups. The feature is called staged upgrades. The API docs you find at https://developer.cisco.com/meraki/api-v1/create-network-firmware-upgrades-staged-event/   To cancel an upgrade, you have to reschedule to another time in the future.   Edit: In the dashboard it is possible to set the firmware upgrade to "ignore". This is not documented for the API. I have a network configured with this parameter. The API GET requests has the result:   "nextUpgrade": { "time": "", "toVersion": {}   Maybe you can set this values to cancel the update. ... View more

The question is: Why L2TP? L2TP on it's own is useless, because there is no encryption. Therefore L2TP is combined with IPsec. Namely IPsec with IKEv1. IKEv1 was not designed for remote access. IKEv1 does not offer user authentication, it does not offer IP configuration. That's where L2TP comes into play. L2TP uses PPP, PPP brings user authentication and IPCP (IP configuration). The other way was to use proprietary extensions like XAUTH and Mode_config. IKEv1 is old, IKEv2 is the more modern version, it comes with native user authentication and config mode. So the alternative is using IKEv2 instead of IKEv1, there is no need of L2TP. This is the way the Secure Client works. Indeed, Cisco could support IKEv2 with OS-native clients. But what is the future of the MX? The future brings the Catalyst 8000 series router. I think they will superseed the MX. The Catalyst 8000 will come with Flex VPN and SSL VPN support  ... View more

... wich will have no effect with encrypted traffic. ... View more

You enabled AMP/Anti Malware. AMP works with HTTP only. Almost all traffic is TLS encrypted today. The AMP feature is without effect in this deployment, I think. ... View more

You should not say this publicly - you are violating Cisco's exam conditions using resources like this. It is a good idea to attend the Instructor Led Training, rather than choosing the eLearning. A good instructor knows the exam and can prepare you. ... View more

Ok, you blocked Facebook Streaming and blocked images are probably an unwanted side effect. Maybe you found a bug in the application filter. I would open a support case for this problem. ... View more

Hm, I don't understand ... You try to block facebook. You have configured the L7 on the MX and disabled QUIC in the browser.  Images are blockt but the rest of facebook.com is displayed? ... View more

Maybe QUIC is your problem. Can you test with the app on a mobile device? Alternatively, you can deactivate QUIC in the browser: Chrome: chrome://flags/#enable-quic Firefox: about config: toggle the parameter network.http.http3.enable to "false"   Edge: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Edge] "QuicAllowed"=dword:00000000   ... View more

Remember: If you configure speed and duplex statically, auto sensing will be deactivated. This is the moment, you will need crossover cable. ... View more

This is exactly the way I work: Create a service account, activate 2FA and generate API. ... View more