I think you should call your local SE(/TSE), raise the issue, and have them work with their internal team on this. ... View more

There are a couple of things here that are making me think that you might want to get in touch with someone with more knowledge in networking, to help you out on a 1:1 basis. ... View more

Go to Switching -> Configure -> Routing & DHCP Click on the blue "Add" button, to add a new interface on your switch.   Select your switch, and give the Interface a name. Any name will do. If you're not doing anything with VLANs I'll assume you're still using VLAN 1. Enter that in the VLAN field. Enter an available IP address in your network, which isn't currently in use. Make sure it's not handed out by your DHCP server (reserved). In the multicast Routing, select "Enabe IGMP Snooping Querier". Hit Save.   Wait a few moments for the config to download to the Switch, and try again.     ... View more

On your Meraki Switch, that's closest to your MX (one which might be considered a "Core Switch") try and enable IGMP Querier,  on the VLAN where your Sonos resides. Note that the interface IP here, is different from the Meraki Management IP! So use an address that is available.     You might also want to ensure that IGMP Snooping is Enabled on your switch, by browsing to Switching -> Configure -> Switch Settings. ... View more

Any Meraki AP can do this. However, if you're more into staying within your current vendor, you'd might want to look into Ubiquity's Service Provider line such as LTU or AirMax, or simply just their Building Bridge. For more questions on Ubiquity, you'd might want to consult their own Discussion Forum, though. ... View more

Meraki Firewall in front of SDWAN - When the firewall licenses reach the end of their grace period, all client traffic past the firewall will be blocked. Users will not have internet access, and Will Be Blocked from communicating with other TPI locations, AWS and Oracle via SDWAN. No. Assuming it is a Meraki MX handling SDWAN VPN connections, all traffic will be dropped. No access to Internet, no access to remote sites.   Meraki Firewall behind SDWAN - When the firewall licenses reach the end of their grace period, all client traffic past the firewall will be blocked. Users will not have internet access, and Will Not Be Blocked from communicating with other TPI locations, AWS and Oracle via SDWAN. No. Assuming it is Meraki MX as One-Armed Concentrator handling SDWAN, and you have Meraki Switches, all traffic will be dropped. No access to internet, no access to remote sites. If you do not have Meraki switches, and the MX is in One-Armed with SDWAN, all traffic destined for Remote sites via the MX will be dropped. If you do full tunnel via MX, Internet access is also blocked. If you have Local Internet Breakout, internet access is not blocked.   There is no black and white in networking; there are many different nuances... ... View more

When your CoTerm license expire, your Meraki Organizations (and indirectly all your Meraki networks) will enter a 30-day Grace period. When that 30 day Grace Period expires, and you have not yet renewed your licenses, all Meraki networking will stop working. AP's will shut down, Switches wil no longer switch frames, and your Meraki MX will no longer route packets. Basically, your entire Meraki network will stop working. If your topology allows that the Meraki portion will be bypassed, whatever that it, it will still work. But as soon as traffic hit a Meraki device, packets are dropped.   @krishnatpi wrote: .. For the RI, IA, AZ, Santa Teresa, India, Denmark and Germany locations, how many are designed with the firewall in front of the SDWAN devices? Could you please elaborate on what you mean by this question? ... View more

It makes sense what you are saying, that insufficient power might result in some inconsistent operation.   But in this case there are two sets of documentation which seem to be claiming different things for the same piece of hardware. One set claims it can boot on .3af. Another says it needs .3at. ... View more

You need to be more detailed in your question. Was is it that you are asking for? If not the Model number, then what chassis code? ... View more

When ever I gte new admin rights, I have to go through each and every Org I have access to, and accept the new Admin rights for the new Org.   However, if I click on the link in the email that is sent, that usually seems to be enough.   But I'm still supprised that the other method seems to be so buggy, yes.   It's been like this since forever, if I remember correctly. ... View more

MX18.107.2 actually, but yeah.. Guess I'll have to ask support..   Oddly enogh I don't have any IPv6 prefixes configured. Also the IPv6 settings in the uplink is set to Auto(Stateless), with the MX not getting anything assigned. To my knowledge, there's noting upstream that does IPv6. ... View more

While it's true that you cannot restrict which sites should join AutoVPN cloud with tags, you still have the possibilty to configure which subnets should be Enabled for VPN.  So eventhough you cannot configure a Site to not do AutoVPN peering, you can simply disable all the sites subnets in AutoVPN. That way, no subnets will be advertised from that site. ... View more

Sadly, it's my experience that this sometimes is the case, and it's intentional. When all answers seem to be wrong, you'll have to select the least wrong answer. 😕 ... View more

Have you added Meraki Anyconnect to the Conditional Access Policy? ... View more

Enrolled in Intro to Cisco+ Secure Connect  ... View more

And so I stand corrected. 🙂 ... View more

It's just.. PVT was last week, and the week or so before, for the US. And albeit, I missed the last half of PVT (afternoon on day 2 and all of day 3), to my knowledge this was not mentioned at all. I'd expect this change being radical enough to at least get mentioned during PVT. Or perhaps it was, while I was out?   But I guess they've finally given up on getting MS390 to work on a pure MS firmware, and so resorting back to at C9300 firmware with Meraki persona. 😉 ... View more

I find it odd that this hasn't gotten more attention. ... View more

With the hints given from @RomanMD I've managed to get it to work with LetsEncrypt. I used the command sudo certbot certonly --manual --preferred-challenges dns --csr MX-Anyconnect.csr -d <A record to Meraki MX> where MX-Anyconnect.csr is the Signing Request generated from Meraki Dashboard. This yields a Challenge that needs to be configured on a TXT record via your own DNS Admin Portal. After successfully verifying this DNS challenge, three files are created: 0000_cert.pem - Device Certificate 0000_chain.pem - Chain Certificate 0001_chain.pem - Full Chain with Device Certificate However, Certbot creates the certificates with the invalid Root Cert, as pointed out by @RomanMD. So after replacing the invalid Root Cert with isrgrootx1.pem, the Meraki Dashboard accepted the device and chain certificate.   Tested with Cisco Secure Connect Client, and not getting any certificate errors. 🙂   Kudos and thanks to @RomanMD with hinting towards the invalid Root Cert 🙂 ... View more

If you plug a Laptop into the MR30H does it then obtain an IP address?   I don't know about the Bittel Repeater, but I did have a customer job once, who also used the Jacob Jensen phone. If memory serves me right, we had it cabled directly to a switch port, and had to set some DHCP options for it to work. Unfortunately I don't remember the DHCP options. ... View more

This is aweseome info!   I has just looking at the root certificates that LetsEncrypt has on their webpage - the same page you refer to later in the post with the Non-Working Root Cert.   The Root Cert you have posted, is the one they refer to as the Self-Signed ISRG Root X1.   I'm going to test this later. 😄 ... View more

Nope. Supports recommendation is to move the MX to Passthrough Mode, instead of routed. ... View more

When the SSID is in tunnel mode - either Layer 3 roaming or VPN, RADIUS is sourced from the MX vlan IP and forwarded out the WAN interface, regardless if you have more specific entries in the routing table.  ... View more

Nothing has been announced yet, so so far good to go. https://documentation.meraki.com/General_Administration/Other_Topics/Meraki_End-of-Life_(EOL)_Products_and_Dates ... View more