It's been a pleasure.  So long, and thanks for all the fish! ... View more

Did the client roam to an AP in the same mobility domain? That is, did it roam to an AP assigned to the same network? ... View more

Usually this is a client side issue. Invalid MDIE, happens when a client claims to support Fast Transition, but sends a wrong MDIE. The PMKID is generated as part of the Authentication process, based on the exchange between the AP and the Client. If a client is connected to the wireless network and onboarded, a PMKID is already generated, and is also used during roaming. If Invalid PMKID happens, it either means that the client is sending a wrong PMKID, or it is unknown to the AP.  In any case, Fast Transition might've gone wrong, and usually this is a client issue.    I'd look into if there's a software upgrade available for the client.   Historically, wireless clients have been having lots of issues with Fast Transition, but I'd argue that was a thing in the past. Modern wireless clients have much better support for standards-based roaming.  That being said, avoid setting Fast Transition to Supported/Optional/Adaptive. Either enable it fully or disable it. I've seen more issues when FT is set to Adaptive, rather than it being Enabled or Disabled. ... View more

Organisations can not be moved. The only way is to create a new organisation in the region you want and move config manually between the organisations. You could also use the Meraki API to automate most of the tasks. ... View more

Erm.. Not entirely sure, it completely baked..   ... View more

What exactly is it you want to achieve? AI Assistant has nothing to do with creating 802.1x authentication on an SSID.    Could you try and elaborate on your question? ... View more

If you have a controller locally, that the 9176 can discover, it will join that. If it cannot find a controller to join, it will boot up in Meraki persona.  You can also fasttrack it by using Fast Offline Migration (FOM) by using option 43 on a DHCP server.     If you have Co-Term MR licenses, you can still use the CW APs.  ... View more

The only way to avoid personal devices connecting to a network with PEAP, is to not use PEAP for network authentication.   Managed devices should use EAP-TLS, with machine certificates issued from your CA. ... View more

If you are good friends with your Channel Partner, and they can hook you up with CW9178, that'll be nice. 🙂 ... View more

What is the purpose of your Home setup? Labbing?   If you are going to use them in order to lab different setups, I'd go with 2x CW9176-RTG, and perhaps spice it up with an additional CW9172H. Look into getting the MR Advanced license, as it will give you access to AI-RRM features.    The -RTG or Ready-To-Go SKU is the one to use, as @Mloraditch points out. The -CFG SKU is used, if you plan on orderings lots of them, and need specific packaging options, like omitting the bracket. RTG is built to stock, which means it is ready to be shipped, and comes with mounting brackets. With 917x APs there is no longer the concept of fixed regulatory domain APs as we know it from 916x or earlier.    In addition to the APs, if you are going with 9176, to get the full experience, look into also getting a UPOE switch to power them. They can boot with PoE+, but with reduced capability.  ... View more

I guess it's not just me then.   I have actually been having the exact same issue, and was discussing this with a few at the beginning of the week. I have a CW9166 in Meraki persona, and a CW9176 in Catalyst persona, both connected to a MS120. According to the datasheet, both should be able to announce 4x4:4 with PoE+, however my 9176 is only announcing 2x2:2 on 5 and 6GHz. The 9176 is joined to a 9800 which has a power profile that should instruct the AP to do 4x4:4.  Everything seems to be in order, yet WiFi Explorer confirms that the 9176 is only announcing 2x2:2.   9176 in Catalyst mode.   9166 in Meraki Mode ... View more

Have you claimed the switched to the Meraki Dashboard? Are the showing as online in the Dashboard? ... View more

Ah, sorry. Didnt see that you mentioned Okta. Unfortunately there’s no direct integration with Okta. Perhaps you could use their Radius Proxy, and do a normal Entreprise SSID with Radius? ... View more

Have a look at this configuration guide. https://documentation.meraki.com/Wireless/Design_and_Configure/Configuration_Guides/Encryption_and_Authentication/Microsoft_Entra_ID_Integration_with_Splash_page ... View more

Using https://developer.cisco.com/meraki/api-v1/update-device-wireless-radio-settings/ should allow you to manually configure channels on APs.  Setting an RF Profile ID will clear the manual setting, so don't set it.  ... View more

Have you tried using email subadressing by using + keywords? Eg. user+admin@acme.org ... View more

Unfortunately you can not exempt specific users from using MFA. If one customer enables MFA requirement, it will affect all Admins that have access to the Organization.    That being said, I strongly recommend to enable MFA requirement, and set it up on your device, as it adds security.  ... View more

The idea is good, but as of today it's a bit of a hassle, and the risk for unexpected behaviour is high.  DNS entries on the appliance are not reflected in the Dashboard, but only available through the API. So one would need to have clear documentation on what has been done to the DNS entries on the appliance, and always have that in mind.  https://documentation.meraki.com/SASE_and_SD-WAN/MX/Operate_and_Maintain/How-Tos/Local_DNS_Service_on_MX   What's to happen in the future, who knows. Hopefully this will be added to the Dashboard, for better management.   ... View more

❤️mDNS ❤️ ... View more

What makes you think it is a bug in the firmware? Because I have a feeling it’s the AirPlay devices themselves that simply stop talking mDNS after a while.   i have an AirPlay devices themselves which seems to work after it is rebooted, but after a while it just disappears. ... View more

Access Manager is not supported with Entra External ID.    We had a customer who'd been looking into this, and according to Cisco, it is not supported. ... View more

Congratulation to all the 2026 All-Stars, and especially to our newest memeber, @JamesT91  🙂 ... View more

Usually you can use staged upgrade on Meraki switches where you can define groups and stages in which your switches upgrade. This us dependent on the network, since each network may contain different amount of switches and a unique network topology.   When a network is bound to a Template, you no longer have that control, since you can not guarentee the topology is the same, and that the amount of switches in the network is the same. So unfortunately it is not possible to delay switch upgrades. Once you've scheduled it on the Template, all networks bound to said Template will adhere to that.    However, I think that you can define the time that a network should upgrade. So if you schedule an upgrade at e.g. 2 AM, the network switches will upgrade at that time according to the configured network timezone, since it is a rolling upgrade.  But like I said, I think it is like that for Templates. At the time of writing, I can't exactly remember it.  ... View more