Meraki

Ryan_Miles · ‎Feb 4 2023

Should be approximately 5 days per the doc. I’d open a case to see why they can find if you’re not seeing that and it was powered for the last 5 days at least.

Ryan_Miles · ‎Feb 3 2023

Support needs to enabled the site to site NAT feature for you. See details HERE.

Ryan_Miles · ‎Feb 3 2023

If you do this make sure you unclaim them from your org. And, the new owner will need to purchase their own licenses. Licenses are not transferable between customers.

Ryan_Miles · ‎Feb 1 2023

Warm Spare and Stacking aren't (can't be) used together. The MS425 supports flexible stacking which means you can make any of the ports stack ports (2 ports max). A stack covers the L3 redundancy that Warm Spare VRRP would do in a non stack capable switch.

Ryan_Miles · ‎Feb 1 2023

Perhaps use IPSK. You could define per client Group Policies which map the SSID to their private VLAN. Then on the common SSID use IPSK so each client has a unique non-shared/known PSK preventing them from accessing another users VLAN. Assuming the 40 VLANs exist on the MX you'd also want firewall rules there to prevent VLAN to VLAN communications.

Ryan_Miles · ‎Jan 31 2023

Can you provide some screenshots of your config? You have a static route on the MX to a destination network and you have a VLAN on the MX configured for DHCP relay to a server in the destination network of that static?

Ryan_Miles · ‎Jan 31 2023

You should open a Support case

Ryan_Miles · ‎Jan 30 2023

MX doesn’t support LACP. The recommended topologies are listed here.

Ryan_Miles · ‎Jan 30 2023

Hey, me too. I did F16 Avionics in the USAF back in the 90s. Man, I'm old.

Ryan_Miles · ‎Jan 30 2023

Looking at this Org pretty sure it's exactly this. 8 APs have no tags and all SSIDs are configured to use availability via tags.

Ryan_Miles · ‎Jan 30 2023

We have this bit in documentation. Is it a long shot? Yes probably, but be warned it could happen. From a performance perspective if you have an AP without antennas those ports are still attempting to be used by the radios. Obviously the tx/rx performance will be severely impacted without an antenna. And, with a MIMO AP it's expecting to use all antenna ports. There's no situation in which running with disconnected antenna ports would be the correct way to deploy.

Ryan_Miles · ‎Jan 27 2023

On the traffic shaping page do you have any flow preferences or uplink selection rules set?

Ryan_Miles · ‎Jan 25 2023

You have 9 Meraki switches in this network. More Meraki switches in another network name that appear to physically be in this same topology with a stack configured as the STP root. And more Catalyst switches, but I'm unsure how those are connected in this topology. It appears perhaps the Catalyst switches sit between two Meraki switch networks? Switch port 28 from your log above reports as connected to a Catalyst 3750. If you've not already done so you should run this by your Meraki TSA for design review. Perhaps there's a STP mode mismatch somewhere in the network path or non matching VLAN configs of ports connecting switches to other switches. Hard to say without a thorough review and access to all configs in this topology.

Ryan_Miles · ‎Jan 25 2023

In your original post, 6th line.

Ryan_Miles · ‎Jan 25 2023

You should never post your Meraki serials on Community (or any public site)

Ryan_Miles · ‎Jan 23 2023

As the link I posted stated it's expected behavior.

Ryan_Miles · ‎Jan 23 2023

This doesn't work. Mentioned HERE.

Ryan_Miles · ‎Jan 19 2023

The existing switch will be fine. Creating a stack doesn't impact the current config. Note the second switch will require a mgmt IP just like the first switch has today.

Ryan_Miles · ‎Jan 13 2023

Clarification, routed mode is now the default mode for newly deployed vMXs (LINK). It is supported.

Ryan_Miles · ‎Jan 12 2023

In dashboard go to Organization > Configure > License info. On that page it shows who your Meraki Sales rep is. I would contact them to further discuss Meraki license policies.

Ryan_Miles · ‎Jan 12 2023

If you look under Network-wide > Configure > Alerts you'll see your default alert recipients are you, a coworker of yours, and All network admins (meaning all those 8 partner admins you have defined). Any email address can be typed in there even if they aren't admins on the admin page. That's why you get the general network alerts.

Ryan_Miles · ‎Jan 12 2023

Covered in the last bullet here

Ryan_Miles · ‎Jan 12 2023

Philip is spot on with everything he mentioned above. I will add a few points as well. My intent is not to place any blame. Rather just hoping to fill in some areas that might not be fully understood and hopefully it can help anyone that lands on this thread in the future. Also, it might give you some ideas on how to improve some areas of config in your org. This doc covers how SAML/SSO and email alerts work. It matches what Philip stated about needing at least one local admin account. As soon as licensing is oversubscribed it will place an org into an out of compliance/warning state and initiate the 30 day grace period. Also, devices only consume a license when placed in a network. Unused devices in the org inventory don't consume a license. I do also see your org has 8 local admins with write or read access. All of them appear to be partners/providers based on their email domains. They should have all been receiving these emails multiple times during the 30 day grace period (at 30, 21, 14, 7, and 1 days). Based on how your admin list is set up it appears no employees are local admins and therefore no one at your company would have received a license alert email. Another thing I noticed. The missing license that caused the compliance issue was emailed to you. However, the email it was sent to is different from what I see in your SAML login history. So, I'm not totally sure if you received the original order email with the license that should have been claimed back in November. Orders going to bad email addresses happens quite a lot as it depends on the partner/reseller that placed the order entering a legit address. I see typos at times or many times it's sent to someone outside of IT that will receive the email, but might have no idea what it is (like a Finance person, branch manager, etc). That reminds me of one more point. You should always be adding gear to orgs via the order number. That brings in the serials and license keys. In a case of just serials being added it can lead to this exact problem. I probably spend an hour or two every single week helping customers clean this up and it can all be avoided by claiming the order number to begin with. Bottom line, best practice is using SAML/SSO is totally fine. Just make sure you have at least one local admin configured with an email address (could be a mailing list) that people pay attention to. Having all your local admin accounts belonging to an external company isn't something I'd recommend (unless it's Meraki as a service and you don't own the hardware).

Ryan_Miles · ‎Jan 9 2023

iOS 16 has been out for some time now and is also shown as supported here. Have a case number I can look up?

Ryan_Miles · ‎Dec 28 2022

RTSP stream should be near real time. You could also try our upcoming Apple TV app https://documentation.meraki.com/MV/Viewing_Video/Meraki_Display_Introduction

About Ryan_Miles

Ryan_Miles

Ryan Miles

Community Record

Badges