A single uplink failure on an active MX with two working uplinks would/should not cause a failover to the spare MX. Only if all uplinks on the primary MX fail should the spare MX take over based on VRRP mechanics.    The failover process is active MX primary uplink > secondary/remaining uplink > spare MX primary uplink > spare MX secondary/remaining uplink.   This assumes WAN links are actually working and VRRP is passing correctly on MX LAN port(s). What is your topology? Are the MXs connected to downstream switches only? Is there also a direct connection between MXs? Are all VLANs allowed on the MX LAN ports or do you have drop untagged traffic enabled on the MX? ... View more

I'd open a case so they can look into the streaming server and other related services ... View more

Is Dynamic DNS enabled? The API call you mentioned above should return dyn dns info if enabled.   https://documentation.meraki.com/MX/Other_Topics/Dynamic_DNS_(DDNS)#Enabling_Dynamic_DNS ... View more

When a license goes end of sale it's listed on the EoL page just like hardware. Example, the MS22/P and MS42/P licenses are end of sale and listed on the page.   "The device-specific licenses corresponding to discontinued hardware products will be available for purchase after the EOS Date, unless the license(s) is/are listed in the “End-of-Life Products” list provided below." So, that last part simply means if the license isn't mentioned as end of sale on the EoL page then it's still available for purchase. ... View more

Sorry for the late reply. A ticket has been opened with the original order number of the Antenna and APs. I discovered a crude workaround that worked on one unit, but due to the time and service disruption, I have decided to wait for a fix. I have left the others untouched. The "fix" involved unclaiming the device, factory resetting, re-claiming, configuring, manually setting the antenna, and placing the AP back in service. This resulted in about an hour of work on a lift and in the IT workroom to make necessary changes. My company prohibits electronic devices on scissor lifts which added time. Model Number Installation ... View more

Very helpful, thank you  ... View more

Okay here's the actual peice you want to read in Darren's link.   The actual documentation is misleading because it says you need  "Per Device SD-WAN+ licenses" which are only available in 1,3,5 year terms.   I have a 10 year SDWAN license which is clearly not a per device license. The text below does not state it needs to be a per device license however.   Mixed-license environments   The SD-WAN Plus and Advanced Security licenses can be selected on a per-device basis for a mixed-license deployment. In this way, some sites could have MXs with full SD-WAN Plus license functionality and remaining sites with Advanced Security license features. Enterprise licenses can only be applied organization-wide.     ... View more

One final comment on this thread is it appears that you cannot enable/disable any of the alerts including the default sensor alerts if the network is bound to a template. ... View more

Hi,   Thanks for all insight and link that provide, little clear about my curious about antenna.   Regards, ... View more

Regardless of what you have set as a schedule you will still get two alerts, one for opening and one for closing because some users want to monitor when a room is being accessed whereas others might have a temp controlled room and they want to be able to monitor if the door hasn't been closed properly.  ... View more

Ah okay I get it, thanks for confirming. I would think stick mac allow list would make sense for being applied at the profile level since the mac allow list is learned, not specified, but I don't know how the configuration works behind the scenes so I can see there likely is a technical limitation preventing it from being possible. Good to know! No MAC Allow or Sticky MAC allow on profiles. It would be nice if we could override the profile to set these on a port by port basis, but if it's one or the other, then the profiles have to go unfortunately.  ... View more

I have tested giving the user R/O access to the network that the cameras are in, and yes that ensures that the floorplan shows correctly in the Vision Portal.   The problem is though that these are just users - they will just get confused with seeing AP's, switches, Security appliances etc.   So its not something we can enable just for the cameras to show correctly on the floorplan.  The Google maps display is of no use - it shows cameras in the middle of the river - not having the display at all would be better than the google map without a floorplan to show where the cameras actually are.    The site would use this to show contractors where the cameras are physically located when they need maintenance/replacement.   I will therefore leave this as-is and submit a Feedback form on the dashboard.   ... View more

This is a bit off topic but is there likely to be SSO supported for vision.meraki.com in the future?  Currently users have to access it via the dashboard and it would be a much nicer experience if users were able to login directly to the vision port via SSO. ... View more

A Camera only admin shouldn't even see the delete button on Exports page. I'm guessing you're also a read admin for the Org or Network? In that case it does show the delete button, but fails to delete as you mentioned due to lack of permissions. ... View more

I've got it - it is only in the default alert profile. ... View more

I deployed AnyConnect 5.0.05040 to everyone in my org and updated our MX to 18.107.2. I can confirm the "CSRF token verification failed" issue is no longer present in our environment. Looks like they finally fixed it! ... View more

Just because it doesn't comply with the RFC? ... View more

Thanks. I see the ticket. I'll also ping the MS PM team about it.  ... View more

Keep in mind that it is the client that makes the join/roam decision and not the AP. Also keep in mind that Windows Update does not typically update the Wireless NIC drivers, you need to pull it from the manufacturers site and package that yourself, or teach your users how to do the upgrade themselves. This might improve the clients that are roaming to less optimal AP. And yes I also agree that you should disable the client load balancing feature.     If all of the above still doesn't resolve most of the roaming issues, having a site survey performed to evaluate the way the network currently looks, after adding AP that were not in the original plans, should be a big help in seeing what is going on in the RF.   ... View more

Gotcha, so it’s just one big table of rules that’s org wide. ... View more

Awesome thank you! ... View more

Well the though was that when you utilize Guest VLAN, then the client would be put into that VLAN on an access-reject. And I would just like to return some more config to that Guest access.   https://documentation.meraki.com/@api/deki/files/3974/MS_802.1X_auth_flow_chart.png?revision=1&size=bestfit&width=436&height=599 ... View more

Yes, I did  thank you. ... View more

Ah, thanks Ryan. That would make sense. I'm wary making changes when licencing is involved.  ... View more

I notice these issues are still there, is there any timeline as to when we should expect them to be fixed so that the Switching/Switch ports display shows the correct values from the profile rather than the ones on the actual port which are overridden? ... View more