Same......seems to be "Spreading" over our network as clients come online this morning......good times.....good times...   Update: Found this in our Defender logs at same time of alert from Meraki.     ... View more

Ok ty. Looking over past couple months, they were updating almost daily, at the most every 3 days, so not seeing an update for almost 3 weeks gave me pause. Tyvm!! ... View more

Just had same thing happen again. Every single piece of Meraki gear we have is reporting to have gone offline for 1 (one) second this morning. Again, no internet issues, no power events. I have submitted a ticket to Meraki as this is the second time in a week we have had every single piece of Meraki equipment report as going offline. No IDS events. No updates scheduled. I am thinking it is a false positive, maybe a glitch in The Matrix.  ... View more

Ty Phillip. Very detailed answer, I really appreciate it. Only mystery, is I set this network up, and have never added any rules, so I am still a little confused as to how?  I do believe these all showed up after I installed the latest firmware on Sunday night.  I agree with your SQL references , and these fixes are in the works.  If I add something to be whitelisted, where does it show up? For example, I highlighted  one of the D-Link signatures as a whitelist since we have no D-Link equipment, but could not see it anywhere as "added" to the whitelist, all it did was create another entire rule set, full of all the previous signatures. So now I have 3 "rules" each with 40 or so entries, some are identical, and really have no idea if this D-Link signature was indeed whitelisted?  I am still very hazy on how, or where to see what is really added as whitelisted?  Thank you for educating with me on this. I just want to make absolutely sure none of this is actually "whitelisted" as that would be horrifying.   ... View more

I just counted, under each "rule" there are almost 40 individual items, I just took a quick screen shot to give everyone an idea of what was there. But they vary greatly.  So are you saying all the things in these lists are not really in effect, they are just things that have been tripped? Very confusing to say the least if this is the case.    So if I just click on one of the items in these "lists" that will then whitelist that particular item? Again just confusing I have 2 items under "Rule", with 40 sub items under each one of them.  When I click "whitelist an IDS rule" I get another "Rule" with 40 or so different sub items. Even when I click one of the sub items, nothing happens. I do not see that particular item listed, or added anywhere.  What am I missing?..This is what the doc says:   You can whitelist specific  SNORT® signatures by clicking Whitelist an IDS rule. Any signatures for which matching traffic has been seen by the appliance will appear in the Select an Option drop-down so that you can select which signature or signatures you wish to whitelist.   So why do I have 2 "Rules"? maximum number of signatures in a rule? When I do click an item to whitelist I do not see it listed anywhere as being whitelisted?  If I do delete both of these "rules". As the appliance starts to see attacks, will it just re-build the list again?  Sorry I just find it confusing the way it is presented.  Thank you again, really appreciate your time! ... View more

I thought very odd as well. Change log empty after firmware update. I am a little worried as I have several Malware Backdoor entries now set as whitelisted. I have 2 entries under IDS, with each entry having over a dozen now whitelisted items. I went back pretty far in my change log just to make sure it was not something I missed weeks ago but see nothing. At this point I am going to delete these entries, but I still would love to know how they were entered, and by whom.  Here is just a very small screen shot of just a couple of the entries. Are these just the rules Meraki generates, and are now just made visible?  I have 2 rules listed, both have different entries. Again, maybe this is just the default Meraki rule-sets.  I just never have noticed them visually listed before under intrusion detection. If it is a Meraki default whitelist, I can hardly believe they would have malware-backdoor whitelisted......lol.  Thank you for your response, I          ... View more

Well I found a way around it, but its clunky. When I put an individual camera up, I need to click in the area of the picture. I am then presented with a menu, with a selection of "controls". Once I click that I get the option to then go to full screen. So it works, but takes a couple clicks to get there. Not the end of the world, but not ideal.  fyi Everything is 16:9, 3840 X 2160. So its not a full 4096. Maybe that is the issue. The TV's are commercial Hisense, model  65U1600.    Thank You! ... View more

Me as well! I do not have any Draytek equipment. I do not know why these are marked as "allowed".  Would like to just see "Blocked".      ... View more

Meraki does recommend me to use "Unique Client Identifier"  but it is marked as beta so a little hesitant to change. All MAC addresses associated with this client are in all cases either the MX firewall itself, or one of the ip addresses associated with our VMware server farm. It never traces back to a real client. Other than client tracking, what would change if I switched over to "Unique Client Identifier"?  Thank you everyone that has chimed in. I was not aware of different tracking methods, I am at least now a "little" smarter 🤣 🤣 🤣 ... View more

Don't know if this took or not. Client tracking is set to default: MAC address ... View more

The default: MAC address ... View more

So since my current setting show one of my IDF's as root, should I just set my current stack to 8192. That way my main switch stack would always be root, but don't worry about individual switches in the stack. Sorry that sounds confusing.... ... View more

So is RSTP not a concern, or having a root switch not a concern when configured as a stack? Now I have other questions... ... View more

Just because we have our VM farm plugged into it. Just figured we would make it root switch. But know seeing as it is a stack, I wonder how important having a root switch is. I also tried to make sure it was the switch booted first. We recently went through a massive power outage which blew out one of our large APC units. I booted switch #1 first again, but troubleshooting this latency is when I noticed the RSTP error. ... View more

I just ran a network scanner from a different computer. It does pick it up as well. So even with a different computer, and a different scanner this device still shows up. I cannot get anything to come up when trying the IP address. Cannot obtain any additional info from the scan....no host name....etc.. I set laptop up for same subnet...etc. Something is definitely there, just cannot get any additional info. I do have it blocked from the internet. No one has yelled.   ... View more

First thing I tried........."This page cannot be displayed". One thing that I found. I can ping through Meraki portal, but CANNOT ping through cmd line on my network.  I am fairly certain this is a misidentified, but I still do want to find out what, and where it is.  Thank you all for the info, I appreciate it.  The mystery continues.  ... View more

No. I have gone over this incident with all staff. I did a MAC lookup, and all that comes back is CyberTAN technologies. Very strange that it has moved AP's a couple times. Iphones, and Android phones always are identified correctly. We have a couple folks with USB cameras that sit on top of a monitor, but none that are wireless. No new hardware has been implemented that I know of. I am still pinging it, solid ping non stop. Packet capture is empty. Do not know if that is good or bad. the mystery continues.  I will go ahead and swat it down as you suggest. Will see if anyone complains.  Thank you Nash for the quick reply, I appreciate it. ... View more