"with" is a special statement in Python that ensures that the file reference is closed appropriately once you finish this code block, so everything you are doing with the file must happen in an indentation level that is below the "with", the moment your indentation level goes back to the same place as "with" it will close the file. with blank as blank:     do something with file     keep doing something with file     etc etc file reference will close automatically when it hits this line ... View more

It sounds like you should consider transitioning to SAML for dashboard access ... View more

When you configure sponsored guest login you have to configure it by email domain, and everyone from that domain has the ability to authorize, so the only way to do this natively is with a secondary email domain. What I would recommend instead or even with that solution is to have an SSID that your staff are permitted to connect their cellphones to that is direct to the internet only and perhaps limit the bandwidth on it if that is a concern. If you have WiFi for guests it is a pretty reasonable expectation in the modern workplace that your employees have it as well. If your employees feel you are being overly restrictive without good reason they may continue to try to circumvent or turn to shadow IT and that can be more risky, cost you more in time and resources and be generally problematic in the long run. ... View more

But the groups will not be consistent from release to release, so you might have one group in one set of release notes [MX75,85,105,250,450] and then five groups [MX75, MX85] [MX95, MX105] [MX250] [MX450] [MX67C] the next one. I would much, much rather read through the notes currently and just observe what is and isn't for me based on model info in the bullet. The improvement I would like to see is better adherence to the naming convention of semantic versioning, getting it represented properly in the API (currently many MX versions have the wrong name), and more information about the actual bug and some sort of internal reference ID that we could refer to with Support ... View more

We don't use SecureConnect for the record, but this is where I would start, in particular check if you are hitting the tunnel performance limit:   https://docs.umbrella.com/umbrella-user-guide/docs/limitations-and-range-limits IPsec Tunnel Performance 250 Mbps download, 80 Mbps upload, and 50,000 combined packets per second. Based on GCM encryption with 900 byte average package size. ... View more

I prefer the way they do it now, I feel like this giant wall of text is much less readable and I would be afraid of missing things from skipping notes after I've read it for the tenth MX in a row. ... View more

Facial Recognition technology is an enormous legal, privacy and civil rights landmine, this should absolutely not be implemented. ... View more

As long as you are not using the USB port, that is technically fine as the MR57 supports full operation of the AP on 802.3at power, it will just disable the USB port which you probably weren't going to use anyways.   That being said the MR57 is a pretty beefy AP and your max throughput on the AP will be limited to 1 gbps by the switch ports...which I should note, for most users and applications right now is totally fine, but I would view it as kind of a waste of an MR57 to bottleneck it like that so if you wanted to future proof a bit more you could get a MS130-12X and use the 4x 2.5 gbps mGig ports instead, or if you have two ethernet runs to each AP the MR57 supports dual connections and you could still use the MS130-8P for 2 gbps from the switch + HA.   https://documentation.meraki.com/MR/Other_Topics/MR57_Frequently_Asked_Questions ... View more

For devices that store config locally and could lose their configuration, yes. With Meraki all of your config is in the cloud and continuously pushed to the device, so there is not as much need since even if you were to factory reset the device, as soon as it comes online it will download and take its config. Make sure to document what you are doing in your change window well and have the backout procedure to reverse it correctly. ... View more

I'm running it at home on a CW9162i, a MR44 and a 36H, no issues that I've noticed since the upgrade ... View more

Seconded, the RNR will do the heavy lifting for you here, but are you actually seeing congestion in your WiFi 6E spectrum already or is this more of a theoretical question? I know the UK has only deployed a subset of 6E spectrum that the US and Canada have, but this would still come as surprising to me that you would have a use case for downgrading to 20 MHz channels on 6E already and I would love to know if that is indeed the case and a little bit more of the environment you operate in. ... View more

Depending on your needs in that space, I would consider using an MR36H and securely tunneling the traffic back to your MX ... View more

Assuming its the same fields you want every time, here's a simple way to do it: response = dashboard.switch.getDeviceSwitchPort('####-####-####',1) attribs = ['portId','name','tags','enabled','poeEnabled','type','vlan'] for _key, _value in response.items():     if _key in attribs:         print('{}: {}'.format(_key,_value)) would give you this portId: 1 name: None tags: [] enabled: True poeEnabled: True type: trunk vlan: 1 ... View more

It is also spelled out in Meraki's documentation. Yes Meraki is meant to be "simple"(ish) but this is still business-grade networking, and I don't really buy that one extra dot of documentation is making their firmware upgrades unusable, it is just a benefit to certain people and meaningless to others. ... View more

This isn't just a developer thing though, and they don't make it more complex as long as you know what the four columns in the spec mean. I would argue it actually makes it simpler, because now at a glance you can see more than just that it went up a number, which number went up has much more significance and tells you at an immediate glance what to expect.   In this case I see a dot hotfix and that tells me based on semantic versioning that the only change they've made is probably this exact bugfix, so I have a lot more confidence that I can safely try to apply it right away, whereas I would be much more wary of a patch with the usual dot increments that Meraki would use because it could contain other code that we don't know about and needs testing...such as 18.2.210 -> 211 somehow breaking all inter-VLAN traffic with a QOS rule. ... View more

They did the right thing using that extra digit here like they should be doing because that's how you use the Semantic Versioning specification, we should be encouraging them to do that more often because it makes the version numbers more meaningful and and tells you (in theory) how much or little has changed and what kind of changes were made from the version number, which is very helpful for testing and phased deployment.         ... View more

You can't have a SAML user where their email is the same as an email account being used on the Meraki Dashboard, it is not supported. ... View more

Mobile device fingerprinting is difficult for any platform, because it relies on how the mobile device works and in the case of some vendors like Apple they are often taking steps to prevent this sort of fingerprinting because it is a privacy risk. What I would recommend instead is whitelisting your approved enterprise devices and blocking other devices by default ... View more

To get exactly what you want you'd need to use the API to get info from the uplink statistics, but if you have an Insight or SD-WAN+ license, the WAN Health section can show you a graph of loss, latency and jitter per uplink which may be enough?   ... View more

While I haven't tried it myself, the Configuration Sync menu in Organizations claims that it supports group policies, so you would in theory set them up the way you want on one network and then sync them to all the target networks. It only supports uncombined networks though, so if you are using combined networks you will have to split them to do this. ... View more

Chatter on the Cisco forums alleges that the geoblocking you are looking for may be coming this summer, however I think you would be much happier overall if you were to pair Anyconnect with an MFA provider that has conditional access policies that allow geoblocking. Cisco discussion: https://community.cisco.com/t5/network-security/cisco-ftd-vpn-access-geolocation-block-for-control-plane/td-p/4858687   Conditional Access policy providers: https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-location https://duo.com/blog/easily-enable-conditional-access-by-country-with-duo https://developers.onelogin.com/quickstart/geoblock https://jumpcloud.com/support/configure-a-conditional-access-policy       ... View more

Is the IPSK update the only call you are making here? Can you test this again, but after the password change add a tag to the AP, and then remove it? Curious to see if a different change will trigger a configuration update here. ... View more

The Good/Warning/Critical of firmware is a completely unimportant field and should be removed. I would highly recommend ignoring it. ... View more