Lehacy per-use MFA is disabled.   We don't have a licence for Identity Protection, nor have we configured any policies using it. ... View more

Please refer to my original post, where I included a screenshot showing that the Enterprise app was excluded from all conditional access policies.   I am not sure what the secret is, then. ... View more

Are you familiar with TwinAx cables?  e,g. https://meraki.cisco.com/product/switches/switches-accessories/ma-cbl-ta-3m/   In the Meraki world, these are copper 10Gb/s cables with an SFP+s on each end.  They can only do short ranges (typically 1m to 3m).  These are "low cost".   When you go down this path, ensure that everything has an SFP+ port, and then utilise these.  Compared to 10GBase-T, they have lower latency, making them better suited for storage applications such as iSCSI and databases.   When it comes to 10G connectivity to servers and storage, I mostly use TwinAx cables. I mostly use fibre for longer links, which tend to be switch to switch on different floors. ... View more

Another easy option is to try increasing the minimum connection speed required for the SSID.   Try making it 12, or 24, or if you have dense coverage, even 54. ... View more

>This only happens when there is lots of activity like a crowd walking down the hall   Increase the frame rate. ... View more

>Why does a company like Cisco / Meraki not have an affordiable Cisco SFP-10G-T-X that they support?   This is because the 10GBaseT SFP's maximum power consumption exceeds the power that the switch's SFP port can supply. Often, a 10GBaseT SFP can be used because it doesn't need to operate at the maximum power limit (maybe you are only using it with a 2m cable in your computer room). Still, because there is a complex set of exceptions, Cisco Meraki doesn't support them as a blanket rule, because they won't always work. ... View more

>We have implemented some automation to log usernames on some of our SSIDs but finding that it doesn't always find and list all the users who have authenticated.    I don't think this approach will work reliably.  The reason for this is that the RADIUS supplicant (Meraki) can only see a username in the outer header, and a client doesn't even need to fill this in.  For example, if you are using PEAP, the actual authentication is done in an encrypted tunnel, and Meraki will never see the username—unless the client voluntarily adds it to the outer, unencrypted header.   You should do this at the RADIUS server level. ... View more

Make sure you also block: DoH and DoT (this bypasses content filtering) Filter Avoidance (programs that try to bypass content filtering)   It is also possible they are simply using a privacy VPN. ... View more

This is the answer.  All you need to do is reuse the thumbprint and SSO URLs in the different Meraki accounts. ... View more

Once you get access back, a good option is to configure the ability to login in using Entra ID accounts. https://documentation.meraki.com/General_Administration/Operate_and_Maintain/Managing_Dashboard_Access/Configuring_SAML_SSO_with_Microsoft_Entra_ID   Then you can log in using either a Meraki account or an Entra ID account.     ... View more

If it was just ordered, I'm pretty sure the Cisco Partner will be able to process it as a return if a new replacement order is being placed. ... View more

I just checked an MX85, and I see that same option available.   ... View more

You need to log in with an Administrator account, and then you can add/remove other Administrators. https://documentation.meraki.com/General_Administration/Operate_and_Maintain/Managing_Dashboard_Access/Managing_Dashboard_Administrators_and_Permissions   If you don't have any accounts that work, add the old employee's email address as an alias to your email account, perform a Meraki password reset, log in as that account, and then update the Administrators. ... View more

On some models, you can convert the first LAN port to a WAN port.  You do this under the Uplink tab.       ... View more

If you go Organisation/Overview you can see a map of all your devics, which ones are alerting, and which ones are down.       This allows you to quickly see if an outage is related to a geographic region or is widespread.     ... View more

I'm not completely sure of your question.   You can use the Cisco Meraki Add-on for Splunk. https://splunkbase.splunk.com/app/5580 You can also use Splunk Connect for Syslog. https://splunkbase.splunk.com/app/4740     ... View more

Click on an affected client, then open the "Roaming" tab to see what it says.     ... View more

Try disabling client load balancing. https://documentation.meraki.com/MR/Operate_and_Maintain/How_Tos/Client_Balancing   ... View more

Also, check out the code snippets on the right-hand side for examples.     ... View more

Make sure you are running stable or better firmware. ... View more

Have you assigned ports to each VLAN?   Have the clients been configured to use the default gateway for the VLAN they are in? ... View more

The fixed IPs can be referenced in many places.  Off the top of my head: DHCP reservations NAT translations Firewall Rules VPN firewall rules Potentially client VPN configuration ... View more

What kind of device is the port plugged into? ... View more

Typically, if you wanted to restrict which devices have access to an application in an Entra ID world, you would use a Conditional Access policy.   You can configure a "Named Location" and mark it as trusted.   In the "Grant" section you can also require that a device is required to be compliant:   And then you can create an Intune compliance policy to define what you mean by that.     It is quite a lot of hassle if you don't have Entra ID conditional access in use, combined with Intune and compliance policies.   Cisco Duo makes this kind of thing easy with its Trusted Devices feature.  You can say things like "Every device in my AD or my Intune are trusted", and then you can add specific manual overrides for special cases (like contractors). https://duo.com/docs/trusted-endpoints   ... View more