Personally, I would get rid of the on-premise Exchange server and go to Office 365 - especially because Exchange 2010 is only just supported still.  Leave it any longer and if you need to upgrade you will have to go through a painful (and more expensive) multi-stage upgrade.   Second choice would be to use RPC over HTTPs, and have the clients connect using that mechanism.  Then you just need to NAT port 443 (aka https) through to each Exchange server,   My last choice would be to build a site to site VPN, and use VPN firewall rules to limit what users can talk to. ... View more

The grade of the fibre you would need is called OM3.  From memory it is coloured "aqua".   If sometime in the future you think you might want to upgrade to 10Gbe then you should probably splash out on OM4.  OM4 is raspberry pink.   I typically use OM4 for everything these days unless I get push back on the price. ... View more

@Adam is right - Postman does exactly this.  Once you get it "right" it can even generate framework code.   You should check out the main Meraki developer area here: https://create.meraki.io/   Here is the Postman Meraki documentation: https://documenter.getpostman.com/view/897512/meraki-dashboard-api/2To9xm ... View more

I don't know the answer.   Two things I would check: 1. Try looking under "Wireless/Splash Logins". 2. The event log.   ... View more

The only way to do it nicely would be to automate the process - using a script that you write.  You could give it a switch to apply your automation to as an input parameter. ... View more

The suggestion by @MikeH1974 will report on non-browsing data.  Just make sure you have detailed traffic analytics enabled under "Network Wide/General".   ... View more

That does not look good - it looks like these changes to IOS 12 are going to require a bunch of new development effort, on multiple fronts.  This iOS 12 change is going to break a lot of things.   I would not personally expect support for these new restrictions any time soon.  I think you would be better off not allowing the upgrade to IOS 12.  The loss of security capability is probably worse than any other new functionality. ... View more

> Then I have a test laptop on vlan 1201 also on the Meraki side, streams seems ok for a little bit and then starts going bad. Then I move the laptop to an access vlan 63 for example for PIM to kick in, same issue seems to work a bit then starts going bad.   Are you sure the links between the switches are configured for auto/auto (or at least have matching speed/duplex)?     You are reminding me of another job I did (long ago, using Cisco Enterprise switches).  When the streams go bad - do they simply fail? I was helping a radio station once.  They were generating a huge number of multicast streams, and the streams would work for a while and then simply stop.  After doing some Wireshark captures for a while I found the IGMP queries downstream where sending a query to the multicast originator to verify that the stream was still valid (specifically a member) (otherwise if the multicast originator software crashes the stream will continue to exist until the switches next get rebooted). What was happening was the multicast originator failed to respond to these queries asking if the stream was still active, and after a period of time (can't remember, something like 3 to 5 minutes) the switches cut off the streams because of no response. It worked on some other switches that didn't do regular IGMP member query checks.   It ended up having to go back to the multicast originator vendor to get their software fixed. ... View more

The the device configured for generating the multicast source is using the standard MTU of 1500 then anything else along the path with a higher MTU will not contribute to the issue. ... View more

I concur with @BrandonS.  You can not add devices into a new organisation unless they have been released from the existing organisation.   This is my personal thoughts.  Lay a criminal complaint with the police.  Being a criminal complaint this is likely to result in the person being arrested and interviewed. You'll be surprised what people will "cough up" under such circumstances.  I bet you'll have your access back faster than using any other method.   ... View more

Is the MS410 running as the multicast router? Is the MS250 running as an IGMP querier?   I suspect the multicast origin should be plugged in at the multicast router.  I am wondering if this is related to how the multicast tree is being built.   It would be an interesting test to plug the multicast source into the MS410 (assuming it is the multicast router). ... View more

On the layer 3 interface are you using "Enable IGMP Snooping querier" or "Enable multicast routing group"?  Perhaps try the other option.   I think this is going to end up being a support cast because it is sounding like a bug to me. ... View more

Can you put speech marks around the whole lot? ... View more

You would need to setup a syslog server to retrieve those events, and then process that. https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration ... View more

You'll need to gather legal proof that you own the equipment (such as original invoices) and a copy of the police complaint with the allegation of what has happened and then then open a case with support to take over/back your organisation. ... View more

APs only need to mesh together when they are not connected to the primary wired network.  If your case they are, so they should not be meshing together. ... View more

The 10.x firmware has massive improvements around multicast.  If you are not using that make that your first thing to change.   What model Meraki switch are you using?   Have you tried enabling the option to flood unknown multicast traffic?   Is the Meraki switch just doing layer 2, or is it configured to do layer 3 with VLAN interfaces? ... View more

If you are using a combined template (so all device types can be in one network) then you have to use a combined template.  If you apply a combined template to a network it will apply to everything in it. ... View more

> I am running WLC with multiple licenses, I tried setting up Option 43, but have had no luck.    WLC's running semi-recent code will reject connection attempts from a 1603 AP (because they are no longer supported).  This may be your issue. ... View more

If that is the case then the Meraki Systems Manager may also face the same restriction.   It sounds like you need a new solution from Global Protect given the new iOS restrictions.   Perhaps use an MFA like Duo instead? ... View more

Are you sure it doesn't support SCEP?  If so, you know need to deploy the certificates via Systems Manager. https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device-certificate-management-scep   Next thought, Systems Manager can create and deploy a certificate (that Meraki creates) for WiFi authentication.  Perhaps you could use the same certificate. https://documentation.meraki.com/MR/Encryption_and_Authentication/Certificate-based_WiFi_authentication_with_Systems_Manager_and_Meraki_APs ... View more

I'm with @AjitKumar - cycle the switch ports or even reboot the switches. ... View more