If you are super keen to keep use Cisco ISE have a look at this guide: https://documentation.meraki.com/MR/Encryption_and_Authentication/Central_Web_Authentication_(CWA)_with_Cisco_ISE ... View more

You are trying to apply a WLC design philosophy to Meraki - and it is going to cause you grief.   The MX does not support DNS re-write.   On the whole you can not do policy routing.  However, as long as the traffic is going out a WAN interface, you can specify a flow preference like this: On the whole, I see no point in using Cisco ISE for guest portal processing.  The built in capabilities of Meraki kit is very powerful, and Cisco ISE does nothing but add additional complexity.     If you want to do things the easy way, configure the guest portal completely inside of Meraki; drop the guests into a VLAN (don't use the VPN option) and then transport that VPN to the Internet. ... View more

How did you save your HTML change? ... View more

On your custom splash page (that you initially created by copying a system one) click on the pencil on the right hand side:   Now upload your image file, and edit the HTML code. ... View more

It is a hard limit of 250Mb/s.  You can not go above that.  Yes, I have tested it. ... View more

I lie @Doug_Barnes.  I got my MX's mixed up.   The MX with VLANs enabled does not show the OSPF options.  Only the MX with VLANs disabled shows the OSPF options. ... View more

Correct it will form an OSPF relationship.   I'm not sure about the VLAN question.  I test tried on an MX with VLANs enabled (running 13.28) and all the options for OSPF were still there.  So it looks like it would work to me with VLANs enabled. ... View more

Yes it can advertise remote AutoVPN subnets - but it doesn't listen. ... View more

I just copied am emoij from the emojipedia site into an SSID and was able to see it, and it appeared as a WiFi network that I could select from my notebook.  No special tricks were required.  I am using firmware version 25.10.   https://emojipedia.org/smiling-face-with-smiling-eyes/ ... View more

You are relying on universal Unicode support for this to work in clients.   I would expect to have lots of compatibility issues with client devices. ... View more

Is the Duo RADIUS proxy available on all Duo plans? ... View more

@MilesMeraki is correct, there is no hit counter for this type of thing. ... View more

Annoying this functionality is actually natively available in Windows - but is not exposed in the GUI.   I have put up a web page on how to configure this with Powershell.  The advantage of this is that the setting "stick" and you don't need to manipulate the route table.   http://www.ifm.net.nz/cookbooks/meraki-client-vpn.html ... View more

Yes. ... View more

@Vlad that will work fine.  Personally I would make the ports towards the MX250 access ports in the correct VLAN.  Then you wont have to configure anything on the local status page of the MX250's.  The MS250's will work "out of the box".  If you need to use tagging towards the ISP I would make only that port a trunk port with only that VLAN allowed.   ... View more

Hi @WillSparing, I think you might be over thinking this one.   Unless your rules have overlapping definitions you don't need to worry about the order too much.  Just make each rule unique.   Mark the VoIP traffic as high.  Most implementations I have seen no other QoS is applied.   If I have a customer with RDP I sometimes mark that up (I tend to do that on the MS switches though).   If you have something that consumes a lot of traffic and you want that to get throttled first then mark that down as low.  An example is replication traffic.  You could consider putting SMB file sharing traffic into this category.  Basically "low" gets left over free bandwidth. ... View more

No worries. Thanks anyway.   I have a support ticket open.  I have it on "low" priority, so it is ticking along slowly. ... View more

I thought about this further.   Do you actually need to change the VLAN, or could you simply push a different group policy to use, and thus change the users access? ... View more

IPSec is bought up first, and then L2TP runs over that.  Everything is encrypted. ... View more

@Melissa I am making very slow progress testing this.  Perhaps you could help me with some questions.   When does the Windows agent test the antivirus and firewall status? Does it communicate dynamic changes (as notified by the Windows security centre) with the dashboard, or does it simply re-check every so often?  If it re-checks, how often does it re-check?   How often does the dashboard update to reflect the current state?     I'm having issues like stopping antivirus on a machine, and it taking a very long time to show up in the dashboard (like it doesn't show up till the next day).  Restarting the service on Windows doesn't seem to make any difference, or rebooting the entire machine. ... View more

Same for me.  I get an email no matter what. The only substantial difference between them is one contains the password and the other does not. ... View more

I don't see any check box to turn the email off.  This is what I see what I try and create a user under Network-Wide/Users.   ... View more