A general tip, go to "RF Profiles": https://documentation.meraki.com/Wireless/Operate_and_Maintain/User_Guides/Radio_Settings/RF_Profiles   Create a new profile.  The most common one I use is "Open Office Profile".     This uses sensible settings.  Apply this profile to all your APs.   On the RRM tab enable "AI channel planning" and "Busy hour".     ... View more

This is the secret.   You copy the thumbprint to every org where you want your SAML provider used.  And copy the SAML group mapping you wish to use.   Entra only requires a single setup.  You don't touch the Entra config as you add more organisations.       ... View more

When you use the search in the top right-hand corner, it searches the entire organisation. ... View more

Green to 3 through pi. ... View more

Try turning off CDP and enabling LLDP on the C1000 (if it supports this). ... View more

>Temporary changes to MFA, SAML, and security settings affecting some users ... >We are not able to share an exact timeline Scary.  Especially announcing this over the holiday period. ... View more

No.  You'll need to return the co-term licences and get subscription licences. ... View more

You can have per group firewall rules, but everyone has to share the same set of routes. ... View more

For the MR76 it lists these as compatible antennas: https://documentation.meraki.com/Wireless/Product_Information/Overviews_and_Datasheets/MR76_Datasheet "List of compatible antennas: MA-ANT-20/21/23/25/27 "   Out of those options, the MA-ANT-27 (dual band), MA-ANT-21 (5ghz only) and MA-ANT-23 (2.4 ghz only) seem like the best options to choose from. https://meraki.cisco.com/product-collateral/dual-band-sector-antenna-datasheet/?file https://meraki.cisco.com/product-collateral/5-ghz-sector-antenna-datasheet/?file https://meraki.cisco.com/product-collateral/2-4-ghz-sector-antenna-datasheet/?file     Meraki is not the strongest at bridge links.  I would be a bit nervous about this use case.  I would personally use a dedicated bridge solution from another vendor. ... View more

You have to delete the VMX, change the config in the Meraki Dashboard, and re-deploy the VMX. ... View more

These are the settings I am using for machine-based SCEP certificates.       I don't believe the SCEP certificate deploys till you use it in something, like the SSID config. ... View more

You'll need to use the BGP over IPSec VPN option to make this work. https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-to-site_VPN/BGP_routing_over_IPsec_VPN   ... View more

I've actually had companies raise this - and then I found they had disabled the alerts by setting them to "none". ... View more

Brilliant! ... View more

It sounds like you are talking about subscription licensing.  An AP subscription licence works with all current APs. https://documentation.meraki.com/Platform_Management/Product_Information/Licensing/Subscription_-_MR_Licensing   ... View more

Can you ping the LAN interface of the MX105 from the MX95?  That would show that connectivity in the Meraki environment had been established, and the issue is between the MX105 and the Huawei cloud.   If the ping does not work, check the Meraki connectivity. ... View more

Are you familiar with the process of claiming devices using the Meraki app on a mobile device?  You scan the device's barcode.   https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Operate_and_Maintain/Inventory_and_Devices/Using_the_Organization_Inventory#Quickly_Scan_and_Claim_Multiple_Devices_through_the_Meraki_Mobile_App     Another option (maybe too late for you now), but if you batch your orders when placing them with Cisco Meraki, you get a claim code per order.  This lets you claim everything in the order at once and assign it to a network. https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Operate_and_Maintain/Inventory_and_Devices/Using_the_Organization_Inventory#Co-termination_.26_Subscription_Licensing_Organizations   ... View more

That is painful.   What is the process to determine which APs will go into each school network?   For example, does someone in a warehouse grab the nearest 60 APs and load them into a truck, scan each AP box with a bar code scanner, and then send them through to you? ... View more

I'm assuming you are talking about the process to claim into inventory (rather than a network)?   What happens if you use the claim code for the order, rather than the serial numbers of each device? ... View more

This is a tricky area!  For example, a common SQL injection attack is to use a string like: ; select * from users   That semi-colon is the key to the attack. ... View more

In uplink selection configure AutoVPN to only use WAN1 on your hub unless WAN1 has failed.     ... View more

>I am seeing clients from a remote site (MX250 pair as an SD-WAN spoke) appear as clients in the edge network   I would expect this to happen when using "Track by IP" address. The clients are connecting to the VPN concentrator in the "concentrator" network, and then run through the edge.  To the edge, all of this traffic from the concentrator is "local" and a client to it.   You could use tracking by MAC address (in the edge network), but then you would just see the VPN concentrator as the client in the edge - or perhaps that is how you would like it to look? ... View more