You can't get a root cause usually because their are no tools to collect enough information.   I expect common issues would be firmware bugs in the cellular modern causing it to crash, hung out stick receivers, and general hardware issues. ... View more

When my contract expired, I'd change ISPs.  Talk about inflexible. ... View more

What are the dimensions of the area?   Would 2Mb/s be sufficient speed? ... View more

> Does Cisco SecureX require additional licenses?   Not for authentication.  You can just sign up and start using it. ... View more

Capturing on the LAN port works well as long as most of your traffic is going to the Internet.  If you do a lot of inter-vlan routing then it gets swamped by that traffic. ... View more

Not that I'm aware of. ... View more

I've never seen an AP run a network port at a sustained 1Gb/s of load.  Never.  I think it would be challenging to even do so.  You'd probably have to set a special lab environment to make this happen.   If you don't have MGig ports the solution is relatively simple - install more APs so the load gets split over more 1Gb/s switch ports. ... View more

Yes.   The remote ID should be the public IP address of the remote ASA. Leave NAT-T enabled.   Note that you can usually only have a SINGLE subnet in the source and destination encryption domains.  If you include two then only one tends to work at a time. ... View more

I do a packet capture of the Internet port for a couple of minutes.  Then load it into Wireshark.  Then go Analyse/Conversations and click on TCP.  Sort by the bytes column. ... View more

Not easily.   You could attempt to edit the HTML code to use a pre-selected email address. ... View more

Go: Organization/Overview/Devices Make sure you have the "Public IP" column enabled.   Now you have a list of all devices their the public IP address they present on.   You can click on the CSV button to export all the data to a CSV file.   ... View more

> but it required to add into meraki dashboard so that my MX250 can connect to meraki cloud and get firmware upgrade right    The most you can do then is to create a temporary staging network that is a copy of the production network and put the MX into that.  This will get the MX onto the correct firmware.  Nothing else will be kept. ... View more

The templates are network-centric.  They need to be loaded into every network.   Wouldn't organisation centric be a better place for them?   I just can't imagine a case where you would create a template to say how to lay something out for a specific service (such as "Service X"), and then would want to very that per network.  And even if you did, you could just use unique template names.   ... View more

> All dashboard admins are logged out after a few minutes, and they have a 2FA for security reasons. That a good    @redsector , check out my hack for this.   https://community.meraki.com/t5/Managed-Services/Need-Dynamic-MSP-Dashboard-Monitoring/m-p/7355/highlight/true#M14  ... View more

If you have a switch with a 10Gbe port in your staging environment then you could connect the MX250 to that via a TwinAx cable. ... View more

@CoachSteve , you know you can produce summary reports fitlered by SSID?       ... View more

Wahoo, go @Bruce grabbing that top spot.  @cmr we were very close!  Come on @UCcert , we all know Britain has been in lockdown.  What else have you been doing with your time?  🙂   And well-done @MR45EOL .     ps. I wish we had giphys. ... View more

The subnet size is not very relevant.  Note that with an L3 switch the switch management address (which is what the MS uses to talk to the Meraki cloud), which is not the same as the VLAN address (which is used for routing packets) also needs to be in that uplink range.   That would preclude a /30.  A minimum of a /29 would be needed.   I try and use DHCP for the switch management address so that if I need to make config changes (such as a change in DNS server) I can do it without needed to access the switch physically via its management interface (in the event it gets taken offline for some reason).   I use trunk ports between MX and MS. ... View more

I do not understand the issue.   You talk about communicating with an IP address many hops away, so it is not L2 adjacent to you.   The MS120 will not have a MAC address for it, nor does it need one.  The MS120 is a L2 switch, and does not look at the L3 info (such as IP address). A packet comes in one port, it looks up its forwarding table for the destination MAC (which in this case is simply the default gateway) and sends it out to another port.   The only MAC address requires for a host on a different layer 2 domain (as in this case) is the MAC address of the default gateway, and the default gateway is responsible for routing/forwarding the packet towards the next hop. ... View more

You apply a group policy to a specific host - so that is the origin.  The origin is the machine you apply the group policy to. ... View more