If you need logs in detail you need to use something like syslog and either setup your own syslog server (the free ones on Ubuntu are great) or use a commercial syslog server.   https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration  ... View more

> Was not sure if Umbrella would help with the SSL that the MX does not handle?   Umbrella can do this as long as you are prepared to load its root certificate into the trusted root CA store on every single one of your devices that will be using it. ... View more

Over the last couple of months or so, I've noticed our MV21 cameras seem to take more time to display on our video wall compared to in the past. MV12s always seem to load a lot faster.   The MV21s will start black and then load after a short amount of time. Firmware is MV 4.0   Anyone experience anything similar to this? ... View more

I tried the following ; def_rule ='{"rules": [{"comment":"Allow test","policy":"allow","protocol":"any","srcCidr":"10.13.64.0/24","srcPort":"Any","destCidr":"Any","destPort":"Any","syslogEnabled":False},{"comment":"Allow BLAH","policy":"allow","protocol":"Any","srcCidr":"10.24.10.0/16","srcPort":"Any","destCidr":"Any","destPort":"Any","syslogEnabled":False}]}' payload = json.dumps(def_rule) response = dashboard.mx_l3_firewall.updateNetworkL3FirewallRules(def_network,payload) TypeError: updateNetworkL3FirewallRules() takes 2 positional arguments but 3 were given So...... how now to use the **kwargs..... I know... still newbie at programming.... ... View more

Does the customer have an existing firewall they want to keep - or are they happy to replace it with the MX? ... View more

> Hi PhilipDAth, here is a diagram of how things are currently connected and how we are trying to set up the secondary path..   The two sites are not layer 2 adjacent, so that limits the options.  You'll need to run both MX's active/active and use BGP between them and the network core at each site. ... View more

Have not observed this yet but haven't had a chance to test.  Will test if time permits and report back  In the meantime please do open a case so Support can flag this and report back to the Eng team - I'm sure this was tested but please report it for investigation, thanks for pointing it out!   ... View more

GPUs are listed as a requirement as well ... https://documentation.meraki.com/MV/Advanced_Configuration/Hardware_Guidelines_for_MV_Video_Wall_Workstations#16_Video_Tile_Video_Wall_Requirements  ... View more

@JeffA That's correct.  With Meraki (and some other vendors) the license is a required part of the solution and the hardware is not meant to run as an "unmanaged" device.  The local status page is a basic config tool, often used to prime the device with static IP info or certain port settings.  Dashboard is required to fully configure the device, and the license is all-inclusive and covers your firmware updates/patches, full access to the support team, hardware replacement, etc.  Sorry but even doing a full factory reset won't allow the switch to operate without a license and being connected into Dashboard.   ... View more

Hello @pk0018 this is ALWAYS an "it depends" type of answer.  There are many variables.  Client device types and capabilities with regards to spatial streams and channel width for example, expected client density, what are the primary applications that will be in use, will it require any voice and/or location tracking services, what are the room sizes, building construction, ceiling height, are there neighboring networks/companies, etc, etc.  These will all be inputs into your AP placement, density, channel plan, etc.       If it's a typical mix of users, on a typical mix of client devices, running the typical mix of apps with typical EMIX characteristics, we can certainly provide some rules of thumb like an AP per room or an AP per 2500 or 3000 square feet for example.  But this is not the best way to plan it out.  It might get you close, and AutoRF can close the gap, but some would argue that relying on AutoRF to correct design mistakes is poor planning, and I'd have to agree.   If it's a reasonably-sized enterprise deployment it's always best to have a formal site survey completed, especially if it's your first time doing an enterprise deployment, because it's also an excellent learning process.    For more info on that see my reply in this thread https://community.meraki.com/t5/Wireless-LAN/Should-you-always-do-a-site-survey/m-p/13274   Not sure what kind of space this is, office space, maybe a manufacturing floor or a conference center or exhibit hall?  If your back is against the wall and there's no time and no budget for a site survey, and let's assume this is enterprise carpeted office space and conference rooms... Go with an AP per 2500 square feet and/or 50 clients per AP, aim for cell edges at -67dBm with perhaps 20% overlap, set the minimum bit rate to 12Mbps, use dual band with band steering to 5GHz, use 20MHz channels if it's high density, consider enabling/disabling DFS channels depending on your regulatory domain.  Depending on the AP placement, you might also consider disabling every other 2.4GHz radio, and might also consider leveraging 2.4GHz for guests for example.  Use RF Profiles to restrict 2.4GHz to 5-20dBm and perhaps 5GHz from 8-23dBm for example.     That's all just a shot in the dark without knowing the details.  And even if you have floorplans, always ask if there's anything non-standard about the users, their devices, the apps they'll be using, and the building construction and RF environment.   Finally, if you're looking to deploy MR33, also consider your options with the new MR36 APs, since they're new and will certainly be around longer, not to mention get you into the latest WiFi6 technology.   Hope that helps!   ... View more

I'm having what looks like the same issue ever since a W-10 Pro 64b update on Feb 12 or Feb 16     I can no longer login to this vpn on my W-10 PC.  I tried recreating the vpn 5 times with the same error message after a long negotiating attempt.  The same login information works on my W-7 laptop without fail.     I had changed no settings on the W-10 Pro 64b machine when the error began appearing.  I looked through all the 'fixes' listed in this discussion and cannot find a fix.  I've thought of trying to restore my Pc to a date earlier in Feb but have some other valuable data I don't want to lose.  HELP!! ... View more

Nice one @redsector! ... View more

What are you using for the backend RADIUS server(s)? ... View more

Has anyone managed to install this on Apple TV? ... View more

Is this behavior fixed with the new location heatmap? We made a few changes on how the heatmap calculates location, so you should have a much accurate view of the heatmap provided you have 3 or more APs for triangulation. ... View more

@Randal  wrote on the 26.6.1 thread about the connectivity issues with his/hers MR32's   "We weren't given a bug number by support but they said it was a known issue. It extends a couple of revs back. Only on MR32s (150) out of our 750+ total."   Just need Randal to confirm if the bug was fixed or still outstanding , and/or Meraki engineer to advise further ( calling @davidvan @Noah_Salzman )   cheers ... View more

Thank you for suggestions! ... View more

Hmm Gotchas hmm Make sure your Meraki is on latest firmware. Some early build MX250/450s don't support /31 addressing until they're updated from factory level (you're running live already so no issues but will put in just in case a factory reset happens). If in Passthrough then your MX may end up doing the PPPoE authentication. If you have a static IP address assigned then best configure the WAN to USE that address rather than rely solely on PPPoE username and password. Check for VLAN tagging; in cases where you use static IPs only and no PPPoE authentication, then tagging must be watched out for on the Meraki. (We used Draytek V130 modems and had to tag the Modem + MX to get it to work.) Ensure your router that is soon-to-be in passthrough, doesn't do anything silly like operate wifi even though its a L2 device. I've seen a few boxes that despite turning it into a bridge, makes all wifi connections L2 (fails to find DHCP.. or worse.. finds them and allows wifi users onto the network without firewall protections.).. Don't ask me how that was achieved 😛 ... magic I guess. Once connection through other device is established run your throughput testing (Security Appliance > Appliance Status > Tools) disregard the result, but watch in the uplink tab to see a good measure of the bearer cct with device in the way. It should be limited to bearer speed and not to 1Gb which is the negotiated duplex between the passthrough router - MX. That's all I can think of for now, sorry if some of them are like teaching grandma to suck eggs. All came out in a big expositional dump XD ... View more

You are correct. ... View more

Thanks DanielWeedon23, it 100% makes sense for the use of Default-Route tickbox it's just that the Route-Table still specifies a 2nd Default-Route being its own WAN so i would see that as 'If the first Default-Route is down, move to the next line which is the 2nd Default-Route'. I would think for this scenario when the tickbox is ticked then the Route-Table shouldn't display It's WAN Default-Route if that makes sense?   ... View more

Hey gt1,   I too am keen to hear your solution. ... View more

To add to what @PhilipDAth has written, bear in mind that smartphones and tablets are now used for Office/Google applications, in addition to laptops. Indeed I wish it was easier to carry out some actions on phones that are second nature on laptops and workstations. Kids, being kids, will detect any obvious chinks in security and exploit them. In my experience, getting a handle on phones is difficult. I have to visit certain sites where one leaves phones, computers, tablets, USB sticks, writing pads etc. in a locker before leaving the entrance lobby, because the security guys can't keep on top of BYOD kit or any device that goes off-premises. Just remember STUXNET. And the target machines in that project were air-gapped. Sometimes one has to ask oneself "how paranoid do I want to be?" The answer is always "a bit". So its a judgement call  😎 ... View more