I know this is an old thread, but since so many have asked and with a recent development on this front, it is pertinent to share that IPSK with NPS is now supported on MR 30.1 and higher firmware when using both the RADIUS standard AVP Tunnel-Password AND Cisco AVPs "psk" and "psk-mode=ascii". Please see the updated documentation here: https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication#Microsoft_NPS_Configuration   Cheers, Geoff ... View more

Hi,   Which model MR and what firmware are you running? I am not able to reproduce that with my MR26 on 26.6 with a sign-on splash, "Block all access until sign-on is complete", and a layer 7 rule to block Netflix. On my Android phone, I can open the app but not search anything. On my laptop, netflix.com never loads. ... View more

Hi there,   Since you mentioned this is for your guest SSID, are you using a click-through splash page with it? If so, there is an option on Wireless > Configure > Access control > Captive portal strength. It is either "Allow non-HTTP traffic prior to sign-on" or "Block all access until sign-on is complete". If you selected "Allow non-HTTP traffic prior to sign-on", clients will most likely not hit the splash page and thus not be subject to any of your firewall rules. Most of the Internet is HTTPS (aka "non-HTTP"), so guests will simply bypass the splash if that option is selected. The better and more secure option is to use "Block all access until sign-on is complete". ... View more

Hi there,   It looks like that PoE injector is 802.3at capable according to the Cisco website: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/eos-eol-notice-c51-737338.html. The MR34 requires 802.3at PoE+ to fully work, so this one will be fine to use with it. ... View more

Hi there,   If you upgraded to 25.14 and after a short while your WPA2-PSK or WPA2-Enterprise SSIDs 'disappear', then upgrade to 26.6. ... View more