We saw the same issue with ISE, where when the client roamed ISE would send a new redirect URL and this caused an ISE session DB duplicate entry resulting the the de-authentication from the network while still be associated to the SSID. Changing the ISE Posture from on every connection to 1 time per day might have helped this.   Unfortunately we see the issue on the guest wireless that's just using PSK, clients while stationary continue to roam (in some case to AP's with worse SNR). On laptops changing the roaming aggressiveness to a lower setting 3 - 2 or 1, helped but you cant do that on iPhones or other mobile devices. Unfortunately meraki support said its up to the client to connect and they have no real backend settings adjust options that the firewall has, similar to the Cisco WLC on client channel persuasion. This is interesting because we have had 0 problems on our old 2504 WLC. Its a shame because our sales rep said the meraki's would be better than WLC 9800-L but after many moths with limited help WLC9800-L seems to be the best fix, tossing the meraki in the bin.   It did not help that meraki support suggested using channels for testing in known DFS range. Also got very conflicting reports on what bit rate, TX power and channel settings to use. Due to the flat nature of meraki support, these complex issues are near impossible to resolve. ... View more

What about if you use ISE for posture assessment using CWA or LWA for login?   We are finding out this issue in our environment. coming from WLC 2504 with 10 AP's that works perfectly well for posture (*and guest wireless roaming), these new CW9166I's dont do well with posture, ISE and roaming. clients continue to randomly get de-authenticated from the network while still staying connected to the SSID. This only happens on the myRADIUS, ISE authentication settings, guest wireless WPA2, PSK is fine.   If the user disconnects or disables wireless card, waits 10 seconds and reconnects the session is re-authenticated. OR If the user opens AnyConnect and selects in ISE posture (system scan) module "Block connection from untrusted servers" this also triggers a re-authentication without having to disconnect the wireless.   We have attempted to change the AAA timers, setting from 1 to 10 seconds time out with a few other advanced settings tweaks that mirror our flawless WLC settings. We have attempted to set the bit rate from 12 all the way to 24 with auto tx power settings on both 2.4 and 5ghz, 6ghz is disabled currently, but some newer laptops use the AX wifi protocol. We setup a single AP test network and no drops are found. We have rebooted the AP and checked for air marshal's that might be containing the SSID. Whats interesting is if i test the old WLC network, my laptop connects to the closest AP. But if i connect to the new meraki wireless, my PC connects to the an AP further away. The logs also seem to show my PC is roaming to the same AP? "roamed from AP SSC_AP-02 then had a successful connection to SSID COMPANY-CORP for a minute on AP SSC_AP-02, and then the client roamed to AP SSC_AP-02"   Since the guest wireless is in the meraki bridge mode, it drops the connection when roaming as 802.11r is not possible in bridge mode. ... View more

I still keep getting occasional amber connectivity light on my MS225-48LP 3 switch stack. Tech support suggested going to this version but seems there are still some gremlins.   Anyone have a suggested stable release firmware to run on the MS225-48LP? ... View more

Its an active tool and changes in real time as meraki sees the client moving around. Check out this cool picture! 😄   ... View more

But what if i have 344 networks? Is there an API call or something? ... View more

I agree and there are many things they "dont care to implement"   When my WAN1 goes down and WAN2 takes over, id like to know via email that WAN1 is down!   Lower fail-over times between WAN circuits on MX appliances!!!!! maybe a slider to adjust settings would be nice. Maybe a quick way would be to have a section in SD-WAN that says "Fail-over monitoring" and in that section I can specify what options I want to monitor my WAN link availability, 1. ping, 2. http get, 3. DNS. (if ping fails why do i care to try HTTP or DNS??? O_o) Maybe I fix flow preferences in the SD-WAN tab, basically set WAN2 (cell) to be primary active then set an flow preference saying ANY to ANY that allows for all traffic to flow over the WAN1 link until it fails causing WAN2 to kick in. Maybe I fix static routes so that I can route through multiple WAN links, my logic, set WAN 2 (cell) as primary up-link but have a static route that actually says any subnet is to prefer my broadband ISP gateway while it responds to ping, if it doesn't that static route is removed and WAN2 takes over. As a customer of Meraki, I would like to not have to tell my customers that there unable to operate because of a locked down Meraki setting on their router that I am unable to adjust or get recognition of this issue. If Cisco, your parent company can have robust IP SLA monitoring options, why cant Meraki? Does Meraki not have the same synergies as Cisco? I PAY TO MUCH FOR THE LICENSES TO WAIT 2-3 MINUTES FOR THE WAN TO FAIL-OVER TO CELL . If it were the late 90's maybe early 2000's 3 minutes fail-over is fine but for the cost of these licenses in 2019 its simply unacceptable. F I X T H I S I S S U E ! ! ! !   ... View more