We saw the same issue with ISE, where when the client roamed ISE would send a new redirect URL and this caused an ISE session DB duplicate entry resulting the the de-authentication from the network while still be associated to the SSID. Changing the ISE Posture from on every connection to 1 time per day might have helped this.   Unfortunately we see the issue on the guest wireless that's just using PSK, clients while stationary continue to roam (in some case to AP's with worse SNR). On laptops changing the roaming aggressiveness to a lower setting 3 - 2 or 1, helped but you cant do that on iPhones or other mobile devices. Unfortunately meraki support said its up to the client to connect and they have no real backend settings adjust options that the firewall has, similar to the Cisco WLC on client channel persuasion. This is interesting because we have had 0 problems on our old 2504 WLC. Its a shame because our sales rep said the meraki's would be better than WLC 9800-L but after many moths with limited help WLC9800-L seems to be the best fix, tossing the meraki in the bin.   It did not help that meraki support suggested using channels for testing in known DFS range. Also got very conflicting reports on what bit rate, TX power and channel settings to use. Due to the flat nature of meraki support, these complex issues are near impossible to resolve. ... View more

What about if you use ISE for posture assessment using CWA or LWA for login?   We are finding out this issue in our environment. coming from WLC 2504 with 10 AP's that works perfectly well for posture (*and guest wireless roaming), these new CW9166I's dont do well with posture, ISE and roaming. clients continue to randomly get de-authenticated from the network while still staying connected to the SSID. This only happens on the myRADIUS, ISE authentication settings, guest wireless WPA2, PSK is fine.   If the user disconnects or disables wireless card, waits 10 seconds and reconnects the session is re-authenticated. OR If the user opens AnyConnect and selects in ISE posture (system scan) module "Block connection from untrusted servers" this also triggers a re-authentication without having to disconnect the wireless.   We have attempted to change the AAA timers, setting from 1 to 10 seconds time out with a few other advanced settings tweaks that mirror our flawless WLC settings. We have attempted to set the bit rate from 12 all the way to 24 with auto tx power settings on both 2.4 and 5ghz, 6ghz is disabled currently, but some newer laptops use the AX wifi protocol. We setup a single AP test network and no drops are found. We have rebooted the AP and checked for air marshal's that might be containing the SSID. Whats interesting is if i test the old WLC network, my laptop connects to the closest AP. But if i connect to the new meraki wireless, my PC connects to the an AP further away. The logs also seem to show my PC is roaming to the same AP? "roamed from AP SSC_AP-02 then had a successful connection to SSID COMPANY-CORP for a minute on AP SSC_AP-02, and then the client roamed to AP SSC_AP-02"   Since the guest wireless is in the meraki bridge mode, it drops the connection when roaming as 802.11r is not possible in bridge mode. ... View more

I still keep getting occasional amber connectivity light on my MS225-48LP 3 switch stack. Tech support suggested going to this version but seems there are still some gremlins.   Anyone have a suggested stable release firmware to run on the MS225-48LP? ... View more

Its an active tool and changes in real time as meraki sees the client moving around. Check out this cool picture! 😄   ... View more

But what if i have 344 networks? Is there an API call or something? ... View more