there is nothing to do with internet access. you will have a stable internet connection regardless of being hit by CG-NAT or not. CG-NAT breaks the VPN tunnel. try following the instructions I mentioned in my previous comment and see if this helps. We have the same issue in Europe on multiple vendors with multiple providers and this workaround on the MX seems to have solved it. Let me know if you need further help. ... View more

That's due to a CG-NAT issue which breaks client-server communication. There is a possible workaround to punch VPN tunnels from a "spoke" site behind Cellular to a "Hub" site sitting on a fixed internet connection. Follow these steps: 1-Make sure the cellular site is a spoke 2-Make sure the hub is a fixed site (NOT cellular) 3-For the hub site, configure Manual NAT traversal by choosing a UDP port of choice (e.g. UDP 1234) 4-For the hub site, in case of ANY firewalls upstream your MX facing the internet (e.g. Internet -> Firewall -> MX) please add a port forwarding rule on the firewall (NOT the MX) to allow ANY traffic towards the MX on the UDP port configured in step 3 (For example: Port forwarding source-ip-any source-port-any MX-WAN-ip UDP-1234) That should fix the tunnel issue and you will have bi-directional traffic between spoke and hub. You might still have NAT Unfriendly on the VPN status page, but indeed you can do site to site ping and tunnels will be stable. ... View more

MX supports only VLAN-to-VLAN multicast traffic per the following link: https://documentation.meraki.com/MX-Z/Other_Topics/Configuring_Bonjour_forwarding_for_the_MX_Security_Appliance However, VLAN-to-VPN multicast is not supported at the moment. Thanks Sameh Sackla ... View more

Is your MX passing traffic normally? Please note that although MX could be offline on dashboard, it might still be able to process traffic. Offline on dashboard means that there is a cloud connectivity issue. You can refer to the information under Help > Firewall info to find out if there are any changes that you need to do on your firewall to enable cloud connectivity.      ... View more

Actually, apple devices try to reach out to captive.apple.com once you connect to a WiFi network, which automatically creates a HTTP GET request and therefore your splash page should kick-in. If this doesn't happen, it might be due to several reasons such as a firewall blocking access to that page or similar. I suggest you take a pcap and check what's happening when you client associates to a SSID. ... View more

Have you checked this article about compatibility with Cisco 7925 VoIP phones? https://documentation.meraki.com/MR/Other_Topics/Compatibility_with_Cisco_7925G_VoIP_Phone Thanks ... View more

You need to take into consideration a couple of things: 1-No of concurrent users vs total users (as this will impact BW and AP resources) 2-BW required per user (as this will impact how many users per AP) There is a good article to calculate the number of APs needed if you want to do proper capacity planning: https://documentation.meraki.com/MR/Deployment_Guides/High_Density_Wi-Fi_Deployment_Guide_(CVD)#Capacity_Planning Thanks ... View more

SNMP is read-only access to the Meraki Cloud (in case you're using the proprietary MIB) and read-only access to the Meraki devices (in case your using the standard MIBs) Here is more information about SNMP integration: https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/SNMP_Overview_and_Configuration Thanks ... View more

BGP is currently on a private Beta program, more details on this link: https://documentation.meraki.com/MX-Z/Networks_and_Routing/BGP Please contact your Meraki account team if you would like to subscribe to this beta. Thanks ... View more