@Goodline   Upon checking with support, I've learned that the expired cert should not cause functionality impact to previously enrolled devices. It sounds like it might be a coincidence and something else is preventing the iPads from being able to check-in with dashboard.   I would suggest continue to work with support if you have more of these broken instances, and providing them with device logs so that they can help you investigate further.   Cheers, -Alex ... View more

@Jason-907, there is actually an API endpoint for this. https://developer.cisco.com/meraki/api/#/rest/api-endpoints/vlans/update-network-vlan You can modify the body of that API call to update your DHCP configuration on the VLAN accordingly (you can see example and test it out in the console yourself on that page) ... View more

Hi @JLDarbonnel, Not sure if this is specific for MV22, but I have a MV21 running on MV 3.31 that does not exhibit this behavior. Motion windows correctly reflect motion that can be seen in historical video feed. If you haven't already, I would recommend submitting a ticket with support so they can help you determine if this is a bug. You can do so via dashboard under Help > Get Help menu. They will likely ask you for screenshots of the behavior to expedite the process. Cheers, -Alex ... View more

I agree with @PhilipDAth that this is likely due to carrier NAT-ing your traffic (which is very common with cellular connections), and or not allowing return traffic for the VPN traffic flow.   A reboot (or disabling and re-enabling VPN) can sometimes resolve such issue because with automatic NAT traversal, your MXen's will establish a new UDP flow. This article has some nice illustration of the entire VPN establishment process: https://documentation.meraki.com/MX/Site-to-site_VPN/Automatic_NAT_Traversal_for_IPsec_Tunneling_between_Cisco_Meraki_Peers   If you plan on staying with cellular, it might be worthwhile to check with your carrier about getting static IP service rather than DHCP.   Cheers,   -Alex ... View more

Sounds good, I'll let others chime in if they've seen the same behavior. If it becomes a bigger issue (e.g if it affects more than just ICMP traffic), I'd say reopen the support case and go from there. Cheers, -Alex ... View more

@jvelasco wrote: Hi,  May I know if there is a way to clear out the DHCP Leases in a certain VLAN? I configured static IP addresses but their previous addresses are still there in the dashboard.  Thanks! Hi @jvelasco,   A 'button' to clear DHCP Leases from dashboard is certainly a feature request at this time point in time as others have commented.   However, there is a way to clear the DHCP Leases on a VLAN without having to reboot the appliance by following these steps: - Create a DHCP Reservation on the VLAN that blocks out the entire DHCP range - Save the configuration and let MX downloads it (might take a minute or two) - Clear the DHCP Reservation and save the configuration again   Hope this helps, if you are still having trouble, I would recommend reach out to support (that's whom I got this info from). You can find support information from dashboard under Help > Get Help.   Cheers,   -Alex ... View more

It's interesting that it's only affecting ICMP traffic and only in Azure. If you have a support case opened already for this one, I would recommend continue working with the support team. Sounds like this one might involve collaboration between Meraki & Azure support. If you can PM me the case info (please don't post it publicly here), I'll be happy to follow-up with the support team for you. Cheers, -Alex ... View more

@HectorLaya Thanks for closing the loop on this one! I'll see what I can do about adding a suggestion for that KB regarding this port state. Cheers, -Alex ... View more

Hey @PhilipDAth   Not sure if you have resolved this yet, but out of curiosity, do you see the same pattern of packet loss with other type of traffic? such as telnet or TCP   Do the spokes have multiple uplinks? if so, create a SD-WAN policy to push traffic to vMX via a specific uplink. Or test from a spoke that has a single uplink and see if there's any difference.   Cheers,   -Alex ... View more

You can prevent these alerts from being sent to Network admins via the Organization > Configure > Settings > Administration > Licensing notifications option.   @joopv wrote: Thanks Alex !   I expected it at the alerts page.  Is there some way to switch these emails off by default for newly created users?  Or can an admin higher up in the hierarchy manage this for other users?  Both of these would be feature requests at this time. Note that license warnings notifications are only sent out when there is a license problem so as long as they are taken care of beforehand, there should be little to no noise 🙂 Cheers,   -Alex   ... View more

Hello @HectorLaya, I agree with @MMoss here that this is very likely a layer 1, where power is supplied but not data. Though the behavior is commonly seen with bad cabling, it can also be a port issue on either the switch or AP itself. The way I usually isolate this is by moving the AP to another switchport, or testing a known-good AP on that same port. This combination will help you isolate if it's a switchport, AP, or cabling issue. Cheers,   -Alex ... View more

Hi @BrianChambers,   The KB you linked is actually a very good step-by-step guide to get you started!   @PhilipDAth is correct that you do not need multiple subnets for this to work, just as long as you have the matching subnets configured on the AD side.   For the certificate, we would recommend that you use a Certificate Authority (CA) signed certificate as it is more secure and is considered best practice. Self-signed certificate can also easily be configured via IIS if a CA signed certificate is not available.   I would also recommend reach out to Meraki Support (via Help > Get Help on dashboard) if you run into any specific issue or have specific question about the setup, they will be able to help you validate any configuration from the dashboard side.   Cheers,   -Alex ... View more

Hello @wtbates,   Apologies for any confusions on this feature.   Education Profile for MacOS is definitely still an open feature request at this time (as of time of this post).   Once this feature is implemented, it will be fully supported and you will see the payload under System Manager > Manage > Settings for MacOS!   Thanks!   -Alex ... View more

@stockster wrote:   May I add, I believe the wording you used with "to apply additional rules" is probably a bit unfortunate in this context, as it is in fact not additional but superseded rules for members of this particular group, right? My apologies for the confusing wording there. You are correct, it would be an override in this context. There are instances where multiple policies can be applied, however, doesn't apply in your case here or when using AD mapping (more details here).   Thanks for the clarifying question! ... View more

Hi @Tom-B    Have you checked if Apple Configurator have a similar Managed App payload? If so, you can create the .mobileconfig file and upload it to System Manager for deployment.   I would also recommend reaching out to our support team so they can point you in the right direction for this one. You can open a support case via dashboard under Help > Get Help menu.   Cheers,   ... View more

Hello @AAntra,   Non-Meraki VPN configurations will not disappear if you change your MX from a hub to spoke.   That being said, non-Meraki VPN configurations are organization-wide, so as long as the MX network has VPN enabled and is in-scope (per their peer availability configuration), the MX will try to establish those Non-Meraki VPN tunnels. ... View more

Hello @stockster,   You are correct, it is not possible to add-on to the global network firewall rules using group policies at this time. To apply additional rules to a group, you would need to create a new group policy and LDAP mapping.   We do, however, have dashboard API endpoints for creating group policies that should make this process less painful, depending on how many different group policies you need for this purpose!   Hope that answers your question.   Cheers ... View more

The steps you listed are actually for profile enrollment and not agent enrollment!   It is not required to enroll both ways for the device(s) to register with dashboard, however, you might need agent enrollment if you are trying to utilize specific functionality, such as pushing software or use remote desktop.   For a complete list, check out this knowledge base article:  Systems Manager Agent and MDM Profile Enrollment   Hope that helps! ... View more

Hi @Julian!   This seems like it would be a nice Make a Wish!    Since video walls are essentially tied to the camera network, you can also consider splitting the 100 cameras into different networks (based on their location, site, building, etc). That would allow you to set admin privileges for each networks, but would also lower the number of video walls they see!   Hope that helps! ... View more

@PhilipDAth Is correct in that with MX autoVPN, currently you have to full-tunnel all client traffic or split-tunnel for all!   @SoCalRacer's suggestion to use Client VPN for those clients is also very clever and is viable (if it's only 2 clients, but might not scale if this number increases)!   If you throw Meraki access points in the mix, you can look into SSID Tunneling! This allows any clients connecting to the configured SSID to full-tunnel (or split-tunnel) their traffic to a MX concentrator. ... View more