I'd like to thank the academy....Hey, is this thing on? ... View more

Congratulations ! ... View more

The easy way I did this was just by setting the attribute "aCSPolicyName" to the SAML role I defined in the Meraki Dashboard. This was an unused attribute in AD that is sometimes used to set ACLs for users. Doing this allowed me to be able to support multiple rules with a single policy. It especially comes in handy if you switch to SP initiated SAML since you have to define the Apps for those in RSA. ... View more

@SkyWong44 it is monitor only from the Meraki dashboard. You can bounce a port and that's about it.  Meraki management is coming soon, but there doesn't appear to be a date yet.  ... View more

I only know the following regarding NTP. So, MX will use public NTP to sync time and is heavily dependent on it. If the MX will not be able to reach any NTP server it uses, it will reboot (don't ask me how I know this). So, I am not sure how you can perform audit stuff but whats I want to say is that as long as the MX is working then it reaches NTP and most probably is synced. I also don't know why would you really need it - since all events in Dashboard will most probably use cloud time instead of device time.   Roman ... View more

I ended up making a python script for this in the new gui. Using some selenium, pyautogui, and openpyxl. I'll post the generic code on GitHub and link it here.   github.com/DKCisco/-Python_Cisco_Meraki_VPN_Exclusion ... View more

Any chance you control a server/workstation on both ends of the link? Could look at iPerf testing between them. It's a little rough, but you can script around the iPerf3.exe to automate testing and log results per site. ... View more

In a hell of an enterprise this is not easy doable. That's the long term goal, but not for the near future. ... View more

Thanks for the sharing.    About point 3, wouldn't the solution (non-meraki VPN) be 'within the law' as long as the data are u sed only for internal data exchange and office use.    https://documentation.meraki.com/General_Administration/Support/Information_for_Users_in_China  ... View more

Thanks! I found a few old forum topics with good suggestions as well. ... View more

This has been resolved. I configured it to Manual for forwarding. ... View more

Hi, I have the same setup, anyconnect to MX84 - MX84 vpn to "non meraki fortinet firewall" The "non meraki vpn" works fine, but the anyconnect client to the MX84, cant see resouorces on the fortinet network. What did you do on the fortinet firewall to make it work? ... View more

I have never tried doing this with syslog.   As @RomanMD say, you need to start by having the MX know who the user is in some way.  You need to be able to click on the client in the dashboard, and have it display a username.   If you use Active Directly, you can do this passively by sucking the data out of the event viewer. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Directory_with_MX_Security_Appliances  You just need to do the Active Directory bit only, you don't need to do anything with group policies or mappings. ... View more

Most of the time you talk to providers and they say the problem is not on their side.  I see the need of more troubleshooting... I would do a trace to see how many providers are involved and would check what MTU is allowed end-to-end... the first step.  I would also do a packet capture on both ends and see if I receive the packets from remote device... ... View more

We recently created a new demo on Monitoring Catalyst Switches. Check it out.     This video is from the Cloud Management & Monitoring for Catalyst course in the Learning Hub. ... View more

In the routing, the most specific route takes precedence, so you can have a route: 10.10.10.0/24 next-hop 10.9.9.1 -> route for the subnet 10.10.10.5/32 next-hop 10.9.9.2 -> route for the host ... View more

Actually you don't even have to go to the hub.  You can do this at any site with AutoVPN enabled. ... View more

Meraki Dashboard is meant to manage and monitor Meraki devices not other 3rd party devices, regardless of what kind of information your IoT device will send. I don't expect such integration in the future either, at least not for non Cisco devices. ... View more

Just another update on this - we removed the MS250 switch and connected the MX250 directly to the ISP with the same result on the Local Status page - Internet access but cannot connect to the Meraki cloud - we left it for 15 mins and then decided to power cycle the MX250, and that seemed to kick start it to eventually registering on the dashboard.  We connected the Layer 3 MS250 switch in between the MX and ISP, same as the test setup that was failing last week, and this time the MX registered. We had another MX250 for a warm spare setup and it was exhibiting the same initial issue connected through the MS250 - this time we did not connect it directly to the ISP but just power cycled it and it registered OK - we did not power cycle the MX250's last week but we did factory reset the first one, which seems to have not provided the required kickstart. Speaking with Meraki support, they mentioned that the Unknown CA alert occurs sometimes if the ISP is doing deep inspection, which may cause it to use it's own certificate for the tunnel, and power cycling or factory resetting should resolve that - not expected to be a recurring problem once the MX250 eventually registers.     ... View more

Thank RomanMD, Notice some switch no need but some L3 switch required above command before onboard. Thank you, ... View more

Thanks for this! I confirmed this to the vendor of the devices we are using right now and they said the same thing. ... View more

This is great! Thank you for sharing   ... View more

There are no plans for Meraki Personas on C91xx Access Points.   This will only be a thing on CW916x Access Points, besides Catalyst 9k switches.   ... View more

I purchased a POE tester to take to the location to test the port as well. Thank you for these ideas. ... View more