Same issue here. Did you ever figure this out? The other option (Anyconnect) works fine but that is not option for us. ... View more

Thanks for the solution. ... View more

Hello,   Based on DHCP addresses, I'm trying to determine how to dynamically assign VLANs. What happens if I have more users with the same level of authorization in one VLAN than there are available slots in the other VLANs in my Active Directory setup? To assign a VLAN, can RRAS check at the DHCP scope availability?   I don't want 2000 users with the same level of authority in a /21. I'd like if they were spread out over a few /23s.   Your suggestions are much appreciated. ... View more

We don’t have access to an ISE server. We’ll use Windows based server and on prem Domain Controller/AD. I understand the MR devices would be set on Trunk to be able to pass on the correct VLAN for the user. What about hard wired users who will connect to Ethernet which is connected to VoIP phone which is connected to Meraki switch? Right now I have the ports for “Access” with the Voice VLAN enabled. To get these users to the correct VLAN, do the ports need to be configured as a “Trunk” as well? Or would I do something else like, have a “backbone”/Native VLAN set which can access all VLANs and then set the ports as “Access” with that VLAN and then the voice VLAN? Would the switch be able to forward that connection to the correct VLAN while maintaining security between the other VLANs - I.e. no inter-VLAN communication unless rules provided for some to communicate? What settings would I need on MS switches as well as MX security device? Also, maybe as a side note, what then is the purpose of the “Active Directory” setting on the MX100? If enabled, would that take care of establishing to which VLAN users would be singed assigned instead of needing to setup VLAN in RADIUS authentication? ... View more

@Bruce  Thanks    What is not using MX. I will use Cisco ISR router with Provider. ... View more

Welcome @Claes_Karlsson! I love the alphabet soup you have going on with all of the certs you have! Congrats. Also Meraki Master is quite the title. Glad to see you in this community. Hope you have been able to paly some great golf games in the last year. ... View more

Hmm I believe that last part is a little hard because you can have a multitude of switchtypes in one single dashboard network.   Maybe a pop-up like the QoS and stormcontrol pop-ups you get when you have MS1x series switches in your network would be a better choice.   It's easier to check if something is then to check everything for something that isn't. ... View more

@buschtrommelXXL Glad to hear you got it working.   Here are the guide lines for setting up the STP guard features:   BPDU Guard should be enabled on all end-user/server access ports to avoid rogue switch introduction in network Loop Guard should be enabled on trunk ports that are connecting switches  Root Guard should be enabled on ports connecting to switches outside of administrative control These come from this document, https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MS_Switching/General_MS_Best_Practices.  However, between the MX and MS devices I wouldn’t enable any of the STP guards since the MX doesn’t participate in STP, it just forwards any BPDUs it receives. ... View more

Congrats to all! ... View more

@RafaelM @DavidLowe    Thanks for the feedback and yes, as soon as we can take the exam I will.   I hope we will get a couple of go's as there will be a gap between the course and the exam 🙂   BR   -Gary ... View more

Claes, I'm with you!  I would have loved to do this!   Unfortunately, we are dealing with an ANCIENT core set of switches (old Dell 6224's in L3 SVI).  Have you ever had to deal with their Trunk vs. General switchport designation?  It's a nightmare!  Trunks work in some cases and General ports in others...and it's RANDOM!  Nightmare!!!   Sadly, in my case, it's going to have to be that forklift.  I've tried making minor changes and STP goes berserk.  I have to force an election and it's just a "mess sandwich" all over the place. lol   Appreciate the feedback though! ... View more

Thank you Claes_Karlsson. It was firmware issue. After update everything works! ... View more

Of course Meraki gives you possibilities to use MGig ports for the newer APs, just not on your firewall itself. 😉 E.g. https://meraki.cisco.com/product/switches/stackable-access-switches/ms350-24x/ ... View more

sorry, VPN Hub 🙂 because i'm using my hub routed mode instead of Concetrator Mode  ... View more

Greetings from south of your border 🙂 ... View more

Thank you everyone, as you can expect I haven't been around much with beginning of school starting.  ... View more

Welcome to Peru @GeorgeCarrasco! I really hope to be able to visit Peru someday. ... View more

Yes, you use the same MR License. Be careful though to not forget to disclaim the replaced AP (if your're not going to use it anymore) so you're still compliant on the licenses. Currently you have two different MR licenses, Advanced and Enterprise, but you don't need any specific license for the model. Any MR model can replace another one 🙂   /CK ... View more

@KarstenI Not planned per se I don't think, but more a side effect of the way NAT was implemented. @GiacomoS commented on this solution in this post:   https://community.meraki.com/t5/Security-SD-WAN/HairPin-Nat-Loop-back-NAT/m-p/24563/highlight/true#M5921 ... View more

Welcome @ChanelCollege  to the community, if you have any questions please feel free to ask. everyone on here is so helpful and supportive. ... View more

Thank you for this, got totally confused yesterday and forgot to test both sides of the network, will update my post later. Thanks again! ... View more

I normally allow for a 15m radius circle in open air for good performance. ... View more

Welcome, I'm quite the same, like the CLI sometimes and sometimes i prefer GUI. As Gennaro Gattusso once said, sometimes maybe good, sometimes maybe sh*t 🙂     ... View more

Welcome Robert!   Nice to have someone from the apple-side of things over here 🙂 The integration between the two platforms work really well and I think you guys from Teicom can contribute with much here. ... View more

I had to get the firewall upgraded to the v15 beta, and then make a few modifications on my end.  Thanks for your help, all! ... View more