Thanks for the solution. ... View more

Hello,   Based on DHCP addresses, I'm trying to determine how to dynamically assign VLANs. What happens if I have more users with the same level of authorization in one VLAN than there are available slots in the other VLANs in my Active Directory setup? To assign a VLAN, can RRAS check at the DHCP scope availability?   I don't want 2000 users with the same level of authority in a /21. I'd like if they were spread out over a few /23s.   Your suggestions are much appreciated. ... View more

Glad to help and thank you! ... View more

We don’t have access to an ISE server. We’ll use Windows based server and on prem Domain Controller/AD. I understand the MR devices would be set on Trunk to be able to pass on the correct VLAN for the user. What about hard wired users who will connect to Ethernet which is connected to VoIP phone which is connected to Meraki switch? Right now I have the ports for “Access” with the Voice VLAN enabled. To get these users to the correct VLAN, do the ports need to be configured as a “Trunk” as well? Or would I do something else like, have a “backbone”/Native VLAN set which can access all VLANs and then set the ports as “Access” with that VLAN and then the voice VLAN? Would the switch be able to forward that connection to the correct VLAN while maintaining security between the other VLANs - I.e. no inter-VLAN communication unless rules provided for some to communicate? What settings would I need on MS switches as well as MX security device? Also, maybe as a side note, what then is the purpose of the “Active Directory” setting on the MX100? If enabled, would that take care of establishing to which VLAN users would be singed assigned instead of needing to setup VLAN in RADIUS authentication? ... View more

OK.   It looks good, make sure the Cisco Switch is connected with a trunk if you pass multiple VLANs to the MX. Also make sure the MX is connected on the port marked as "internet" to the ISP.   Can you reply if you have internet access at all or if it just some issues with the bandwidth not going up in full speed.   /CK ... View more

@Bruce  Thanks    What is not using MX. I will use Cisco ISR router with Provider. ... View more

Welcome @Claes_Karlsson! I love the alphabet soup you have going on with all of the certs you have! Congrats. Also Meraki Master is quite the title. Glad to see you in this community. Hope you have been able to paly some great golf games in the last year. ... View more

Hmm I believe that last part is a little hard because you can have a multitude of switchtypes in one single dashboard network.   Maybe a pop-up like the QoS and stormcontrol pop-ups you get when you have MS1x series switches in your network would be a better choice.   It's easier to check if something is then to check everything for something that isn't. ... View more

@buschtrommelXXL Glad to hear you got it working.   Here are the guide lines for setting up the STP guard features:   BPDU Guard should be enabled on all end-user/server access ports to avoid rogue switch introduction in network Loop Guard should be enabled on trunk ports that are connecting switches  Root Guard should be enabled on ports connecting to switches outside of administrative control These come from this document, https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MS_Switching/General_MS_Best_Practices.  However, between the MX and MS devices I wouldn’t enable any of the STP guards since the MX doesn’t participate in STP, it just forwards any BPDUs it receives. ... View more

@CarolineS too early for us west coast folks 🙂 ... View more

Yeah, I get that impression myself! ... View more

Congrats to all! ... View more

@RafaelM @DavidLowe    Thanks for the feedback and yes, as soon as we can take the exam I will.   I hope we will get a couple of go's as there will be a gap between the course and the exam 🙂   BR   -Gary ... View more

Claes, I'm with you!  I would have loved to do this!   Unfortunately, we are dealing with an ANCIENT core set of switches (old Dell 6224's in L3 SVI).  Have you ever had to deal with their Trunk vs. General switchport designation?  It's a nightmare!  Trunks work in some cases and General ports in others...and it's RANDOM!  Nightmare!!!   Sadly, in my case, it's going to have to be that forklift.  I've tried making minor changes and STP goes berserk.  I have to force an election and it's just a "mess sandwich" all over the place. lol   Appreciate the feedback though! ... View more

Thank you Claes_Karlsson. It was firmware issue. After update everything works! ... View more

Of course Meraki gives you possibilities to use MGig ports for the newer APs, just not on your firewall itself. 😉 E.g. https://meraki.cisco.com/product/switches/stackable-access-switches/ms350-24x/ ... View more

sorry, VPN Hub 🙂 because i'm using my hub routed mode instead of Concetrator Mode  ... View more

Greetings from south of your border 🙂 ... View more

Hi @JaredFowkes    I wouldn’t say they were finding it difficult it’s just probably not been on their radar as home working isn’t their core focus.  That is until Covid has caught them with their pants down slightly.   yes we all have bigger pipes into our home offices but we weren’t all working from home solidly until a few months ago.   Meraki will catch up and I’m sure they’ll release an awesome soho device.  And if they don’t....the market will punish them and go elsewhere. ... View more

Thank you everyone, as you can expect I haven't been around much with beginning of school starting.  ... View more

Welcome to Peru @GeorgeCarrasco! I really hope to be able to visit Peru someday. ... View more

Yes, you use the same MR License. Be careful though to not forget to disclaim the replaced AP (if your're not going to use it anymore) so you're still compliant on the licenses. Currently you have two different MR licenses, Advanced and Enterprise, but you don't need any specific license for the model. Any MR model can replace another one 🙂   /CK ... View more

hmm OK. I see what you are trying do to.   Have you verified NAT is OK? Routing? Firewall rules? Make sure you have the correct IP-address of the ADSL modem.   Could you try to ping the interface or telnet port 80 to the device?   /CK ... View more

@KarstenI Not planned per se I don't think, but more a side effect of the way NAT was implemented. @GiacomoS commented on this solution in this post:   https://community.meraki.com/t5/Security-SD-WAN/HairPin-Nat-Loop-back-NAT/m-p/24563/highlight/true#M5921 ... View more

Alright... I did re-read your question from the beginning now and start to realize what you would like to do... haha I believe it's too early in the morning for my brain. Need more coffee..    Hope you find any assistance from the API gurus 🙂   /CK ... View more