Can you elaborate on this as well? VRFs, to my understanding, are related more to VLAN configurations than VPN connections. How does this apply to my request? ... View more

Spoke to spoke communication does work. It appears to transit through the Meraki VPN Concentrator (non-Umbrella) hub. ... View more

@MRCUR Tech Support sent me these instructions that fixed the issue for my particular setup (7/26/24) and it DID fix the issue: Thank you for contacting Meraki Technical Support! Can you temporarily enable the WAN3 Backup feature, modify the WAN 1 bandwidth settings, and then disable the WAN 3 backup feature, and then try modifying the WAN 1 configuration again just to ensure the WAN 3 backup feature is no longer being referenced? Keep in mind, when temporarily enabling the WAN 3 backup feature, the physical port usage will change to the following: On the MX85, MX95 & MX105 - The Fourth physical port is the designated backup port. Physical ports 1 & 2 become designated WAN 1 and WAN 2 ports.   I am glad to have it resolved and apologize for not posting this sooner - my struggles are real. ... View more

I've had a few issues with PoE devices not getting power on 355s.  Mainly older devices where the CDP or LLDP information doesn't exist or doesn't come through properly.  The newer firmwares have been dealing with this, what version are you running? ... View more

Hi, I had a similar issue with DELL Optiplex stations running Windows 10: the DELL station was reusing the same PMKID when roaming from one AP to another AP , or when switching between the 5 GHz and 2.4 GHz spectrums on the same AP. This behavior does not meet the 802.11 standards and was causing client disconnections and reconnections for a few seconds with incident in APs logs Invalid PMKID and the client was disconnected (correct behavior is : AP#1 PMKID #1, AP#2 PMKID#2, if client roams back from AP# 2 to AP# 1 it can reuse the PMK#1,  then from AP#1 to AP#2 it can reuse PMKID#2 ) After upgrading the same station to Windows 11, the issue was resolved. The PMKIDs were different while roaming, as expected. Hope this helps. ... View more

You can do it from the Meraki Local Status page.  Disable and Enable.   It is a total pain but can be done.  Remotely you need to add your remote IP to the firewall to access. ... View more

I too was looking at this, after finding that oddly MR's supported radsec, but the MS did not.  C'mon Cisco, why such disjointed feature parity? So much for consistent integration.   Is there any projected timeline that MS will too support Radsec? I am looking at using a radius SaaS that supports radsec, but then found MS doesn't seem to actually let me, which is actually my main use case for wired 802.1x more than wireless. ... View more

Not 100% sure. I was doing a quick comparison between my reg and the effected computer. Ill take another look and see where else its hidding. ... View more

im still seeing loss reported on the statistics page.. ... View more

If we can make it secure enough, allow RDP-ing into that VM (with only RDP traffic allowed) I'm pretty sure CVE-2019-0708 would work on Windows Server 2000 and an EOL patch was not released, allowing RCE on that box where a threat actor could easily pull the AD creds of users and further exploit your environment. I would not recommend this. Thanks for the comment, understood. This doesn't quite apply to my situation and goals. The RDP access will only be open to specific IPs. Not to the entire network, VLANs or subnets. Just IPs. The server isn't domain-joined, there's nothing to pull. It'll be powered down most of the time, awaken only on request. It's read-only in a sense there's no new data written to it. If someone malicious manages to get in, and it goes up in smoke, no biggie. Restore a month-old version from backup or a snapshot. The security part isn't to protect that server, it's to protect the network in case the server is already loaded with malware. Far as I can tell, the precautions I am taking with everyone's help here would keep this setup reasonably secure.   In terms of your kind suggestion to finally retire the damn thing: sounds like you're fully behind the idea of reducing technical debt and minimizing high effort useless tasks. Me too! 😎   Thanks again! ... View more

FYI, Systems Manager dropped support for Windows Server platform (even 2022, 2025). Look at the changelog for 4.2.0. Last supported version for Windows Server platform is 4.1.1. ... View more

I would skip the "especially" as it is basically the same work for 1, 10 or 100 networks.    My best practice is typically to move these tunnels away from the MX to a different device because there are no inbound filters for these VPNs and the whole network is exposed to the peer. ... View more

Unfortunately there is no API for it. ... View more

Have you tried factory resetting the MX? ... View more

Hi Meraki Community,   After check the documents hared I understand the requeriments for NBAR and looks like for now will no be able to specify the Qos as expected giving this network won't set the requirements (Wifi 6)   Appreciate the answers ... View more

Go to the switch, click on the port and look at the clients. If the client is a bit more silent then you could go to the mac-address table in the tools page and filter on port. In the extreme case you have very quite clients you could add port-security sticky to that port and just see after a while what mac addresses were added on the port. ... View more

If you use the Add-VpnConnectionRoute way then it will only add the routes to the internal nets to your adapter when you dial in. If you do a route print when dialed in you will see all the routed destinations with your own VPN adapter as gateway which is normal behavior.  So it will not show the network gateway because that is the way it is done in windows 😉   ... View more

Yep I know ahahha. I'm talking abt freeradius, for eduroam service.   If u know this service. ... View more

if the Internet access is lost, the static routes to the MPLS network should continue to function without any issues. The setup allows for separate routing of traffic, so even if the Internet access is disrupted, the MPLS network still be reachable through the configured static routes. ... View more

With WAN failover set to graceful existing connections will continue to remain failed over.   For example, with WAN 2 as primary, if WAN 2 goes down, connections all failover to WAN 1. When WAN 2 comes back online, new connections will go out WAN 2 but existing connections will go out WAN 1.   If you want all connections to immediately failback to the primary uplink, you need to change WAN Failover to Immediate. while new connections start  ... View more

Few things that you can try: 1. Forget the SSID and then try again 2. Open browser and navigate to www.example.com or   http://escapessl.com and check if the page gets redirected to the splash page. 3. Check the Splash page frequency, reduce that to a shorter duration. ... View more

Check the documentation.   https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/URL_Block_List_and_Allow_List_Patterns ... View more

Try a new fiber cable and try cleaning the optics on the transceivers. In my experience, CRC's are either a bad cable, dirty optics or if this doesn't resolve the issue a bad transciever.  ... View more

All i did was copy and paste from the dashboard page into a spreadhseet its that simple. ... View more

Nope, it's not possible on non-meraki peer VPN. ... View more