Thanks. That is what I figured. ... View more

Keep an eye on the upcoming ISE licence changes as well.   https://community.cisco.com/t5/security-knowledge-base/licensing-updates-with-cisco-ise-3-5/ta-p/5334843 ... View more

Since you are talking about different ACL's you are probably talking about another platform type. Which means the problem is getting the logic out of the original platform. The site to site VPN rules are best used when you have centrally located resources that many branches must be able to reach.  In that case you must be able to identify those central resources and ports they are listening on through your existing ACL's from each location. Then you need to make rules where the destination are those central resources but the source is a group object containing all the sources that make use of that service.  I usually make one rule per source VLAN type (example printers). And at the end of each source vlan group end with a deny RFC1918 group rule so you deny them access to any other private subnet anywhere in the org. ... View more

Maybe you should mirror that downstream port to another port on the MS switch. If the moment you connect that Unify and you see many repeated packets you are probably having a loop downstream and need to fix that first. ... View more

yes correct, after further investigation with Meraki SE it's not possible, thanks a lot for your replay ... View more

Ideally change them as a wave, i.e. start in one part of the building and change neighbours next rather than one on the other side of the building.  It'll help with devices moving from one of the Meraki APs to the Catalysts and vice versa. ... View more

https://github.com/0AK13Y/Secure_Connect_Bypass/tree/main  ... View more

@PhilipDAth thank you. I'll give that a go and follow up. ... View more

If you are using  Meraki 802.1x why not create user accounts within Dashboard and assign them only to the "contractor" zone./subnet on a dedicated egress and the you can apply the group policy on that interface by default. ... View more

You could configure a fallback SSID, but leave that SSID disabled on your MRs unless you need it.  ... View more

What you are asking for is practically already there.  You can assign tags to whatever aps you want and then under the  Radio settings sort or list by that tag and bulk select the listed tagged APs for assignment to a specific profile.  whats the issue?   If you don't like how it is you can always ask them. log in scroll to the bottom of the dashboard in the lower right corner and click this button.     ... View more

Oh yes, it's 'interesting' 😀   Even in extreme testing I never managed to trigger the 2014 test, perhaps because I didn't have an org that old to try it with.   The workaround I use seems generally safe, been using it 2-3 years without problems.  ... View more

@Ryan_Miles    Ahhh...I got it. Thanks. ... View more

Take a look ate the Zoom troubleshooting guide.   Troubleshooting Zoom Phone ... View more

Real time not, just  traffic analysis.   Get Network Traffic - Meraki Dashboard API v1 - Cisco Meraki Developer Hub     ... View more

The MX tags traffic, but does not enforce Adaptive Policy rules for traffic between directly connected clients on its own LAN ports. Enforcement is designed for scenarios where the destination is another network device (such as a Meraki switch) that supports Adaptive Policy. ... View more

thank you,  i can see that. ... View more

MerakiではUTMに相当するMXシリーズでURL Filteringの機能が利用できます。 ただ、Meraki全般がシンプルな機能になっているため、 もし複雑な制御をしたいのであれば、URL Filteringに特化したForward Proxyを検討した方が好ましい場合がございます。 > そうした場合、LAN側にはそのPCを直接、WAN側には社内ネットワークを接続することを想定しており、その場合ブリッジでIPアドレスは社内ネットワークのポリシーを守ったままにしたいと思っています。 言葉だとお互いにイメージが合致しているのか分かりにくそうに見えたので、 先にコメントがあるように簡単な構成のイメージなどがあった方がコメントしやすいと思います。 もしLAN側とWAN側がL2でスイッチング/ブリッジングして同一ネットワークになるイメージだと、 先のURL Filteringに対応したMXシリーズでは実現が出来ないと思います。 Routed ModeでMXがRouterのように動作するとセグメントが分かれるため、L3レベルでセグメントが分断されます。 (One-Armedの構成もありますが、それはVPN終端装置の用途に特化しているので意図的に深堀してないです。) またULR Filteringに対応しているMXは、Internet RouterのようなWANに直接つなぐ構成 (WAN & LAN)に向いていますが、 逆に、社内LAN同士 (LAN-to-LAN)をつなぐ「社内システム間の境界Firewall」のような用途には向いてないです。 仮に無理やりにやるとしても、Firewall PolicyにZoneの概念がないのでPolicy管理が煩雑になる点、 Routed ModeのLAN->WAN通信は常にNATされる点、Beta版でその送信元NATの無効化機能 (NAT Exceptions)があるものの、製品特性に向いていない点や、そもそもBeta版などがあるので。 ... View more

I'm glad to hear. Thanks for the update! ... View more

I don't know the reason, I believe what is displayed is the object code in Meraki, but I can't explain why the name isn't displayed. ... View more

Could you let me know if you found a solution for this? ... View more

Thanks so much RaphaelL. All but one of my switches are running MS firmware. However, I have one C9300X that's on CS 17.2.1.1 I'll have to open a ticket to confirm, though seems like perhaps I'm good since it's on the CS17 major release. ... View more

oh yes. Also, as I discovered yesterday, dynamic ports aren't considered or catered for in rules, so even though traffic is destined for a port and the service typically is available on that port, the MX doesn't pick up that the port could be dynamic from the source, and record the traffic or attempt to do anything because you defined a specific port on both sides. I loathe the use of "Any" in any situation other than a deny. It's just poor management practices.  ... View more