Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Become a member of the Cisco Meraki Community today
Get answers from our community of experts in record time.
Join now- About watdee
About watdee
watdee
Getting noticed
Member since Mar 16, 2018
2 weeks ago
Community Record
49
Posts
0
Kudos
0
Solutions
Badges
2 weeks ago
We ran into what looks like the same issue in our environment, except we're using machine certificates instead of user certs. Our setup: Identity is set to SAN:DNS Our SCEP profile adds a SAN DNS attribute with the value {{DeviceName}}.mydomain.local When the issue started, the username in Access Manager logs changed from COMPUTERNAME.domain.local to host/COMPUTERNAME.domain.local, and authentication started failing. The issue lasted about 24 hours, then resolved on its own, host/ disappeared and authentication started working again without any config changes on our end. I had opened a support case but didn't receive any helpful information, so we were in the dark as to what happened until I found this post. I also haven’t found any documentation confirming whether machine cert-based EAP-TLS is officially supported with Access Manager. Glad it’s working again, but wondering: Was this caused by a backend change that they rolled back or a bug that they fixed? Is our setup (machine certs + SAN:DNS) officially supported? Should we deploy a fallback WLAN to our devices in case this happens again or is there another workaround anyone can suggest? Thanks
... View more
Jul 18 2025
1:05 PM
Meraki Access Manager appears to perform case-sensitive matching when resolving certificate identities to Entra ID users. If your certificate SAN contains TestUser@domain.com and Meraki stores the UPN as testuser@domain.com, the match will fail—even though logically they are the same. According to Microsoft UPNs are case-insensitive in Entra ID so Meraki should be matching these. It's not only with Entra, you can test with a rule like this: Endpoint certificate: Subject - SAN - RFC822 [Contains] testuser@domain.com and it will not match unless you type TestUser@domain.com which is exactly what's on the certificate. By the way, my setup consists of: Using Microsoft Cloud PKI with Intune SCEP profiles to issue user certificates (SAN includes RFC822 Name = UPN) Wi-Fi profile deployed via Intune with EAP-TLS and authentication mode set to user Meraki Access Manager configured with: SSID set to Enterprise with Access Manager Root CA uploaded and trusted Identity field set to RFC822 Name Access rules based on Entra ID group membership
... View more
Oct 26 2023
8:41 AM
Yes. Latest stable on wifi, the button and MV22. Switches are just one behind.
... View more
Oct 25 2023
12:16 PM
We have a button automation set up to take snapshots and then send an email notification. Randomly, the snapshot will no longer be included in the email. It happens maybe once a month and I'm not sure how to resolve it other than rebooting everything. Not sure if the reboot fixes it or it just starts working the next day. Because of that, I added some text contacts as well and the text always contains the image even when the email doesn't. Any ideas?
... View more
Oct 15 2021
12:26 PM
I had the same issue with Meraki branded 1GB SFP modules. I did get it in eventually but I had to try a few times and press very hard. The proline brand is much cheaper and actually goes in easier on the MS425. However, don't install proline module in an MS225 as I'm not able to get them out without tools. I think a new connector needs to be invented. It's nightmarish dealing with these.
... View more
Just found some more info regarding other brands and stacking two switches with one cable. It sounds like it works fine just isn't recommended for redundancy reasons. https://networkengineering.stackexchange.com/questions/62651/how-many-stack-cables-would-be-needed-if-we-want-to-stack-two-3850-switches https://community.extremenetworks.com/extremeswitching-other-233226/how-many-stack-cables-for-two-switches-stack-6755077 https://community.cisco.com/t5/routing/number-of-stack-cables-for-two-3650/td-p/3179794 I'll probably end up using two cables to be on the safe side.
... View more
My two, two switch stacks have been up for over a year after software upgrades and several reboots, still no issue in the dashboard. I don't mind adding a second cable to the switches that have the dedicated stack ports on the back just to be safe though. However, I also have a pair of MS425-16 and if I use both the 40GB/s ports for stacking, then I lose the 40GB/S uplinks to my other building.
... View more
I also wasn't sure if I needed two cables for my stacks of two switches so I went with one cable and it works perfectly fine. No errors in the dashboard or anything. My stacks are of two MS225 and two MS250 switches. I guess I should order the 2nd cable?
... View more
Even though it doesn't need to be tagged? The port was set to native vlan 7 and the uplink switch port was configured the same.
... View more
I have a switch on a test network and specifically set it up without VLAN 1 so it is getting it's dhcp and connection to the meraki cloud on vlan 7 which is what I wanted. Seems to be working fine except for the orange icon and warning. I didn't have a reason to have vlan 1 traffic on this switch. Is this a problem and is there a way to get the icon green or should I just ignore the warning?
... View more
It seems like 26.5 may have resolved the issue.
... View more
Clicked on a wireless client, then packet capture. Accepted the defaults and hit start capture. Only Switch ports seem to have the "Whole ball of Wax" option. Haven't started a ticket yet.
... View more
Sep 25 2019
11:36 AM
When ever I do a packet capture on an Access Point Wireless interface, all clients are disconnected from the AP which is an MR45 running firmware 26.4. Anyone know why that would happen? I'm trying to diagnose abnormal traffic coming from a specific host. Thanks
... View more
Jun 17 2019
7:41 AM
Thanks for the info. I currently need that feature so will have to hold off on trying them.
... View more
Jun 13 2019
2:35 PM
Can I extend my LAN by plugging in wired clients to the ethernet port of a meshed meraki go AP in repeater mode? Thanks
... View more
Mar 19 2018
1:31 PM
@PhilipDAthwrote: Gigabit ports usually come built in - so couldn't you use those until you get an SFP+ capable switch? The built in ports can be selected as well but yeah I'm considering getting both types of ports for flexibility. The MS350-24X does seem like it could work fine with 10gbe nics, correct? I was not aware of that unit until now.
... View more
Mar 19 2018
1:04 PM
@PhilipDAthwrote: Is there much of a price difference between an SFP+ NIC and a 10GBaseT NIC? If the price difference is small and you only have 5 servers wouldn't it make sense to go with the significantly lower latency technology? If I go with SFP+ NIC's, I'd also need copper gbics for now since we don't plan to upgrade the switch until later. The price is similar not including gbics.
... View more
Mar 19 2018
12:38 PM
We have a very small vmware environment with 5 hosts so I don't think users would notice much difference between 10gbe Fiber and base-t. The main reason for looking into this is to help decide what nics to put in new servers as the old ones get replaced. Is there any reason not to go 10gbe base-t over 1gbit other than price? The reasoning here is that we can get 10gbe base-t nics now and replace the switch at a later date. Currently using MS320 48 port switch.
... View more
Mar 16 2018
2:09 PM
Currently have all Meraki switching, was looking to get a 10gbe base-t meraki switch for our vmware hosts \ server rack but it looks like Meraki only has 10gbe fiber. Am I missing something?
... View more
© 2025 Cisco Systems, Inc.
