I have also disabled DAI across my thirty sites with MS-225's and MS-210's.  I don't know if it's my DHCP servers or my clients or the switches, but machines that are on untrusted ports that have obtained their IP address via DHCP and are working will just suddenly stop working and show in the logs as being blocked.  Of course when they're scattered across the country and it's happening at random times to random individuals... it's hard to troubleshoot.  I was forced to simply disable the feature on all of my switches. ... View more

Welcome to the Meraki Community! ... View more

Hi Kingoftheday,   In the Meraki Dashboard, "Policy Objects" are used to simply apply a user-friendly label to a specific IP address, subnet, or FQDN. These convenient labels then can be used to help you build out your firewall rules more easily. For example "Deny Any Traffic To/From 'Guest Network' and 'Internal Network'" could be a set of L3 firewall rules on the MX as opposed to needing to remember and type out the exact IP addressing (CIDR notation) for each of the subnets every time.   To start configuring these "Policy Objects" head to Organization > Policy objects from within your Meraki Dashboard portal. Do note that because this is under the "Organization" section, this will require that your Dashboard admin account has Organization-level admin privileges. ... View more

Hi PirateRo,   It is important to note that the MS120 is a simple layer 2 switch and does not support full layer 3 routing, DHCP services, static routes, or anything like that.   By default, DHCP services are going to be contained to their own broadcast domain. Additionally, the use of VLANs would segment your layer 2 network further. Your wired client will not receive an address from DHCP if there are no DHCP services being offered on that VLAN.   Hope that helps! ... View more

Hi Rohan575,   1. If you don't already have the Systems Manager network created, you can do so by navigating to Organization > Create network from your Meraki Dashboard portal (note: you will need to be an Organization-level administrator with write permissions to perform this task) and selecting "EMM (Systems manager)" as the Network type.   Once created or if your EMM network is already created, you can then combine this Systems Manager network into an existing Combined hardware network by navigating to Organization > Overview, checking the box for both the Systems Manager network as well as the Combined hardware network in which you wish to combine with, followed clicking on the "Combine" button located towards the top of the table. You can read more about combining and/or splitting Dashboard networks at the following Meraki resource: Combining Dashboard Networks (Meraki KB).     2. It is a little unclear to me exactly what you are asking here but if you are simply looking to add a new Meraki hardware device into an existing Combined hardware Dashboard Network, the easiest way to do this would be to navigate to the Inventory page (Organization > Inventory), Claiming the new Meraki hardware device into your Inventory using the "Claim" button if it is not already present within your Meraki Inventory, and lastly, checking the box for the new Meraki hardware device, followed by clicking on the "Add to..." located towards the top of the table where you will then be presented with a drop-down menu where you can select the Dashboard Network that you'd like to add the new Meraki hardware device to.   If instead you are interested in how to add devices to a Systems Manager network, my recommendation would be to start with the following Meraki resource: Systems Manager Quick-Start.     3. For your question around the Meraki Dashboard API offerings, I would recommend taking a look at the Meraki Dashboard API documentation located on Cisco's Developer Hub as there you can find all of the specifics around the exact syntax required, including the available parameters for each API endpoint, examples when used with various programming languages/protocols, etc.   For example, if you'd like to query a specific Dashboard Network in order to see specific clients that are active on that network, the following "Get Network Clients" API endpoint would probably be most appropriate here.   If instead, you are curious about a device that is enrolled/managed within your Systems Manager network, the "Get Network SM Devices" API endpoint would make more sense.     I hope that information helps a bit. Be sure to let us know if I misinterpreted any of your questions. Additionally, we do have an API-specific group here on the Meraki Community which might be able to assist with more technical API inquires. ... View more

Hi Charlie_C,   My apologies for not including those details. I was in fact leveraging the "Default Group Policy" feature/functionality during my testing. I'll post a screenshot of my AnyConnect test configuration below:   ... View more

Hi MAUB,   Take a look at the AnyConnect Client VPN options available on the Meraki MX platform. AnyConnect on the MX leverages TLS and DTLS for tunneling and also allows for configurations options such as certificate-based authentication.   AnyConnect on the MX Appliance ... View more

Hi @Kenn_Val18   Based on the error that you provided, my best guess is that the Internet connection that the client is connecting to is blocking UDP traffic 500 and/or 4500.   My recommendation would be to reach out to our Enterprise Support team in order to troubleshoot further with a client/device who is currently experiencing this issue. You can view the Support options by navigating to Help > Get help, followed by clicking on the "Still need help?" link. ... View more

Hi EamonnT,   My apologies for the delay as I was out on holiday.   You did not mention if you are leveraging our Meraki MR product line of wireless APs but if you are, be sure to check and confirm that we are not blocking layer 3 traffic destined for the "Local LAN" by navigating to Wireless > Firewall & traffic shaping from your Meraki Dashboard portal. Then be sure to select the SSID(s) in question from the SSID drop-down menu and see if the first rule in the "Outbound rules" section is set to "Allow" (Destination: Local LAN).   You can read more about how this rule is intended to work at the following Meraki resource:   https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_Meraki_MR_firewall   If this is already set to "Allow" for the Local LAN destination, my recommendation here would be to contact our 24/7 Enterprise Support for further troubleshooting. You can view these options by navigating to Help / (Question Mark icon) > Get help from your Meraki Dashboard portal, selecting the "Still need help?" link, and then calling the Meraki Support Team or submitting an email case. ... View more

I'm in the same boat as you are. Our move is a couple months away and I'd like to prep what I can. Could you share what you had to do to prepare? ... View more

In addition to the resources that alemabrahao posted above, if we are working with the Meraki MX platform here, be sure to reference the "1:1 NAT" section of the following resource to give you a better understanding of the available offerings on the MX platform and to help you achieve what you are looking to do:   https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX ... View more

Thanks for the help @Inderdeep and @Jonathan-S . I was able to add these rules to our upstream firewall and now the MRs are showing as online in our Dashboard!   Cheers! ... View more

Ah ha, thank you @Jonathan-S! I'm all sorted now.  ... View more