If a shared IP is used it would be expected to the use that IP, depending on which interfaces is active/primary for VPNs would determine which of the potentially 2 VIPs to use.  ... View more

It will scan the channel its on when clients are connected, that is a limitation of no security radio it needs to serve clients. When no clients are connected it is free to scan, there are some additional thresholds for busy times and dfs that apply as well so would scan for a free channel under certain conditions but isn't going to provide all of the same information all the time. https://documentation.meraki.com/MR/Monitoring_and_Reporting/Location_Analytics/Meraki_Auto_RF%3A__Wi-Fi_Channel_and_Power_Management this KB provides more detailed information.  ... View more

The MR28 has most of the features but does not natively have a scanning radio so if you need that with other functions it may be a bit limited. You can swap modes but if the AP is scanning it won't serve clients so testing air marshal events may be problematic as well as RF scanning.  ... View more

The routing for the ISP and handoff can play a role as well. There are some ISPs that will do a transit IP and a block of public IPs behind that require at a minimum a static route in front of a warm spare MX setup.  ... View more

If you are using port forwarding, 1:many, or 1:1 rules the mx will forward the public IP of the users, it would alter the destination IP from the Public IP to the Private IP of the server. The MACID would be altered since it is routed but assuming you are capturing the source IP it should be the public IP of the users. This assumes the website is behind an MX64.  ... View more

mDNS which is the discovery process generally used is not meant to scale well in high client count environments. The clients will send a discovery and all devices that are capable will respond. If you are having issues with discovering devices limiting where they are observed would help. For casting it would be unicast to the TV where it would send a single stream and make sure reachability and bandwidth between the devices are there to support the cast.    Back of the napkin math of ~30 clients per AP and 28 APs is 840 devices. 28 classrooms assuming 1 AP a classroom and 1 TV per classroom isn't untenable, in terms of multicast but all TVs would respond any time someone looks for devices to cast to. This puts it more in the High-density category and less about the multicast traffic to me.  https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MR_Wireless/High_Density_Wi-Fi_Deployments ... View more

I would convert the SSID to an IPSK without radius with a new and old PSK and remove the old password after an audit of the clients. Any device that is connecting to the Old PSK will stop working once the IPSK is removed that covers the old PSK. It's a nice way to rotate passwords without breaking connections entirely.  https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS ... View more

The API can be used to see clients' MACID with an OUI lookup you can determine the device manufacturer. Along with traffic the client is generating could be a way to determine streaming devices.    I've also found in the past that splash pages generally cause issues with streaming devices even click-throughs. Since they don't reliably look for splash pages they will fail to authenticate without intervention from administration on the network or using a built-in browser. It's been a few years since I ran public access networks so it may have changed with the latest generations.  ... View more

23 is the default telnet port but you can use any port. It's basically a basic way to check that the port is reachable without sending a print. Although telnet to 9100 can be used to spit output directly to a printer and have it print. Not every device will allow telnet from a remote network. So there could be something going on with the printer. You would likely want to allow more ports for the printer, 9100 is a RAW port but they often have other ports or use Multicast like WDS/Airprint if you want it discoverable. If you don't know which ports you need open doing an allow-all to the printer and printing with a packet capture going filtered for the traffic might be a good idea to find which ports you need to have open. If you need the printer discoverable on other VLANs bonjour forwarding can be used.  ... View more

With multiple WANs you Non-Meraki Site to Site will only use the active primary link, if you are using load balancing it will only establish with the primary link if they are both online. You can select it under Security & SD-WAN > SD-WAN & Traffic Shaping, this would move all client VPN as well.  ... View more