@CarolineS   I finally got that Meraki Yacht Club swag out on a boat!   😁   ⛵   S/V Azzurra, a Jeanneau Sun Odyssey 479, out of Marina Scarlino in Italy.     ... View more

Looks good to me, although I think you can (maybe should?) turn off the radius override stuff for this test. Also assuming there are not any other access points involved, should be fine leaving the 'all other APs' to 1 as well. ... View more

So I am on shard n180.  When I was on the phone with support yesterday it took 25 minutes per change.  We tried several networks to confirm it wasn't specific to a site.  We have the same firewall's everywhere and normally these changes take less than a minute.  Support concluded that there is definitely something wrong in the back end and she kicked the ticket up.  I will keep you guys informed.  ... View more

Did anyone have to create policies in the Meraki Dashboard? We are not doing policy based... ... View more

Nice GIF! ... View more

Anything!  for the love of god anything other than this 15 second Hell Loop ... View more

@dhutton That is correct. This is added to prevent admins from changing the uplink IP of an MX by mistake from the dashboard. ... View more

5 points 🙂 ... View more

Right again guys. Configured NTP on each of the switches and they bounce a monster 1k around now on the client list 😉 . Great idea. ... View more

Search for the word "firewall" at this url.  It has a couple of suitable scripts that you would start with. https://developer.cisco.com/codeexchange/github/repo/meraki/automation-scripts/ ... View more

I never had luck with such things but I have to admit I‘m eagerly waiting for the results. 😇 ... View more

Oh please don't do that. You're talking RDPing in from the outside world (Internet) into your test network? IP addresses can be spoofed fairly easily. Using a non-standard port means nothing in these days of port scanners.   I know devs demand RDP access all the time, but I strongly believe that requiring use of a client VPN is a reasonable security stance to take. It's not that hard to setup, and it's pretty simple to use.  ... View more

Congratulations!  At first I taught, where is this in Ghent?  But then I read the text    Nicely done !   LD     ... View more

  @MeredithW and @CarolineS , I forgot to thank you for the swag. But since I found it violated yesterday I was reminded of that. Thanks! ... View more

Attached to that trial info is your local rep who should be able to help ... View more

remote traveler. I love it! My favorite part of my job is the travel and Meraki equipment! ... View more

That sounds like fun. Hopefully an invite can come our way. ... View more

The app uses DNS port to create a tunnel and channel all traffic inside it. It seems that Meraki is allowing DNS traffic to any IP in the background, even if our SSID settings are configured to block all traffic than the one listed in the walled garden.   Now the good news, pending further tests, is that we were able to block the app by creating layer 3 firewall rules preventing to use any DNS other than the DHCP provided ones but at MX level. Unfortunately when creating the same set of rules with the MR layer 3 firewall, it doesn't work and the tunnel can still be established over DNS.   So 2 problems: 1. Meraki allows DNS traffic to any server during the pre-auth phase. This makes it vulnerable to these apps creating tunnels over DNS. 2. The MR layer 3 firewall is not blocking DNS traffic for the SSID as opposed to the MX firewall. This makes it difficult to scale up a patch as our LAN clients are not using the same DNS servers (it's typically upstreamed to the ISP DNS). ... View more